NO2ID

http://news.bbc.co.uk/1/hi/technology/7985339.stm:

You gotta love this bit...



So how do they explain away the thousands of uses of Ripa by councils in investigating trivial crimes!

Yes, "I've found a dog-turd in the wrong place and am compelled by our Council Tax Value Promise to access the database to discover the mobile phone records of whoever was most recently in the vicinity. I will then correlate these with surveillance camera images and our Known DogShite Offenders unofficial Excel spread-sheet Database to hopefully proceed to mounting a successful prosecution".

'Necessary' and 'Proportionate' are just weasel words that hide the naked reality of the Police State being built around us.

"ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so."

this is like saying a law against murder ensures only lawful killings can be committed.

They don't. They rely on people's ignorance and general disinterest in anything that is important. Also they have become accustomed to the BBC not asking any awkward questions in the first place. If the Daily Mail says anything they can pass it off as rightwing propaganda.

Can anyone clarify something here? It does not look from the regulations (draft, but I understand passed unchanged) that URLs are recorded.
Edit: The (draft) Data Retention (EC Directive) Regulations 2009, see second page for the Schedule ''Communications Data To Be Retained'.

Specifically, reg 4(5) on the first page states "No data revealing the content of a communication is to be retained in pursuance of these Regulations" and that seems to pretty much rule out recording URLs.

The internet-related stuff sppears to be data on connecting to your ISP (e.g. dialup connect/disconnect times), email server logs and details of VOIP calls.

Not that this is in any way reassuring - since 4(5) above could presumably fall victim to the Ministerial Pen at any time.

It's basically rule by decree. Whatever they want they will get, and this seems to be one thing they really want to get their greedy mits on.

Could it related to

Wouldn't the URL - or at least the IP address of the destination - be required for routing?

Also, I think it depends on the definition of content. If the source and destination numbers do not reveal the content of a telephony communication could it be argued, by analogy, that the source and destination IP addresses do not reveal the content of an Internet communication

I think so - though of course the destination IP could in many cases reveal what *sort* of content was involved...

That said, it does not look to me as if they are recording all IP-to-IP details, so therefore not website connections (webmail covered by mailbox login).

What I see from this (just looking at the internet bit) in human-readable terms is
- ISP connect/disconnect, IP address assigned, ISP user-id/details
- email logs (from/to/datestamp/message-id)
- mailbox login/logout
- VOIP connections (from/to/start/end)

Which seems a bit short, so what did I miss? Specifically on the internet bit?

Edit: not saying this isn't something to be concerned about, just want a bit more precision on what it actually is.

Perhaps we should all be writing to our ISPs to ask them what data they are actually recording.

Something along those lines had crossed my mind. Doesn't hurt to ask. I had been wondering what one of the Notices from the Home Secretary would look like, and whether it would have some details on exactly what information they want retained.

I realise there's already a 'voluntary' (or is the word 'require' actually used?) set of information that is supposed to be kept but without details of any differences from existing arrangements there is something of an elightenment shortfall.

After a re-read, it seems less clear as to whether the VOIP bits actually include purely IP-to-IP connections, or if it is limited to IP-to/from-real-phone.

So with this in mind I suggest the list should be modified to be:

- ISP connect/disconnect, IP address assigned, ISP user-id/details
- email logs (from/to/datestamp/message-id)
- mailbox login/logout
- VOIP service login/logout (all)
- VOIP connections (from/to/start/end) possibly only if a 'real' phone is involved

Unfortunately this increases the vague-factor...

This BBC report is inaccurate.



Not quite.

http://eur-lex.europa.eu/LexUriServ/sit ... 540063.pdf

Article 6
Periods of retention

Member States shall ensure that the categories of data specified in
Article 5 are retained for periods of not less than six months and
not more than two years from the date of the communication.

The landline telephone and mobile phone part of the mandatory Data Retention scheme has been in force in the UK since October 2007.



Perhaps in other more civilised, less authoritarian countries in the European Union, but not here in the United Kingdom. No independently signed judicial warrant is required for access to this Communications Data, only a self authorised request under section 29 of the Data Protection Act 1998, provided that it comes from one of the hundreds of public bodies which are allowed to ask for this data under the Regulation of Investigatory Powers Act 2000.



.

A list of the hundreds of "relevant public authorities" is given here.

And, as WTWU says, all these public authorities have had access to landline/mobile phone usage data since October 2007 when a further piece of the jigsaw was put in place, a code of practice.

And, as WTWU also says, there is nary judge involved.

The code of practice is available here and here. Try Chapter 3 – GENERAL RULES ON THE GRANTING OF AUTHORISATIONS AND GIVING OF NOTICES. Access to data requires an applicant, a designated person, a single point of contact and a senior responsible officer. None of those is a judge.

Their job (the applicant, the designated person, etc ...) is to judge whether access should be granted. They should do so while taking into account "necessity and proportionality".

They may have their doubts sometimes about necessity and proportionality but they must reason to themselves "why did central government grant us this power if we're not meant to use it?" And so access is granted for investigating dog poo, fly-tipping and school catchment areas.

Those are the only cases we ever hear about. Are there any less controversial cases of these powers being used? Are there no success stories that could be fed to the press?

Would it potentially be possible for somebody who knows about computers to write a virus or mailbot that could create some kind of automated whirligig that jams, overrides or in any way dilutes the system to render it immobile? If I had the knowledge then I would, but I'm not that technically adept. Is it possible though?

This would be entirely counterproductive since it would clog up the works for *everybody*.

It does sound like you are suggesting something like a spam botnet running at full pelt - if ever there was a reason for bringing back burning at the stake, this is it.
*fumbles for matches*

Are you talking about a denial of service attack rather than spam?

Possible but insane, Dr Evil.

Remember 90% of email traffic is spam anyway, and ISPs are already at war with that. The spam you see is what gets through the industrial filters. So it is certainly not impossible to generate a lot of mail automatically, but someone doing that would have to be attempting to outdo a worldwide semi-criminal industry, hated by almost all serious internet users, in damaging all the world's communications. You would be saving the house from squatters by burning it down.

All such ideas built round 'overwhelming' or 'punishing' the authorities, are, I suggest, misguided. What they actually do is reinforce such systems, where they are not beside the point; and they make objectors look like toddlers having tantrums.

http://en.wikipedia.org/wiki/Telecommun ... ed_Kingdom

Making use of Dynamic IP Addresses

Almost since the beginning of commercial Internet dynamic IP addresses were given out to consumers out of a pool of a set of addresses. Every connection is logged to a central database. When broadband DSL made PPPoE popular one would still be given dynamic IP addresses but disconnecting the session and calling back was now a matter of seconds instead of waiting a minute for an analog modem to retrain. If a large number of computers disconnected and reconnected every minute this would cause a lot of logs to be retained until it becomes uneconomic to retain this data of logins. Web usually still works with this and so does email. In calculation: if 1 million users at an ISP connected and disconnected every minute and did this 24/7 an ISP would need 11 terabytes of storage, for 365 days of retention, if they sign a 4 byte field for logon/logoff time, a 4 byte field for customer number and a 4 byte field for IP address used.

Uneconomic? For whom? The ISP is required by law to store the information. Why would the government care how much tax we cost them?

So either
1) the ISPs buy the machinery and charge their customers more, blaming it on the government
2) the ISPs buy the machinery and charge the government more, blaming it on their customers

11 terabytes isn't going to be a problem. It sounds a lot,but even at retail prices, 11TB is only around a thousand quid or so and you don't need specialist equipment to house it.