Industrial espionage by TLA's

Brian L Johnson brian at
Wed Jan 29 23:39:41 GMT 2014

On Wed, 29 Jan 2014 16:43:41 -0000, Peter Fairbrother  
<zenadsl6186 at> wrote:

> On 29/01/14 12:37, Brian L Johnson wrote:
> Thanks Brian.
> I find the opinion a bit lacking - here I'll only comment on paragraphs  
> 1 to 26 as I haven't read it all, and I don't know much about EU law  
> anyway, just a bit about RIPA.

I find the opinions are... opinions. There's much there for discussion  
between lawyerly types.

> Jemima Stratford QC goes through the law, some comments by Lord Bassam,  
> and the statutory CoP and concludes, in para 26:
> "In summary therefore, RIPA only entitles the UK security services to  
> intercept bulk contents data where at least one party to the  
> communication is located outside the British Isles.
> I have some doubts about quite what this means. The relevant wording in  
> RIPA is "" external communication” means a communication sent or  
> received outside the British Islands".
> In other definitions in RIPA, eg in the definition of interception in  
> subsection 2(2), the wording "intended recipient" is frequently used -  
> here the wording is different, and is such that if the communication is  
> actually received outside the UK, whether by the intended recipient or  
> by another, the communication is external.

AFAICS there are at least 2 different definitions of 'external' in RIPA.   
And also, AFAICS, which one the government will use in any given scenario  
depends on which point of view they wish to portray at that time.


> Miss Stratford continues:
> "Thus the activities described in scenario (a) are unlawful as contrary  
> to RIPA."
> Scenario a is: "The Government Communications Headquarters (‘GCHQ’) have  
> intercepted bulk electronic data sent between two persons located in the  
> UK, but transmitted along fibre-optic cables which run between the UK  
> and the United States. The electronic data arise from internet, email  
> and telephone use"
> This is a little wooly. If the word "bulk" is excluded then it makes  
> sense, otherwise not. I thinks she means GCHQ intercepted bulk data on  
> the cable, which included messages sent between two persons located in  
> the UK.


> Again I have doubts about what Miss Stratford means. The the description  
> of the communications which can be intercepted in a RIPA ss.8(4)  
> certificated warrant cannot include internal communications - but under  
>   ss.5(6) a warrant also allows "(a) all such conduct (including the  
> interception of communications not identified by the warrant) as it is  
> necessary to undertake in order to do what is expressly authorised or  
> required by the warrant".

It's called 'covering your six' or 'covering all bases'.

> As a matter of practicality, suppose GCQH are intercepting some or all  
> communications on a cable under a certificated ss8(4) warrant to  
> intercept external communications of some type. They will obviously need  
> to look at the actual traffic on the cable in order to to this.
> Let's consider Alice's email to Bob at Even if messages meant  
> for persons in the UK are not to be intercepted, how are GCHQ to know  
> whether Bob is in the UK? Or Alice for that matter?
> The traffic data attached to the email won't tell them - Bob could be  
> anywhere. He could be in the UK when the message was sent, and outside  
> the UK when he picked it up from the US Hotmail web server.
> In fact if GCHQ do not already know who Bob is, he could be anybody, as  
> well as anywhere. He could be Bob in Dagenham, or Roberto in Spain, or  
> Ali Robber Baron in Afghanistan. There is simply no way for GCHQ to tell  
> from the traffic data whether the email is meant for a person in the UK  
> or not.
> Next, consider an email where a standard hop goes outside the UK but  
> both the sender and the intended recipient's initial and final mail  
> servers are in the UK. GCHQ will be able to tell this from the routing  
> information, in many but not all cases - it is trivial to forge "from"  
> addresses on emails, and this is often done for legitimate privacy  
> purposes,
> GCHQ may sometimes be able to tell that the persons are in the UK, but  
> in most cases they will not be able to with any degree of surety - in  
> general the intended recipient of an email can collect it from anywhere  
> in the world.
> As far as synchronous communications are concerned, the situation is not  
> much better. For fixed line telephony it is fairly easy to tell where  
> the sender and intended recipient are - sometimes. At other times it  
> can't be done, for instance the use of cheap phone cards where the  
> caller calls a UK number in order to call a foreign number.
> [Sorry, I got called away - an example for hard to identify origin and  
> destination country for internet traffic should go in here]

A nod to Skype should go here also.

> The initial point is, GCHQ has a warrant to intercept traffic on some  
> cable, and it is genuinely very hard, and often impossible, for them to  
> tell whether the traffic they are intercepting is external or not.
> As the warrant allows them to do " all such conduct (including the  
> interception of communications not identified by the warrant) as it is  
> necessary to undertake in order to do what is expressly authorised or  
> required by the warrant" they are legally allowed to intercept (and  
> analyse) internal traffic as well as external traffic.
> In part they can do this to determine whether it is internal or external  
> traffic, but also as they cannot determine (or cannot be certain)  
> whether traffic is external or not, they most likely just run all the  
> traffic through their analyses. They will claim it is too much work to  
> sort it, and unreasonable to ask them to.
> So then they will have, in practice, intercepted and analysed the  
> internal traffic on the cable quite lawfully under RIPA. All of the  
> internal traffic on the cable.

I would say that GCHQ intercept everything they can get their hands on and  
then justify it -- in the remote possibility that they ever needed to --  
after the fact.

> I don't quite know what they do after the analysis if the traffic is  
> later shown to be internal. However I don't think they chuck it away - I  
> think it could legally be used as intelligence (but not as evidence, as  
> evidence from interceptions is excluded from the Courts), but I am not a  
> lawyer.

I think, if anything, the data will be being used as intelligence  
internally and temporarily. As a pointer, if you will, for directions in  
which to look. "It seems we should look at this person... Ooh! look what  
we found by [erase footprints} 'chance'."

> While I am in no way certain that I am correct in what I say above  
> (actually I disagree with much of it), these lines of thought do deserve  
> to be followed.
> And I am of the opinion that in practice and as a general measure, GCHQ  
> do intercept and analyse all the traffic which enters or leaves the UK  
> on the cables they monitor.


Rifkind's recent interview on Channel 4 is  
worth watching.

He certainly had me convinced. :)


More information about the ukcrypto mailing list