latest plans to monitor internet use in the UK

[Peter Fairbrother]

Francis Davey wrote:
> 2012/6/15 Peter Fairbrother <zenadsl6186 at zen.co.uk>:
>> so, if it's the ISPs who collect only the same comms data, and dish the
>> relevant dribbles out on demand/request while keeping the mass of data
>> secure, it just means they collect a bit more, and keep it for however long
>> - much the same overall though, no big difference (and there would be no
>> need for an Act to make only those changes, they could be made under RIPA by
>> SI).
> 
> The use data of (say) facebook is communications data. 

Traffic from facebook customers to facebook? Agreed. Call that primary 
traffic data, obtainable from IP addresses.

> Facebook is a telecommunications service. 

Suppose I post something on my own website - does that make my website a 
telecommunications service?

Suppose I post something on a webserver with a private URL?





Suppose I send Alice a message through facebook. The existence, timing, 
size etc of my message to facebook is traffic data obtainable from my 
ISP or facebook's.

Is the part where I tell facebook to pass the message on to Alice 
"secondary" comms data?

Suppose I ask Facebook to make some (existing, stored) data available to 
Alice.

The "asking" is a message to Facebook, and content. Alice's looking at 
the data may be a communication from me - but is my message to facebook 
comms data, or content, or both?




ARE YOU SENDING ALICE MESSAGES? WE WANT TO KNOW ALL ABOUT ALL OF THEM.




Whatever, the act of looking for "secondary" comms data in facebook 
traffic will necessarily include looking at all facebook traffic content 
to be effective, There is no other way to do it, after all.



RIPA 2(5): "References in this Act to the interception of a 
communication in the course of its transmission ... do not include 
references to—

(a)any conduct that takes place in relation only to so much of the 
communication as consists in any traffic data comprised in or attached 
to a communication (whether by the sender or otherwise) for the purposes 
of any postal service or telecommunication system by means of which it 
is being or may be transmitted; or

(b)any such conduct, in connection with conduct falling within paragraph 
(a), as gives a person who is neither the sender nor the intended 
recipient only so much access to a communication as is necessary for the 
purpose of identifying traffic data so comprised or attached."



So I guess clause 1(4), "Nothing in this Part authorises any conduct 
consisting in the interception of communications .." *does not* mean 
that looking at *all* internet traffic content is not allowed.


You actually are looking at the content of all internet traffic, but 
it's not interception to do so if you are looking for "secondary traffic 
data".

Figures.


I guess the "filtering" comes in here.


(as I have said before, there is no other way to do check for facebook, 
or surreptitious, or steganographic  messages that to look at *all* 
internet traffic, including content. Even then you will miss quite a lot)


-- Peter Fairbrother

If there is any way to make sure that data
> is retained for later use, clause 1 allows an order to ensure that it
> is. Ideally by forcing facebook to use GCHQ equipment, but in reality
> it may be possible to use something at the ISP to do the trick.
> 
> The reason for clause 1 is that the government can adapt the mechanism
> depending on what they want to catch.
> 
> What I'm saying is that the facebook usage data is in scope and the
> act says that if it could be obtained in any way within the reach of
> UK law, then the government can do it that way. Obviously if it can't
> be obtained then it can't and no law we pass will change that.
>