latest plans to monitor internet use in the UK
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sat Jun 16 00:51:54 BST 2012
Francis Davey wrote:
> 2012/6/15 Peter Fairbrother <zenadsl6186 at zen.co.uk>:
>> so, if it's the ISPs who collect only the same comms data, and dish the
>> relevant dribbles out on demand/request while keeping the mass of data
>> secure, it just means they collect a bit more, and keep it for however long
>> - much the same overall though, no big difference (and there would be no
>> need for an Act to make only those changes, they could be made under RIPA by
>> SI).
>
> The use data of (say) facebook is communications data.
Traffic from facebook customers to facebook? Agreed. Call that primary
traffic data, obtainable from IP addresses.
> Facebook is a telecommunications service.
Suppose I post something on my own website - does that make my website a
telecommunications service?
Suppose I post something on a webserver with a private URL?
Suppose I send Alice a message through facebook. The existence, timing,
size etc of my message to facebook is traffic data obtainable from my
ISP or facebook's.
Is the part where I tell facebook to pass the message on to Alice
"secondary" comms data?
Suppose I ask Facebook to make some (existing, stored) data available to
Alice.
The "asking" is a message to Facebook, and content. Alice's looking at
the data may be a communication from me - but is my message to facebook
comms data, or content, or both?
ARE YOU SENDING ALICE MESSAGES? WE WANT TO KNOW ALL ABOUT ALL OF THEM.
Whatever, the act of looking for "secondary" comms data in facebook
traffic will necessarily include looking at all facebook traffic content
to be effective, There is no other way to do it, after all.
RIPA 2(5): "References in this Act to the interception of a
communication in the course of its transmission ... do not include
references to—
(a)any conduct that takes place in relation only to so much of the
communication as consists in any traffic data comprised in or attached
to a communication (whether by the sender or otherwise) for the purposes
of any postal service or telecommunication system by means of which it
is being or may be transmitted; or
(b)any such conduct, in connection with conduct falling within paragraph
(a), as gives a person who is neither the sender nor the intended
recipient only so much access to a communication as is necessary for the
purpose of identifying traffic data so comprised or attached."
So I guess clause 1(4), "Nothing in this Part authorises any conduct
consisting in the interception of communications .." *does not* mean
that looking at *all* internet traffic content is not allowed.
You actually are looking at the content of all internet traffic, but
it's not interception to do so if you are looking for "secondary traffic
data".
Figures.
I guess the "filtering" comes in here.
(as I have said before, there is no other way to do check for facebook,
or surreptitious, or steganographic messages that to look at *all*
internet traffic, including content. Even then you will miss quite a lot)
-- Peter Fairbrother
If there is any way to make sure that data
> is retained for later use, clause 1 allows an order to ensure that it
> is. Ideally by forcing facebook to use GCHQ equipment, but in reality
> it may be possible to use something at the ISP to do the trick.
>
> The reason for clause 1 is that the government can adapt the mechanism
> depending on what they want to catch.
>
> What I'm saying is that the facebook usage data is in scope and the
> act says that if it could be obtained in any way within the reach of
> UK law, then the government can do it that way. Obviously if it can't
> be obtained then it can't and no law we pass will change that.
>
More information about the ukcrypto
mailing list