<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Peter<br>
<br>
On 07/25/2012 12:35 AM, Peter Fairbrother wrote:<br>
</div>
<blockquote cite="mid:500F2335.7090602@zen.co.uk" type="cite">
<blockquote type="cite">stream, and it's looking for traffic data
in traffic that's to let's say
<br>
the Facebook or Twitter or googlemail or WoW or Habbo sites.</blockquote>
</blockquote>
<br>
(AFAIK Facebook say they fall under Irish jurisdiction for their EU
users w.r.t DP law at least)<br>
<br>
<blockquote cite="mid:500F2335.7090602@zen.co.uk" type="cite">
<blockquote type="cite">
These are afaik all hosted in the US, but they have strong UK
connections.
<br>
<br>
Let's suppose both Alice and Bob are in the UK. Now suppose
Alice sends
<br>
Bob a message through facebook, or another of the US social
media sites.
<br>
<br>
The black box sees and finds the traffic data concerned with
Alice's
<br>
message, quite lawfully under the new bill - and the traffic
data it
<br>
sees tells it it's an external communication, a message to a
server outside the UK.
<br>
</blockquote>
</blockquote>
<br>
AFAIK the last word (but grateful for any later ref) we have on
HMG's understanding is from 4th July 2000 (this was in response to
FIPR probing amendments about the new "domestic trawling" warrant in
S.16(3), misleadingly placed in a section called "Safeguards").<br>
<br>
In theory, what defines internal/external is whether the
communication (at whatever protocol level) is "received" in the UK
(rather than where a server is located), but in practice this
doesn't matter<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.fipr.org/rip/Bassam%20reply%20to%20Phillips%20on%20S.15.3.htm">http://www.fipr.org/rip/Bassam%20reply%20to%20Phillips%20on%20S.15.3.htm</a><i>
<br>
(worth reading whole thing and context at
<a class="moz-txt-link-freetext" href="http://www.fipr.org/rip/#Overlapping">http://www.fipr.org/rip/#Overlapping</a>)<br>
<br>
How do 8(3) and 15(3) interlock with clause 5(6)?<o:p>
</o:p>
</i>
<p class="MsoNormal"><<<Clause 5(6) allows, under the
authority of an interception
warrant, all such conduct as it is necessary to undertake in order
to do what
the warrant expressly authorises. This conduct can include the
interception of
communications - whether external or internal - not identified by
the warrant.
But such interception must be the minimum necessary to achieve the
object of the
warrant, and must be proportionate to that object. The clause
applies equally to
warrants complying with clause 8(1) and (3). In the latter case <u>it
could, for
example, make lawful the interception of internal communications
where these
mixed with external communications on a trunk used mainly for
external purposes</u>.
Communications that originate and are received in the UK are
always
"internal"; as is well known, some of these will go abroad en
route
and so be carried on primarily external trunks. It is <u>not
possible to intercept
the external communications on the trunk without intercepting
the internal
communications as well.>>></u></p>
<br>
<blockquote cite="mid:500F2335.7090602@zen.co.uk" type="cite">
<blockquote type="cite">
Now suppose a SoS has signed a blanket warrant to allow the
<br>
black-box-operating-agency, hereinafter BlackBoxHQ, to intercept
all
<br>
external communications (which he can do with a single stroke of
the pen
<br>
under RIPA 8(4)).
<br>
<br>
BlackBoxHQ can see that Alice's message to Bob next door is in
it's
<br>
first step actually a message to a server in the US, and thus an
<br>
external communication - and then BlackBoxHQ can look at Alice's
<br>
message's _content_, not just it's traffic data.</blockquote>
</blockquote>
<br>
Yes, but FWIW (from Bassam letter)<br>
<br>
<<<This selection is in practice designed to collect <i>external</i>
communications that fit the descriptions in the certificate. It is
therefore not
likely to catch many internal communications. It would of course be
unlawful to <i>seek</i>
to catch internal communications in the absence of an overlapping
warrant or a
certificate complying with clause 15(3).>>><br>
(original is italicized)<br>
<br>
This was the most arcane controversy of RIPA (apart from Pt.3) and
it proved impossible to get media interest. But given the IoCC has
never commented on certificated warrants since the first report
after IoCA, we have no idea how diligent he may be at ensuring that
nobody is "seeking" to catch internal communications in this way.<br>
<br>
There is a nastier legal problem, which I call "how do they know
there is a pearl inside the oyster, unless they have already looked
inside" - this is (badly) explained in the briefing notes at <i><a class="moz-txt-link-freetext" href="http://www.fipr.org/rip/#Overlapping">http://www.fipr.org/rip/#Overlapping</a>.
</i>It seemed to me the first IoCC fudged this point in his
invention of "overlapping warrants", and it has never been cleared
up or referred to publicly since. It is almost exactly analogous to
the issue that later created the tremendous furore in US about
"warrantless wiretapping", with the difference that US law protects
its own citizens categorically by nationality (which was tougher to
wriggle out of - until 2007/8 - than internal/external distinction).
There is some kind of irony (not sure what kind) that Bassam's note
was written on (US) Independence Day ;-)<br>
<br>
Caspar<br>
<br>
<i><br>
<br>
</i>
</body>
</html>