BBC News - 'Fresh proposals' planned over cyber-monitoring

Sat May 25 16:42:36 BST 2013

In article <519E9DB6.2080907 at liddicott.com>, Ben Liddicott 
<ben at liddicott.com> writes
>> Of course the vast majority can wait until the next day (or even the 
>>next week), but the other aspects remain. Unless you think it's a good 
>>idea for these court orders to be issued without any comment from the 
>>telcos about the practicality, and any more than a rubber stamp from 
>>the judge regarding the necessity.
>
>I am really not sure what your point about "practicality" is here. I am 
>sure a court order can be given in terms such as "as far as reasonably 
>practicable".

That's leaving too much to the discretion of the telco. They well decide 
it's not practicable to pay for a taxi and some overtime on a bank 
holiday weekend, for example.

>In any case the judges who give the orders, and the people who ask for 
>them, will be well versed in what is practical.

I doubt that. The current system of SPoCs works reasonably well, but 
they've been specially trained in this one aspect of police work, and do 
it all the time. Are we going to put judges on the same course?

>As to the rubber stamp objection: The fact that the request is seen by 
>a person means that person can make enquiries either before or after 
>granting the request - which makes all the difference.

I'm sure it does, but only after you've got the people who might answer 
the questions into the loop.

>Who knows when a judge or Magistrate will suddenly decide to ask a lot 
>of questions?

The police are quite capable of framing requests in such as way that 
they are very hard to turn down, unless there's some input from another 
party (eg the telco). They are also well known for asking for impossible 
things, which is why the SPoC scheme exists. I don't blame the police 
for that, life and telecoms is complicated these days and you can't 
expect them to be up to speed, especially when there's no technology 
basic training at all.

>They sometimes do, presumably just as a spot-check. Judicial review 
>will find few abusive requests because abusive requests which might be 
>made, will simply not be made. Even post-hoc reviews like the FISA 
>courts will have that effect. But if the request will be fulfilled 
>automatically and reviewed by no-one at all, ever, why not put in 
>unnecessary, marginally necessary, fishing-trip, or purely abusive 
>requests? Why not look up your ex-girlfriend's new boyfriend's internet 
>habits?

Those checks exist in the current system.

>> There's no DPA 1998 exemption for "life at risk/preventing injury", 
>>whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA 
>>(I think it was amended fairly recently), because the police were only 
>>able to get information if investigating a crime, and being in danger 
>>isn't a crime.
>
>Killing one's children is a crime, and that was your example.

Is threatening to kill your children a crime? If you do it twice it's 
probably harassment, and I'm not aware that men who threaten to kill 
their wives in a domestic violence situation are prosecuted for 
"conspiracy to murder", or whatever it would be.

>Outside your example, suicide is no longer a crime, but I have no doubt 
>whatsoever that the common-law defence of necessity would apply. I am 
>not a lawyer so if you are and disagree professionally with that 
>assessment please say so.

That's not a DPA defence I've ever heard anyone trying to use. If it was 
that easy a loophole I'm sure it would have cropped up in the lengthy 
discussions on the subject of [comms data] disclosure.
-- 
Roland Perry