ICR "Unique Identifiers"

Thu Nov 5 09:19:47 GMT 2015

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 05 November 2015 07:32
> To: UK Cryptography Policy Discussion Group
> <ukcrypto at chiark.greenend.org.uk>
> Subject: Re: ICR "Unique Identifiers"
> 
> 
> > On 4 Nov 2015, at 18:15, Andrew Cormack <Andrew.Cormack at jisc.ac.uk>
> wrote:
> >
> > Drafting of that definition is awful. From the context of the draft Bill I'd
> presumed ICRs were full URLs! If NAT/DHCP logs, then why the additional
> limits on access/use in c47(4)?
> >
> > BTW, has anyone compared+contrasted clause 51(1)(b) with clause 1(1) of
> the Comms Data Bill? From a quick look I can't see anything in today's Bill that
> limits what a "filtering arrangement" might be, so long as it "facilitates the
> obtaining of communications data". If there really are no statutory limits, that
> purpose could stretch a *lot* wider than the "API to ISP logging systems"
> that I've seen mentioned on Twitter. Might a duty to use weak/backdoor
> crypto, even, be covered by "facilitating the obtaining of communications
> data”?
> 
> My hands are full getting my thesis corrections in, but once I’ve done that I’ll
> fish out an analysis I did of the filtering arrangements in the draft Snooper’s
> Charter, which were much more opaque but presumably covered roughly
> the same territory.

Yes, that's what I assumed - same words, must be same content. But (unlike CDB), as far as I can see the IPBill doesn't actually define what it means by "filtering arrangements". Hence my concern that the power there is much more like CDB 1(1), which was "anything to facilitate the availability of Comms Data". And the full potential scope of that power has become more apparent to me every time the Gov't/Home Office has mentioned something new on its wish list :(

Good luck with the thesis. I'm now waiting to hear the result of my LLM :)

Andrew

> ian
> 
> >
> > Andrew
> >
> >> -----Original Message-----
> >> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> >> bounces at chiark.greenend.org.uk] On Behalf Of Roland Perry
> >> Sent: 04 November 2015 16:19
> >> To: ukcrypto at chiark.greenend.org.uk
> >> Subject: Re: ICR "Unique Identifiers"
> >>
> >> In article <C5A5B053-5205-4B8B-A581-769A4794B196 at batten.eu.org>, Ian
> >> Batten <igb at batten.eu.org> writes
> >>> What?  What?  What is this on about?  I’m guessing it means you
> >>> need to store whatever the token was that was used to issue an IP
> >>> number (IMEI, modem MAC, etc), but it’s surely not going to be able
> >>> to do anyhing about downstream NAT
> >>
> >> It's not a secret that they are trying to "do something" about
> >> Carrier-Grade NAT, which has always been a characteristic of most GSM
> >> data access, but is now infiltrating fixed broadband, largely because of
> >> the exhaustion of IPv4 addressing.
> >>
> >> It's the 2015 equivalent of wanting to know which subscriber had which
> >> dynamic IP address (at a specific time/date) issued from a dial-up modem
> >> in the 90's.
> >> --
> >> Roland Perry
> >
> 