gmane.law.cryptography.uk

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Ben Liddicott — 2013-05-23T22:52:38

On 23/05/2013 22:43, Roland Perry wrote:

I am really not sure what your point about "practicality" is here. I am 
sure a court order can be given in terms such as "as far as reasonably 
practicable". In any case the judges who give the orders, and the people 
who ask for them, will be well versed in what is practical. This is a 
nothing-nothing objection.

As to the rubber stamp objection: The fact that the request is seen by a 
person means that person can make enquiries either before or after 
granting the request - which makes all the difference. Who knows when a 
judge or Magistrate will suddenly decide to ask a lot of questions? They 
sometimes do, presumably just as a spot-check. Judicial review will find 
few abusive requests because abusive requests which might be made, will 
simply not be made. Even post-hoc reviews like the FISA courts will have 
that effect. But if the request will be fulfilled automatically and 
reviewed by no-one at all, ever, why not put in unnecessary, marginally 
necessary, fishing-trip, or purely abusive requests? Why not look up 
your ex-girlfriend's new boyfriend's internet habits?

Again, if it is so damn important, then it is worthwhile spending a 
twenty minutes justifying it: If there isn't time before, justify it 
afterwards. But if the request doesn't justify twenty minutes of a 
coppers' wages, why does it justify abolishing the privacy of the entire 
nation?


It would be valuable to have an independent party see the requests - 
either before, or afterwards - and determine how many of them were 
actually justified. I suspect rather less than all of them.


Killing one's children is a crime, and that was your example.

Outside your example, suicide is no longer a crime, but I have no doubt 
whatsoever that the common-law defence of necessity would apply. I am 
not a lawyer so if you are and disagree professionally with that 
assessment please say so.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-23T22:02:01

In article <519E8AF0.7060605-zQGKLn5Wc3Lby3iVrkZq2A< at >public.gmane.org>, Ben Liddicott 
<ben-zQGKLn5Wc3Lby3iVrkZq2A< at >public.gmane.org> writes

What "new abilities" are these? [1]

The system which was decided upon (and known as RIPA) isn't that much 
different from the above, and involves verbal authorisations, followed 
by paperwork as soon as you get a Superintendent out of bed.

A question for the lawyers here: In practice, can someone in the force 
control room really ring up a judge themselves (no other intermediaries) 
in the middle of the night? What sort of standard of proof would the 
judge want that the request was genuine and necessary?

[1] The BBC is talking about new forms of data being logged
    (specifically de-anonymising carrier grade NAT), not new routes to
     obtain disclosure.

     It seems to me unrealistic to expect BT's broadband customers, who
     are about to be stuck behind CGNAT, to become untraceable overnight;
     and while BT could log the mappings on their own accord I suspect
     they want a change in the law (or at least some kind of official
     'notice') to give regulatory certainty and to keep their
     shareholders happy that they aren't spending money unnecessarily.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-23T21:43:59

In article <519E6D76.8060203-zQGKLn5Wc3Lby3iVrkZq2A< at >public.gmane.org>, Ben Liddicott 
<ben-zQGKLn5Wc3Lby3iVrkZq2A< at >public.gmane.org> writes
 >>And if every request required the police and the telco to physically 
 >>attend court (which is likely to be some distance from the telco's HQ) 
 >>and then be required to respond to a non-urgent request in a week 
 >>rather than a month, then the costs would spiral out of control (for 
 >>all parties involved).

Of course the vast majority can wait until the next day (or even the 
next week), but the other aspects remain. Unless you think it's a good 
idea for these court orders to be issued without any comment from the 
telcos about the practicality, and any more than a rubber stamp from the 
judge regarding the necessity.


You seem to be wanting a special "telecoms court" to deal with these 
things both quickly and by remote participation. The volume of enquiries 
(which are overwhelmingly reverse-DQ) would be challenging to 
accommodate.


There's no DPA 1998 exemption for "life at risk/preventing injury", 
whereas DPA 1984 had 34(8). It was also initially overlooked in RIPA (I 
think it was amended fairly recently), because the police were only able 
to get information if investigating a crime, and being in danger isn't a 
crime.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Ben Liddicott — 2013-05-23T21:32:32

On 23/05/2013 20:32, Francis Davey wrote:
So the reality is if you have an emergency, you have two officers on the 
phone:

Officer 1 gets on to the ISP and says "I need some info urgently, court 
order is on it's way. Can you look it up and have it ready to give as 
soon as the order comes through?" The chap at the ISP does so, looks up 
the info and has it ready.
Officer 2 gets on to the Judge and says " I need a court order for 
this...".  As soon as the order is given, the word is passed to officer 
1 along with (presumably) some reference number. ISP chap hands over info.

This happens in parallel, and in reality the court order plus request 
takes barely longer than the request alone.

If that's the case, what is the real reason these new abilities are 
being asked for? Are the people who insist they are necessary lying or 
merely ignorant? Why aren't they being called on it?

Hmm... Cheers, anyway.

Ben

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Francis Davey — 2013-05-23T19:32:52

2013/5/23 Ben Liddicott <ben-zQGKLn5Wc3Lby3iVrkZq2A< at >public.gmane.org>


You can get an order over the telephone. There's a 24/7 "duty judge" system
that means you can always get a judge (possibly out of bed) for an urgent
order. Clearly you have to have a pretty good reason to do that but the
system is there.

If this was going to happen a lot then I am sure the court service could
(if it was told to) set up a system that made this work.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Ben Liddicott — 2013-05-23T19:26:46

On 23/05/2013 15:31, Roland Perry wrote:

Well, that's a good summary of the argument, but not actually a good 
reason, and it's not actually what happens.

It's not what happens because the vast majority of such requests are for 
things which could perfectly well have waited to the next working day 
and been dealt with in bulk.

It's not a good reason firstly because there is no technical reason why 
a court order has to be slow. IANAL, but AFAIK a court order or warrant 
can be given by telephone, fax or email if need be - I don't believe 
there is any legal requirement for the judge to be in the same room as 
the petitioner - and if there is, why not just change that rule for 
emergencies?

Even if it was the case that court orders are too slow, there is no 
reason not to have a post-request review requirement like the US Federal 
FISA courts.

It is impossible to avoid the conclusion that the reason for removing 
review altogether (as opposed to having an emergency procedure plus a 
post-request review) is because the authorities intend to vastly expand 
the volume of such requests they make.


Well the EU have recently mandated that from (2014 I think or maybe 
2016?) all new cars sold in the EU must have both GPS and mobile network 
connectivity so that in the event of an accident they can automatically 
summon the emergency services, just in case the occupants are unable to.

Of course to make a difference all of the following would have to be true:
a) the occupants are so badly injured that they are unable to summon help.
b) they are in too remote an area to encounter passers-by who can summon 
help
c) yet paradoxically they close enough to urban centres that the 
emergency services can arrive before they die of their injuries.

It is obvious that while this could happen, it will occur a most few 
times in any given year in the entire EU, and shave a fraction of a 
percentage point off the road accident death rate. And for this benefit 
we are about to give the authorities the ability to access to a complete 
history of every journey we make, as soon as they decide that we need a 
firmware upgrade to, e.g. "better plan the transport system" or 
"implement a personal carbon ration", or whatever excuse they think they 
can slide past us. (c.f. access to NHS data sicut nunc).

If it saves a single life it /isn't /worth it.

If the police are able to persuade the telco that it is an emergency, 
then there is an exception in the DPA for that, and the telco will no 
doubt want to follow up as to the end result as part of their ISO27001 
controls. If they cannot persuade the telco, then *Yes* they should get 
a court order. If it is so urgent, then it is urgent enough to wake up a 
judge.

Cheers!
Ben

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Ian Mason — 2013-05-23T17:50:34

On May 22, 2013, at 11:12 PM, Peter Fairbrother wrote:


[snip]


I'm not convinced that the 'bad old days' have gone away. I find  
little difference in the actual attitudes of coppers that I talk to  
socially nowadays to the ones I used to share curry and beer with back  
then.


The heaviest users of these will be enquiry officers - usually DCs and  
PCs. Bear in mind that nowadays there are many civilian staff inside  
police stations - largely invisible to the general public. These are  
not limited to obviously clerical roles (e.g. I've come across at  
least one civilian evidence/exhibits 'officer'). In the case in point  
I was present as a non-police civilian and had free access to the  
incident room in question for several weeks - often outside office  
hours when it was not in operational use.

Interestingly, the actual cases I have heard of where staff were  
disciplined/prosecuted for improper use of police records have often,  
possibly even primarily, been civilian staff and have often been to  
exactly the kinds of records we're discussing. They may be less  
intrusive but they are the ones that often have the most value outside  
of legitimate police work - i.e. are most likely to be abused for non- 
policing reasons.



This has been SOP for quite a while now. There are no separate charges  
for this, they are bundled into the charges made to the emergency  
services for the basic provision of 999 services and charges made to  
telcos that don't run their own 999 operators. It's very different  
from investigative RDQs, the database of addresses is supplied to the  
999 operators and is automatically linked to any incoming call. The  
address is automatically passed to the emergency services with the  
call hand-off. I've only been involved at the very periphery of this -  
providing addresses for a database that was being passed up the line -  
so I can't comment on the access control arrangements at the 999  
operator end.

Investigative RDQs are explicit enquiries (one off and bulk) and are  
supposed to meet a minimum level of necessity before being made. I  
can't remember the exact wording used for the level of necessity and  
am too lazy to go and look it up. I can say, from experience, that  
what ought to be assessed on necessity often turns into an assessment  
of expedience once in the hands of the police. In marginal cases the  
assessment won't be 'is this necessary' but 'can we get away with it'.

This might seem a jaundiced view, but it's based on my personal  
observations of real police officers, on real operations that used  
exactly the kind of widespread surveillance and access to records that  
regularly concern us here. Make no mistake, the operations were  
necessary and legitimate but some of the individual things I saw  
happen weren't necessary or legitimate and some were even driven by  
idle curiosity - the latter meaning that I can tell you that the  
armoured car the prime minister is driven around in has the Ministry  
of Transport as its registered keeper. The fact that the prime  
minister's car's registration plate was within eyeball range of  
someone with access to a PNC terminal will suggest that I'm highly  
limited in telling you any specifics of the particular operation in  
question.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-23T14:31:14

In article <519D42DC.5080800-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org>, Peter Fairbrother 
<zenadsl6186-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org> writes

Briefly, the issue is that when it's really important (for example an 
estranged father rings his ex-wife to say he's committing suicide and 
taking the children with him, now) then court orders are too slow.

And if every request required the police and the telco to physically 
attend court (which is likely to be some distance from the telco's HQ) 
and then be required to respond to a non-urgent request in a week rather 
than a month, then the costs would spiral out of control (for all 
parties involved).


The emergency services are allowed to know where people are calling from 
(including mobiles, which is why so many these days have GPS because 
that's a USA requirement). Perhaps you'd rather wait for them to get a 
court order??

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-23T14:22:52

In article <519D3BB9.3060403-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org>, Peter Fairbrother 
<zenadsl6186-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org> writes

Perhaps you are making the mistake of thinking that the worst crimes are 
committed by the cleverest people? April Jones and Tia Sharp might 
disagree (to quote only two recent examples).


For Morse there are the books to read. Or use the "catch-up" services on 
the Interweb.

 >I don't want one in the house, I'd just sit and watch it and get 
 >nothing done

The more that things can be viewed later, the less I watch. Getting a 
VCR (in the early 80's) cut my viewing considerably. In the last month 
(and despite having the biggest and best TV ever) all I've managed to 
watch regularly are Endeavour and Dr Who.


I think we must make it possible when it's necessary. Cue RIPA debate, 
cont'd p94.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Peter Fairbrother — 2013-05-22T22:12:44


That's good and bad security - good because access would be broadly 
limited to policemen who could enter the room, bad because there would 
be no logging of who asked. For the "bad old days", it's not that bad.

Limiting access to policemen, preferably at least sergeant level, and 
logging of who asked, and why (with occasional for-real checkups) is 
probably all that is needed for RDQs and electoral roll enquiries. They 
are not really very intrusive.

It's when they get into more intrusive matters. like phone and internet 
logs, that more severe restrictions are warranted. The intrusion is 
different, and more severe - so why not more severe restrictions? Like a 
Court-issued warrant?

That would cos for the Court time, but it would be balanced by not 
needing to go through a SPOC for most enquiries.

Might even end up cheaper - suppose Plod get a warrant, costs £800,  and 
get a list of 50 people the suspect called. If a SPOC RDQ enquiry costs 
£20, a non-SPOC RDQ enquiry costs £2, and a SPOC log enquiry costs £100, 
that's a saving of £200 overall (I have no idea of the actual costs, but 
I hope the point is made).


IMO, conflating RDQs and accesses to usage logs was one of the worst 
aspects of RIPA (after enforced key reveals).

Or maybe it was done to hide an enormous number of access log requests.


(Hmm - a while ago I called 999 about a fire, and the operator asked if 
I was calling from <my address>, which I had not told her - do they pay 
for that RDQ service? Is it different from investigative RDQs? I can't 
imagine there is a SPOC involved for a 999 call.)

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Peter Fairbrother — 2013-05-22T21:42:17

That's true enough, but if they use the end of catching the 
harder-to-reach fruit in order to justify the means, but those means 
will not let them reach that fruit ...


I'd read it.


I don't have a TV.

(people think that's strange - it was my birthday yesterday, and my 
sister asked if I wanted a TV for a present, as she has every year for 
the last ten years - but I don't want one in the house, I'd just sit and 
watch it and get nothing done).


A legitimate investigative technique, most likely - but that does not 
mean we must make it possible, especially at any cost.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Ian Mason — 2013-05-22T17:24:52

On May 22, 2013, at 9:26 AM, Roland Perry wrote:


I can state from personal direct knowledge that in the early 90's that  
one non-metropolitan police force had unfettered online access access  
to BT's reverse-DQ and unlisted number databases. In the instance I  
directly observed no procedure or justification was required - just  
physical access to the terminal connected to BT (which in this case  
was situated in a suite of offices normally used as a major incident  
room alongside a PNC terminal and one connected to a database of all  
electoral rolls - both with similar lack of access controls or  
procedures).

Re: BBC Moneybox - contactless hiccups

Roland Perry — 2013-05-22T08:28:42

In article <20130521170923.GD20185-v7oSnKn4qNcd8cy4ZZikoQ< at >public.gmane.org>, Jon Ribbens 
<jon+ukcrypto-JgzTmhv+UHffC7kMvaharFpr/1R2p/CL< at >public.gmane.org> writes

And last week I had a Debit Card transaction "declined", when what they 
meant was "we can't seem to contact your bank at the moment, so hard 
luck".

But I suppose they'd say it was the POS machine declining to take the 
card, not the bank declining to authorise the funds. They really should 
have two different expressions for that.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-22T08:26:34

In article <519BFD2D.5070102-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org>, Peter Fairbrother 
<zenadsl6186-1HOZaDBbGgxaa/9Udqfwiw< at >public.gmane.org> writes

Her government does. But it's never a good argument that you should give 
up picking the low-hanging fruit, just because there's some harder to 
reach fruit elsewhere.


I could write a book about it.

Did you watch 'Endeavour' (the 'Morse' prequel). I've not seen the whole 
series yet, but they've done reverse-DQ phone numbers in two of the 
plots so far.


There's two elements to this. One is whether the access is required at 
all (and checking who a suspect has been in contact with is normally 
regarded as a legitimate investigative technique), the other is to what 
extent it's "pretty much unrstricted".

I won't re-run the RIPA [vs DPA 29(3)] debate for the nth time.


Which is why there's the tailpiece in RIPA s2(9)

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Peter Fairbrother — 2013-05-21T23:03:09

Hmmm - suppose I download a game which takes an hour (or a day) to play, 
and want to see the result. Will the ISP keep the 5-tuple NAT active?


Of course throwaway dongles, unsecured WIFI, free public wifi, TOR, and 
so on need no mention here. But I wonder if Her Majesty knows about them?



Does anyone know the history of how and why telephone logs became fair 
game for Plod?

I mean. it's not obvious that Plod should have pretty much unrestricted 
access to comms data logs anyway.

Even then there is a big difference between telephone logs and internet 
logs, which are much more revealing.

Re: BBC Moneybox - contactless hiccups

Jon Ribbens — 2013-05-21T17:09:23

I've personally seen a POS machine print me a "declined" receipt
for a transaction that was actually approved.

Re: Fwd: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-21T20:22:09

In article 
<CAJ0hfotvuxk1zV1ipj4scutwLFnCnc4xsM4Jd3KKi-jiKWTvEw-JsoAwUIsXosN+BqQ9rBEUg< at >public.gmane.org>, 
"k.brown-+9tF5d9GpIpaa/9Udqfwiw< at >public.gmane.org" <k.brown-+9tF5d9GpIpaa/9Udqfwiw< at >public.gmane.org> writes


And in the recent Queen's Speech!

ORGCon 2013 June 8 London

Jim Killock — 2013-05-21T15:05:16

Hi all,

Hopefully you know about ORGCon 2013

http://orgcon.openrightsgroup.org/

- but in case you don't it has a lot to offer you all. Hope to see some of you there!

Jim

A sample:

http://orgcon.openrightsgroup.org/2013/programme

Snoopers' Charter: What's the situation now?
 -Jim Killock, ORG Executive Director
- Peter Sommer
- Others TBC

Digital Arms Trade
-Hauke Gierow, Reporters without Borders
-Eric King, Privacy International

Regulating Code
- Ian Brown and Chris Marsden on their book and its conclusions

How to wiretap the Cloud (without anybody noticing)
-Caspar Bowden, independant privacy expert
Speaking on the threat of the US FISAA (Foreign Intelligence Surveillance Ammendments Act)

Fwd: BBC News - 'Fresh proposals' planned over cyber-monitoring

2013-05-21T14:52:21



And those that were desirable were really only problems for people who
write software for routers. Not for end users. Or even people who run
computers for end users. Or even people who configure networkds for
people who run computers for end users.  And they have pretty much
been solved in the last twenty years by those people who write
software for routers.

And "simplified address structure" is only true if you are writing
software for routers.  To everybody else IPv4 looks simpler because
its just about possible for the average person to remember four
decimal numbers in a row, most people can't hold eight 4-digit hex
numbers in their head, which means they can't *read* them, which
means they are basically machine-readable-only for the average punter.

Basic nerdview mistake. Describing things from the point of view of an
insider,  so making it harder for anyone without the rignt background
to follow. (Other classic bits of nerdview in this field might include eduroam,
Freeradius and Shibboleth installation documentation - you can only
understand them if you already know how to do it; and everybody who
does know how to do it can't see why its so hard for everyone else to
follow ;-)

OK. some things are fine described from an insider point of view. I
used to do IOgens for IBM mainframes (about 25 years ago). It didn't
matter that none of it made sense to anyone who didn't have at least
about three years of system programming experience, a good idea of how
channel io worked, knew their way round a control block or twenty, and
ideally was pretty good at JCL, JES2/3, dump reading, and 370
assembler as well. Because no-one who didn't fit that description was
likely to ever get near an IOgen.

But IP addresses have escaped. They are out of the box.  They aren't
quite general knowledge (though I'd guess that at least a quarter of
the people who drink in my local have at least some idea of what they
are) but they have certainly got out into the world of PC support and
help desks and cable TV.  And IPv6, unless it is *completely*
invisible, will make a lot of people's lives harder at that sort of
level.

So we hang on untill it is completely invisible. The time to decide to
convert end-user PC networks and domestic WiFi to IPv6 is the day you
find its already been done for you and you didn't notice.

Re: BBC News - 'Fresh proposals' planned over cyber-monitoring

Roland Perry — 2013-05-21T07:15:09

In article <518CB006.8000604-BPqP8yNAJjH10XsdtD+oqA< at >public.gmane.org>, Peter Tomlinson 
<pwt-BPqP8yNAJjH10XsdtD+oqA< at >public.gmane.org> writes

And an article looking more deeply into the technical details of CGNs, 
in this context:

http://www.potaroo.net/ispcol/2013-05/cgns.html

Re: BBC Moneybox - contactless hiccups

Tony Naggs — 2013-05-20T14:44:03


Many door locks simply try to read the unique Id (UID) of a card, &
search for it in an access rights table. The ones I've encountered are
unable to cope with multiple cards presented together.

Credit & debit cards may have random or fixed Ids, and the card
function is identified by further information on the card. If there
are multiple cards a terminal could simply charge the card it
identifies with credit/debit functionality - this may still not be the
expected behaviour.

--
Tony