PRISM && Excited Guardianista
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sun Jun 30 17:52:17 BST 2013
On 12/06/13 16:56, Peter Fairbrother wrote:
> On 12/06/13 11:17, James Firth wrote:
>> Bending the discussion a bit to crypto, I've seen questions on my Twitter
>> stream about Kasper's talk at OrgCon this weekend. Slides:
>> http://www.openrightsgroup.org/assets/files/pdfs/presentations/How_to_wireta
>>
>> p_the_Cloud_without_anybody_noticing_ORGcon_8.6.2013.pdf
>>
>> Specifically on slide 16, NSA capability to collect all cross-border
>> traffic.
>
> I don't know for sure that GCHQ can do the same, but it would be lawful
> if a warrant to do it has been issued by the Foreign Secretary - and as
> historically, GCHQ are known to have tapped all telephone traffic
> entering of leaving the UK, so I imagine nowadays they actually do
> intercept almost all internet traffic entering or leaving the UK.
>
> Quite how much of it they look at is another question, but I imagine
> they can look at anything they please.
>
> There are a couple of hints about that in RIPA, especially section 16.
Hah! told you so. (couldn't resist, sorry :)
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
To the point:
Quote: " The source with knowledge of intelligence said on Friday the
companies were obliged to co-operate in this operation. They are
forbidden from revealing the existence of warrants compelling them to
allow GCHQ access to the cables.
"There's an overarching condition of the licensing of the companies that
they have to co-operate in this. Should they decline, we can compel them
to do so. They have no choice." "
Well they can be compelled by RIPA, but I don't know about any
"overarching condition of the licensing" which would compel them.
Anyone?
So, it seems CGHQ tap the cables as they leave the country, presumably
with a "black box" type of tap arrangement.
That could be done, and compelled, under RIPA, as in the first instance
all the communications on the cable are intended for recipients outside
the UK, so a certificated warrant could demand "all the traffic on this
cable".
The situation is different though for domestic cables and trunks. There
is no way a certificated warrant could say "give me all the traffic on
this link", so if an ISP granted black-box access to CGHQ on such a link
it would be an offence under s.1(1) of RIPA.
[It would be modifying the system as to make some or all of the contents
of the communication available, while being transmitted, to a person
other than the sender or intended recipient of the communication, s.2(2).
While it perfectly proper to give GCHQ access to comms for which it has
presented a warrant, it's illegal to modify the system in order to give
them access to comms for which they don't have a warrant - and adding a
black-box does exactly that.
With the black box they can access comms for which they don't have a
warrant - without it they can't. So adding the black box gives them that
access.
Doesn't matter whether they are good boys and don't abuse the box, it's
still making some or all of the contents of the communication
available, while being transmitted, to a person other than the sender or
intended recipient of the communication - comms for which they do not
have a warrant ]
-- Peter Fairbrother
More information about the ukcrypto
mailing list