PRISM && Excited Guardianista

Peter Fairbrother zenadsl6186 at zen.co.uk
Sun Jun 30 17:52:17 BST 2013 

On 12/06/13 16:56, Peter Fairbrother wrote:
> On 12/06/13 11:17, James Firth wrote:
>> Bending the discussion a bit to crypto, I've seen questions on my Twitter
>> stream about Kasper's talk at OrgCon this weekend. Slides:
>> http://www.openrightsgroup.org/assets/files/pdfs/presentations/How_to_wireta
>>
>> p_the_Cloud_without_anybody_noticing_ORGcon_8.6.2013.pdf
>>
>> Specifically on slide 16, NSA capability to collect all cross-border
>> traffic.
>
> I don't know for sure that GCHQ can do the same, but it would be lawful
> if a warrant to do it has been issued by the Foreign Secretary - and as
> historically, GCHQ are known to have tapped all telephone traffic
> entering of leaving the UK, so I imagine nowadays they actually do
> intercept almost all internet traffic entering or leaving the UK.
>
> Quite how much of it they look at is another question, but I imagine
> they can look at anything they please.
>
> There are a couple of hints about that in RIPA, especially section 16.

Hah! told you so. (couldn't resist, sorry :)

http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa


To the point:

Quote: " The source with knowledge of intelligence said on Friday the 
companies were obliged to co-operate in this operation. They are 
forbidden from revealing the existence of warrants compelling them to 
allow GCHQ access to the cables.

"There's an overarching condition of the licensing of the companies that 
they have to co-operate in this. Should they decline, we can compel them 
to do so. They have no choice." "


Well they can be compelled by RIPA, but I don't know about any 
"overarching condition of the licensing" which would compel them.

Anyone?



So, it seems CGHQ tap the cables as they leave the country, presumably 
with a "black box" type of tap arrangement.

That could be done, and compelled, under RIPA, as in the first instance 
all the communications on the cable are intended for recipients outside 
the UK, so a certificated warrant could demand "all the traffic on this 
cable".

The situation is different though for domestic cables and trunks. There 
is no way a certificated warrant could say "give me all the traffic on 
this link", so if an ISP granted black-box access to CGHQ on such a link 
it would be an offence under s.1(1) of RIPA.


[It would be modifying the system as to make some or all of the contents 
of the communication available, while being transmitted, to a person 
other than the sender or intended recipient of the communication, s.2(2).

While it perfectly proper to give GCHQ access to comms for which it has 
presented a warrant, it's illegal to modify the system in order to give 
them access to comms for which they don't have a warrant - and adding a 
black-box does exactly that.

With the black box they can access comms for which they don't have a 
warrant - without it they can't. So adding the black box gives them that 
access.

Doesn't matter whether they are good boys and don't abuse the box, it's 
still making  some or all of the contents of the communication 
available, while being transmitted, to a person other than the sender or 
intended recipient of the communication - comms for which they do not 
have a warrant ]


-- Peter Fairbrother

More information about the ukcrypto mailing list