* Posts by Peter Fairbrother

44 publicly visible posts • joined 14 Nov 2007

Please kill this cookie monster to save Europe's websites

Peter Fairbrother

Google Analytics

"When someone visits OUT-LAW.COM for the first time, our site endeavours to send that visitor's computer a cookie. We do this with some help from Google, which offers a free service called Google Analytics."

That's certainly not mentioned in your privacy policy page. You say you will collect some data automatically. and may pass data abroad to your other offices, but you don't say you pass data abroad to Google.

Get a grip. Collect your own data and do your own analyses, it's not that hard.

Also, I wonder whether it's possible to link Google analytics cookies to the different sites that produce them. Or if Google can do it - a quick skim suggests they can - and you can't be sure what they are actually doing with the data.

The proposed law doesn't go far enough, but well done EU so far!

Organised crime cops seek international hacking powers

Peter Fairbrother

Legality of Police hacking?

"In the UK, hacking by law enforcement agencies is covered by the Regulation of Investigatory Powers Act. "

I'm not sure where hacking (cracking!) fits in under RIPA - it isn't mentioned as such anywhere in the Act. It might come under the general heading of "surveillance", which is defined in a non-exclusive way, but it doesn't seem to be in any of the accepted categories. However I do think the legality of Police hacking has never been debated in Parliament.

Assuming it's "surveillance", I'm also not sure whether it's "intrusive surveillance" or not,. It would seem to be when the computer is in a home, and if so only a Chief Constable or someone of a similar rank can authorise it. Which isn't likely to happen very often.

Jacqui's secret plan to 'Master the Internet'

Peter Fairbrother
Black Helicopters

Illegal, yet again

The secretary of state may make an order under s.12 of RIPA for the inclusion of such interception "black boxes" - but the order has to be laid before Parliament and approved by a resolution of each House.

If this has not happened - and it hasn't - then any ISP installing a "black box" will be acting illegally.

Moreover, even GCHQ cannot intercept without a warrant, which for domestic communications (those not going to or from someone outside the UK), must be only for communications to/from a specific person or premises which must be mentioned by name therein, and which must be signed by the hand of the relevant Secretary of State.

The Home Secretary issues warrants for domestic interceptions - the Foreign Secretary signs warrants for foreign interceptions, and could issue a single blanket warrant for ALL international communications, which the Home Secretary cannot do for domestic interceptions, each domestic warrant must be for a single person or premises.

If a "black box" is trawling for suspicious content or keywords, it is intercepting ALL the communications it looks at even if it does nothing more than look at most of them.

Unless the Home Secretary has signed 60 million warrants - I suspect she'd have noticeable writer's cramp if she had, and it would show up in the Commissioner's annual report - then GCHQ would be acting illegally if it trawled most domestic communications.

As an addendum, although I haven't looked into this in detail I am fairly sure that the contractors will be breaking the law too, and the contracts will therefore be unenforceable

Israelis develop 'safe' plutonium: good for power, bad for weapons

Peter Fairbrother
Thumb Down

Eh?

It's fairly easy (at least by nuclear chemistry standards) to separate americium and plutonium...

Code generator card fights fraud

Peter Fairbrother

Much Cheaper?

Why should it be much cheaper? The card still has a display, battery and switchpad. There may be fewer buttons, and the chip may be simpler, but extra buttons are much cheaper than the first button, chips are cheap as ... well, chips :)

Crypto attack unveils hidden backups

Peter Fairbrother

Not just detecting hidden volumes

First, all present hidden volumes can be detected if you have access to a previous snapshot of the visible volume (assuming the contents of the hidden volume have changed) - put simply, something will have changed in a place where it shouldn't have changed.

This can be overcome, but no-one does it - it's difficult and expensive. Note that if volumes are backed up it is quite easy to get a previous snapshot of a filing system.

[Markus Kuhn suggested that the original StegFS could withstand a two-snapshot attack - but it doesn't pass my "will it convince a Jury?" test., and the code of the original version is moribund anyway.]

However this attack is not just about detecting hidden volumes, it's about getting some of the plaintext content too - which is far more important, as people frequently don't need or use hidden volumes.

This type of attack is nothing new. I won't go into OTFE modes as it's verra complicated Captain, and none of the usual modes are completely secure anyway. Rekeying solves some of the problems, but introduces others.

Does TurboCrypt do any better? I don't know - they have probably plugged a small known hole, but there's more to an OTFE solution.

Adobe cites bad blood for closed Flash

Peter Fairbrother

codecs, open source

So Adobe can't open-source Flash player because the codecs are proprietory - but many of these codecs are only in use because they are included in Flash. If they weren't included, no-one would use them.

One option might be to partly open the source. For instance, the player might be open-sourced with a licence allowing derivative works, but derivative works from the codecs would not be allowed (for eg security vetting purposes we need to see the codec source, even if we can't modify it without permission).

Alternatively, Adobe might reveal the code but only allow derivative works which they approve of. If someone found a few mistakes, or perhaps a security hole, they might submit a patch to Adobe, who could then include it or not. If Adobe are sensitive enough they'll get some free code and a lot of free code inspection out of it.

As good as free-as-in-beer open source? No, but better than what we have now. Eventually we will move to fully open-source codecs as well, but that will take some time yet, and this might be a good step along the path.

Prof says fatties a bigger menace than bin Laden

Peter Fairbrother

Begging for failure?

It's curious that the Prof picks ID cards and 42-day detention without trial - two highly unpopular strategies, which will probably be repealed when the Tories get in at the next election - as examples.

Surely getting the NHS to do more disease prevention would be a popular strategy. The anti-smoking stuff hasn't been popular, but people do understand it. I'd think a well-considered attitude to fatties would be taken the same way.

Researchers show up deniable file system crypto leaks

Peter Fairbrother
Boffin

re:@AC 09:52 @Peter Fairbrother

Oh dear. In future please can you take more care to reply to what I actually wrote, rather than what you imagine I wrote.

I most certainly did not say that overwritten data on a modern hard drive is recoverable. It probably isn't recoverable even by NSA, and it certainly isn't practicably recoverable by any publicly-known means, including off-center tracking and/or electron microscopy.

What I did say is that the *presence* of overwritten data is easily detectable.

http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1246592,00.html

"I asked Jim Reinert, senior director of software and services for Ontrack Data Recovery whether [recovering overwritten data] was possible. His answer was a blunt "No."

Reinert admitted that it is possible to read traces of previously written or overwritten bits, but reconstructing any usable data from them was a horse of a different color."

You don't have to reconstruct useable data in order to provide evidence of the existence of TrueCrypt hidden volumes - you just have to find traces of overwritten data.

And that's pretty easy to do, all you need is a screwdriver and £200 of electronics (plus a computer and some free software). No clean room, no electron microscope required. Detecting hidden volumes on USB sticks from wear-levelling data is actually quite a bit trickier to do in practice.

With a little more work you can even get a fairly good idea of how many times a space on a hard drive has been written to.

Peter Fairbrother
Boffin

Re:@Peter Fairbrother

"Can you explain how you can tell if data on a hard disk has been over-written?"

You look at the noise in the raw output signal, using a suitable filter. Overwritten data will not be completely overwritten, and will create extra noise. You don't get to read the overwritten data this way on a modern hard drive, but then you don't need to, you just have to know it exists.

It's very easy to do, just compare noise levels. No electron microscopes required, just a screwdriver and £200 of electronics. You don't even have to open up the sealed part of the hard drive.

BTW, my security model includes "Can a prosecutor prove it to a jury?". That kind of deniability *is* useful, eg in the UK RIPA s.49 (police demands for keys) context.

Peter Fairbrother

Re @ Peter Fairbrother

Using VM ware doesn't makes the existence of files deniable, which is the whole point.

You say "yes there are files there" ... and the interrogator says, "what's the key?".

Then he looks to see if there's any "deniable" stuff.

Using VMware doesn't help at all.

Peter Fairbrother
Boffin

Re: How is this news?

Indeed, it was well-known in the last millennium. Afaict, not having read it yet, the paper shows it happening.

Problem is, it isn't at all easy to solve.

You can put the OS on a write-only medium like a CD, so the temp etc files get erased - but if you put eg your home folder on the drive then there will probably be files relating to what you have done.

If the home folder is exposed, eg if it's on a visible TrueCrypt partition, then the Police may demand the keys to that partition using a RIPA s. 49 notice - and the information in those files may contain links or data, or even show that a file has been saved somewhere, suggesting the presence of a hidden partition.

Suppose instead that the OS is on CD and you arrange things so that you can only store files into the "visible" (where "visible" means the partition whose keys you give up on a RIPA demand, or under torture) and hidden partitions deliberately, rather than letting the OS create files for you.

Still doesn't work reliably.

TrueCrypt hidden partitions are usually at the end of the TrueCrypt volume. The volume is going to be stored somewhere, probably either on a hard drive or USB fob.

The problem then is that, if you store files in a hidden partition, the data at the end of the volume will be written to more often than if you don't. Modern hard drives have such high data density that it may be hard to recover overwritten data - but it's still easy enough to tell that data has been overwritten. If bits at the end of the volume have been overwritten more often than parts in the middle, or the part containing a persistent file, the interrogator may ask why, and conclude that a hidden partition exists.

USB keys are much the same, except worse - the load-levelling they use makes it easier to tell how many times a part of the filespace has been overwritten.

There are theoretical solutions, but they are all very expensive in terms of bandwidth and computation.

For instance the first Anderson/Needham/Biham construction works if you first fill it with random data a few times and don't use Larson tables, and I have an unpublished construction using universal re-encryption which works (not the one accepted for PET07, that doesn't work) - but both are horribly expensive.

I'm working on (I'm a cryptologist with a special interest in deniable/steganographic file systems) a better construction, but it isn't ready yet (see www.m-o-o-t.org )

Criminal record checks: More often wrong than right

Peter Fairbrother

3.3 million checks?

If 3.3 million is 6.6% of the working population, that implies there are 50 million people of working age in England , Wales and perhaps NI. Seems a bit high to me, as the total population is of England, Wales and NI is only 56 million.

Take off those under 16, women over 60, men over 65, the million or two on disability and .. I'd say the rate was more like 10%.

Even 6.6% is a hell of a lot of checks. Does everyone who applies for a job get checked?

EU accidentally orders ISPs to become copyright police

Peter Fairbrother

Consumer rights?

I can't see how this might improve consumer rights.

"Arguments about the technical feasibility of such an action are irrelevant. It's not the law-maker's job to know how a law can be enforced"

When I was in the Army one of the first things I learned was not to give aorder which would not, or could not, be obeyed ...

Duff UK nukes risk 'popcorn' multi-blast accident apocalypse

Peter Fairbrother

UK atomic weapons part 2 - popcorning

In part 1 I described how in order to reshape and compress the plutonium pit in order to get a 300-ton yield the conventional explosives must be very accurately detonated, but what happens if the explosive is not detonated accurately?

The details are complex and the knowledge needed to give accurate answers is well beyond what's publicly available, but for high yields the supercritical mass must be formed very quickly so that it doesn't blow itself apart before it has time for a lot of the mass to undergo fission - in the 300 ton case "a lot" is about1% of the plutonium.

If a critical mass of formed more slowly, perhaps because the explosives were not detonated correctly, then a small yield "fizzle" can happen. This isn't very likely, as there isn't a lot of extra plutonium in a modern primary, and it has to be shaped into a sphere and also be compressed before a critical mass can be assembled, but it is perhaps possible. This is the other main cause of single point sensitivity, but what would the yield of such a low-order detonation be?

Well it can't be more than 300 tons, because getting 300 tons is the maximum that can be done with accurate detonation, but it may be ten kilos, a ton or even ten tons depending on the speed of assembly and the degree of supercriticality. More than ten tons or so yield is very unlikely, bordering on impossible.

Could this set off another low-order detonation in a nearby warhead? It's possible, although unlikely. How unlikely? Only the MOD could answer that, it depends on classified details of the design.

Lets look at a worst-case popcorning scenario, where the 48 warheads in a sub or in a store do set each other off in low order detonations. Note that a single medium-order 300-ton detonation will be enough to disrupt the remaining warheads.

If each warhead yielded the maximum10 tons then the total would be 480 tons, but for two too-long-to-explain-here reasons 350 tons is a better maximum figure, and even this is extremely unlikely - even 50 tons is pushing probability.

However lets say the maximum credible total yield for a single point failure or popcorn event is 350 tons - now this isn't spare change by any means.

The effects of sub-kiloton explosions are a bit different to multi-kiloton explosions, and it is quite possible to be killed by prompt radiation without suffering lethal blast or burn damage (though you will still get knocked ass-over-tit). That's what the 100 sieverts at 1 km figure is about. Think "neutron bomb", although neutron bombs are designed to give off lots of neutrons, and typically have yields in the low kiloton range.

However, any remotely likely popcorning event can only take place where there are several warheads close together, ie either in a sub or in a bunker, and the prompt radiation will be attenuated by the hull of the sub and perhaps the water, or the walls of the bunker. The raw radiation will consist of neutrons and gamma rays of approximately equal lethality.

The gamma rays will be attenuated by the hull of the sub by a factor of at least 500, and would not be a great concern at 1 km. The neutrons are much more of a worry, but a few feet of water or bunker walls would stop them from being lethal at 1 km.

In general, at 1 km distance from a popcorning event I'd be far more worried about contamination from plutonium than prompt radiation.

Is a popcorning event possible at all? For some early warheads undoubtedly the answer is yes, but could today's UK warheads popcorn? I don't think so, but that depends on classified design details I have no access to. The official line is "It's perhaps possible but extremely unlikely, we can't prove it but it may well be impossible". I'd agree in general, though perhaps not on exactly how unlikely.

Peter Fairbrother

UK atomic weapons

Britain has "about 200" nuclear weapons, all of which are Trident warheads. Usually about 144 are in submarines, the rest are stored and maintained at Coulport near Glasgow. There are at present no foreign nukes on UK mainland soil.

UK Trident warheads are based on the US W-76 warhead, and have yields of either 10 kilotons or 100 kilotons. There are no UK megaton-range weapons.

The UK Trident warhead primary is (probably) a small and light beryllium-reflected DT-boosted neutron-pulse-tube-initiated plutonium fission bomb with a 300 ton or so unboosted yield, using a minimum amount of plutonium in the pit. This plutonium pit is reshaped and compressed very quickly by conventional explosives to create a supercritical mass. The required shaping and compression must be very accurately controlled.

In the old days the compression was controlled by using a large number of very high-speed detonators, which had to be set off with sub-microsecond timing. We don't know how modern bombs work, but speculating, UK bombs may only have one detonator. The use of a single detonator would mean that the bomb would be "single-point sensitive".

"Single-point sensitive" means that a single jolt of energy correctly delivered could cause a significant nuclear energy release. "Single point safe" means that it takes more than one jolt of energy. There are other possible causes of single point sensitivity, however all of these would result in smaller energy releases.

To increase the primary yield a mixture of deuterium and tritium is injected into the primary pit just before the primary is compressed, which boosts the primary yield to 10 kilotons. This cannot happen in a single-point failure or popcorning accident, the injection of the DT mix must be deliberate and accurately timed.

While 10 kilotons is enough to ignite the fusion secondary to give the full yield of 100 kilotons (if the secondary is fitted, some warheads don't have a secondary), 300 tons isn't, so a full-yield event cannot be caused by popcorning or single-point failure.

In the case of a Trident warhead the very most that a single-point or popcorn accident could produce is a 300 ton yield unboosted primary detonation, although even this is an overestimate. as to get the 300-ton yield a neutron-pulse tube is required, which needs pre-charging and precise timing control - like DT injection, the neutron pulse not going to happen in that sort of accident, which means that the yield will be lower than 300 tons.

"Popcorning" might at worst involve a single unboosted primary of 300 tons yield going off. - nearby bombs would then release a significant amount of plutonium, but they are extremely unlikely to add significant amounts of energy, In general the neutron and X-ray flux of the first explosion would disrupt the plutonium pits long before they could be accurately compressed by their conventional explosives. The chance of getting two or more 300-ton yields is so remote that it isn't worth bothering about.

This is not to say that UK warheads may not be somewhat "duff" - there is a large question about the reliability of the US W76's secondary, and it may often fail in use, only giving a 10-15 kiloton yield. We don't know whether the UK's version has the same problem though.

Peter Fairbrother

Re: Yield

I don't know this for sure, but I don't think UK warheads are dial-a-yield as such.

They can of course easily be modified to give 300 tons (by emptying the DT reservoir), 10-15 kilotons (by fitting a dummy secondary) or be full 80-100 kiloton yield devices, but I think this has to be done in the maintenance shops, and once aboard the subs the yield can't be changed.

Also, I don't think the 300 ton option has actually ever been fielded, just the 10 kt and 100 kt options.

I think most subs on patrol carry at least one missile with a single 10 kt warhead.

But as I say, I'm not sure about this.

Snoop bill opponents post Swedish spy IDs on net

Peter Fairbrother

Most far-reaching law - except for RIPA

Does the UK monitor all external communications?

Broadly speaking, RIPA divides communication interceptions into three types - domestic, external, and foreign.

Interception of domestic (where both sender and intended recipient are in the UK) communications requires a warrant. Warrants are signed by the Home Secretary, and must be fairly specific - warrants are limited in duration, and each warrant covers only one person or location.

Interception of external (where one party is in the UK and the other is abroad) communications also requires a warrant, notionally signed by the Foreign Secretary - but there is no requirement to be specific, one single warrant can cover *all* external communications.

Has the Foreign Secretary, or some previous foreign Secretary, signed such a warrant? We don't know, and nobody's telling. But legally, he certainly could do. These interceptions are not included in the Interception's Commissioner's annual report, or at least the public part of it.

Britain has had a law allowing unrestricted interception of external communications since 2000 - if not earlier.

Interception of foreign (where neither sender or intended recipient is in the UK) communications is entirely legal, and requires no warrant. This happens, though again we don't know the extent of it. It isn't included in the IC's report either.

BTW, Britain has been intercepting foreign communications since the early 1900's when Britain had a near-monopoly of telegraphy cables - if not before.

There is a story that the UK and US have (or had) an agreement whereby the UK tapped US communications, and vice versa - foreign interception being legal in both countries, but domestic interception being illegal - and swapped the product. It happened at least sometimes, but no-one knows how often.

AVG scanner blasts internet with fake traffic

Peter Fairbrother

What's the point of pre-scanning?

I can't see the point of pre-scanning. As far as I can tell it achieves nothing security-wise, and maybe creates a security hole.

There are three operational possibilities, and I don't know which AVG uses: either the site is pre-scanned and scanned again when it is loaded, or it is just pre-scanned and the "cleared" site is loaded, or the version which was pre-scanned is stored and displayed.

Suppose a site with some malware on. In the first case either it gets detected in the pre-scan or it gets detected when the site is loaded. In either case it's detected and the pre-scan achieves nothing.

In the second case there is a big security hole, the site can easily provide clean content for the prescan version and dirty content for the "cleared" version.

In the third case, again there is no security benefit, the other sites are discarded .

The only possible benefit I can see is if the scanning is slow, in which case having preloaded and pre-scanned versions may save user time in some situations - but the cost of this in terms of slow response times and increased bandwidth is disproportionate, and likely to get AVG sued.

I think it might be infringement of copyright for a robot to load a file for which a disallow entry in a robots.txt file exists - and it very likely would be if this had been previously pointed out to AVG.

There may be other grounds for suing AVG too, the extra cost of bandwidth and possible DDoS are clearly detrimental to web hosts.

US nuke boffins smash petaflop barrier with 'Roadrunner'

Peter Fairbrother

A "mouse brain" should be 250 teraflops

The Blue Gene L 11.5 teraflop 1/2 mouse brain simulation only ran at 1/10 speed giving 230 teraflops/mouse brain - but 250 teraflops is a better number.

So Roadrunner cost $113 million and has the processing power of four mice - anyone want to buy four mice for $11.3 million, a saving of 90%?

-- Peter Fairbrother

Phorm agrees to independent inspection of data pimping code

Peter Fairbrother

80/20 report

As Simon Davies's main critic on Ukcrypto, can I say I don't actually blame him too much - he apparently got snowed by Phorm, something which Phorm are very good at.

I do think he might have been more careful though, both about the difference between him acting as a member of PI and acting as a member of 80/20, and about considering the wider aspects of Phorm's proposal.

I don't doubt that Phorm has made some efforts to prevent personal information being kept and while I'm not convinced, I'm not surprised that Simon thought they were impressive - Phorm are good at impressing. They may even be right in this case.

However Simon seems to have simply accepted that Phorm's proposal is legal under RIPA, and did not consider the wider aspect of whether anyone should be allowed to have direct access to internet traffic at all, for purposes such as targeting advertising.

In my view this is at the heart of the matter, and is at least as important an issue as as not processing personal data (which incidentally is a defined legal phrase which doesn't mean what it seems to mean): no-one should have direct access to internet traffic beyond the extent to which it is necessary in order to pass that traffic (and maybe the Police in some cases).

The public's primary protection of the privacy of their communications is Part1 Chapter1 of RIPA (which replaced the Interception of Communications Act), not the DPA, and that's pretty much what Part1 Chapter1 of RIPA says - you can't look at communications traffic unless you need to in order to pass on the communication, or have the consent of both parties.

Which is why Phorm is illegal, and should be illegal - it's looking at, and thereby intercepting, raw internet traffic.

It's not dissimilar to tapping your telephone and looking for keywords in order to target advertising - even if the content of calls isn't recorded, and the keyword counts are anonymised, they have no business tapping your telephone in the first place - and the privacy of both parties to the call is infringed just by that tapping.

What Simon's report looks at is whether the call is recorded and the effectiveness of the anonymisation - but it doesn't look at whether anyone should be allowed to tap your telephone calls in the first place.

Net think tank: Phorm is illegal

Peter Fairbrother

Re: "Privacy International" loves Phorm

Privacy International has, as far as I know, made no public statements whatsoever about Phorm - though Phorm have said otherwise, and so have the BBC etc.

The confusion comes about because a report was commissioned from 80/20 Thinking by Phorm. 80/20 is run by Simon Davies, who is also well-known member of PI - but he is not representing PI here.

The interim report from 80/20 says that the Home Office concluded that Phorm would be in compliance with RIPA - I don't know how Simon D came to that erroneous conclusion, it says nothing of the sort, perhaps he was told so by Phorm.

From his emails I don't think Simon D had actually seen Simon W(atkin)'s Home Office "view" when the draft report was written, but I can't confirm that.

Peter Fairbrother

Re:Phorm's official response to the allegations made by FIPR

"We don't agree with FIPR's analysis. And its description of the Phorm system is inaccurate. Our technology complies with the Data Protection Act, RIPA and other applicable UK laws. We've sought our own legal opinions as well as consulted widely with experts such as Ernst & Young, 80/20 Strategic Thinking, the Home Office, Ofcom and the Information Commissioner's Office (ICO). We discussed our system with the ICO prior to launching it and continue to be in dialogue with the organisation."

Ernst & Young are a firm of accountants, they are not lawyers, and their report merely suggested that Phorm might comply with some US and Canadian standards. mentioning nothing about RIPA compliance.

80/20 are not lawyers, and according to Simon D they did not independently consider whether Phorm would be legal under RIPA.

The Home Office are not lawyers, and in any case they did not say that Phorm would be legal under RIPA.

The ICO say that they only learned about Phorm a couple of days before this all started (haven't got the exact ref to hand), and they have not commented publicly on the legality of Phorm under RIPA as yet.

So that much is all bullshit. I don't know what Phorm's own legal opinions said, but if they had told me was lawful then I'd get me some new lawyers.

It's totally, blatantly, and very obviously illegal.

Top security firm: Phorm is adware

Peter Fairbrother
Happy

Re: I don't just want to avoid Phorm....

"...I want vengeance. Can we destroy this thing? "

I don't do "internet anarchist" attacks, but..

I've just pointed out to Google that Phorm will be illegally collecting (stealing?) their commercial data, as Google have not consented to Phorm's interceptions, and urged Google to seek an injunction to stop BT doing trials.

I say stealing? with a question mark, as the question of whether it is stealing or something else is legally complicated, but ask yourself - how much would Google charge for that data (if they could legally sell it)?

That this would also likely remove one of Google's potential competitors in the online advertising market - well, Google may see that as a bonus :)

If anyone else with relevant connections would like to urge any of the other big sites to seek their own injunctions .. someone has to pay the lawyers, and the big sites have both the money and the incentive.

Peter Fairbrother

Re: any legal eagles out there

Will I do?

What Phorm and BT plan to do is interception, and it's an offense under section 1 of RIPA unless both the sender and intended recipient of a communication consent to it's being intercepted. In practice this means both the user and the website owner have to consent, and that simply ain't going to happen.

All the "maybe"s in the Home Office guidance have already been discussed to death elsewhere, and a long time ago, with the general conclusion that none of them have any chance at all.

Simon Watkin, who has taken part in many of those same discussions, knows the consensus view well, and I simply can't understand why he'd give out such "maybe" advice - afaik almost no-one else thinks that any of these excuses have any chance whatsoever in Court.

Of course, while Simon is very good at words, and is to some extent good at the laws he's had written - though he didn't write RIPA itself - he's fairly darn clueless about the internet (and cryptography) in general.

I know Simon quite well, so I'm not going to suggest that he may have been bribed - I think he's a straight arrow as far as that might go - but he does seem to have been eating Phorm's PR cookies. :(

To recap: there are three possibilities which might make targeted online advertising, with the targeting being based on observing the target's webtraffic, lawful:

*First "maybe", that it's not interception because no "person" is involved if it's done by machine. That's nonsense, the ISP or Phorm is a "person" as far as the Act goes. In a very similar case, the ICO has said that automated virus scanning is interception (but legal interception under 3(3)). It is also contradictory to s.16. This "maybe" argument is garbage.

*Second "maybe", that it might be lawful interception under 3(3), which says interception is legal if it's done for the purposes of the telecommunications service, ie the transmission of communications.

This is how virus scanning is legal - your computer is considered to be part of the system when it is being used to communicate, and protecting it from viruses is necessary in order to ensure the communications get through. There is a similar, but weaker, argument for spam filtering being lawful under 3(3).

However Phorm/BT looking at your webtraffic is not done in order to help transmit your communications, it's done in order to target advertising, so this argument is garbage as well.

*Third "maybe", that it would be lawful interception if both parties consent to the interception - this is correct - but in practice it's almost impossible to get consent from both parties.

Getting consent doesn't mean that someone doesn't object - it means that both parties, the sender and the intended recipient, have actively consented to the interception.

For the user side T+C's won't do it, because the user will often not the person who agreed to the T+C's, and also because such a term in the T+C's for a ISP service contract is almost certainly not enforceable.

Even getting express consent from individual users, as opposed to the owner of the connection, is problematical - suppose you want to allow a guest to use your account? The guest has not consented. You may well be partly responsible for the subsequent interception.

From the webhost side, getting consent - well, Phorm/BT would have to ask each website publisher. The "implied consent" in Simon's advice is consent to download, not to intercept, and there is no implied consent to download for many web pages anyway.

So, while it's not garbage, this "maybe" just isn't going to work - getting consent is just too hard to do.

Peter Fairbrother

Phorm and ads

As I understand it, Phorm intend to include ads only in webpages of sites which have agreed to their terms, and not any other websites - much like the ads in El Reg pages.

The adprovider may not be El Reg itself, but when you call a webpage it also calls the ads up from the separate adprovider.

Phorm's problem is that in order to individually target the ads to you then they have to know something about you; or if "you" is anonymous then they have to know something about "your" web browsing history - which information they can only reasonably get by illegally intercepting "your" web traffic.

-

As an aside from this, but in re online advertising in general, there is an ambiguity in RIPA which might affect Phorm or even El Reg - there are two possible interpretations of section 2(5)(a). These are known as the "conduct" and "comprised" interpretations. As yet neither has been tested in Court.

RIPA section 2(5)(a) says that conduct is not interception if it is:

"any conduct that takes place in relation only to so much of the communication as consists in any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted:"

Briefly, the ambiguity is whether the "for the purposes..." phrase refers to the "conduct that takes place..", or whether it refers to the "traffic data comprised..".

If "for the purposes... " refers to the "traffic data comprised .." then it would mean that any use whatsoever of traffic data can't ever be interception - but if it refers to the "conduct that takes place .." then it is only lawful to intercept, look at it, or give out, traffic data if it's done in order to facilitate the transmission of that communication (or for other RIPA-acceptable reasons.)

Personally I favour the "conduct" interpretation.

This would not preclude El Reg etc from including advertising; but it would prevent El Reg from telling the adproviders which IP to send the ad to - they would have to pass the ad on themselves from an El Reg IP address.

Which would probably be quite a good thing overall - but might make ad accounting harder. However RIPA is not clear on this point.

CPW builds wall between customers and Phorm

Peter Fairbrother

Re:Werner..a bit wobbly?

"If a website is publicly available without requiring a password etc then it is easy to argue for consent. "

Consent to what? Consent to download your webpage, maybe*, but that's all.

It's not consent to have your communications intercepted, consent to count the number of hits you get, or which pages on your site are more popular, or to count the other stuff the people who hit your pages hit.

*though not by any means necessarily, for instance many people use secret URLs - if you don't know the URL you can't get the webpage.

Not great security, but it happens a lot - one estimate is that there are as many secret URLs as public ones (tip o' the hat to Richard Clayton for pointing that out).

Incidentally that was the cause of the scandal about Junior Doctors details being available online, they used a URL which was not supposed to be publicly known for each doctor.

Peter Fairbrother

Home Office advice and RIPA

Reading through this carefully, and it is always advisable to read Simon Watkin's words very carefully, at no point does he say that the conduct necessary to perform targeted online advertising, even when done to the highest standards, is not a RIPA section 1 offense.

He says "there is an argument that" ,"may stand", "might" and the like, but he never explicitly says it can be done legally.

He does, or the Home Office do, come out on the online advertiser's side a bit more than I'd like though, - the last part might be read as "it probably is an offense, but don't worry" - so it's likely that the Home Office might recommend to the DPP that he not prosecute. Maybe. The advice is dated January, and things may have changed since.

There is one stated opinion I disagree with: getting consent through T+C's. This doesn't work when a connection is shared, as the user may very well, and very often will, not be the person who accepts the T+Cs.

The rest is all maybe's:

- maybe there is an implied general consent to download a webpage (but that's not consent to have it intercepted, and isn't even true of many webpages anyway, eg those with secret URLs or requiring log-ins)

- maybe it's not interception because it's done by machine (a point the ICO, and most lawyers, explicitly disagree with)

- maybe it's okay because it's part of the service (but this is contradicted by the definitions of telecommunications service and telecommunications system in section 2.)

All just maybe's.

Peter Fairbrother

Perhaps one reason why the stock is falling

is because the Phorm proposals, whether opt-in or opt-out, are clearly criminal offenses under RIPA?

Opt-in might take care of one part of the consent requirements under RIPA ss. 3(1) - and it might cover some DPA compliance issues, but by no means all - but for interception to be lawful under RIPA ss.3(1) the ISPs also have to get consent from the webservers, and I can't see that happening. They won't get consent to intercept traffic from my sites, that's for sure!

And what if a connection and/or browser is shared? One person might have given consent, but that does not mean that the other sharers have - so the ISPs have to say "is that you?" every time they intercept.

Data pimping: surveillance expert raises illegal wiretap worries

Peter Fairbrother

Some RIPA points answered

Re: opt-out, opt-in

Opting in would give BT "reasonable grounds to believe" that you have consented to the interception - but not opting-out would not, as failing to object to something is not the same as granting consent, and granting consent, or a reasonable belief that that has happened, is what is required under the Act. And accepting a cookie you never see on your browser is not granting consent!

However, in any case the granting of consent must be done by _both_ parties if it's to make the interception lawful:

Re: What about the data being sent by websites to the customer?

_Both_ the sender _and_ the intended recipient have to agree for consensual interception to become lawful under S.3(1).

I raised this very point with Peter Sommer last week, so I doubt he got it wrong - but perhaps he thinks the data is only looked at if it comes from sites which have agreed to Phorm intercepting it, and only when the customer has also agreed - though that is contrary to the little we have been told of how Phorm operate...

Re: Difficult Call- Contradictory RIPA :

S.3(3) The "purposes of a telecommunications system" - and note, it's a system, not a service or an ISP - are defined in S.2(1) to be the "transmission of communications". There is no "out" here for storing or passing on anything more than traffic data.

S 1(6) is about private telecomms systems - BT is not a private telecomms system as far as RIPA goes. There is no contradiction.

I can't see anything which would or even could make the interception lawful.

in fact I can't see any grounds to suppose what they are doing could possibly be considered not to be interception, or could possibly be considered to be lawful interception - and unlawful interception, unlike most breaches of the Data Protection Acts, is a criminal offense punishable by up to 2 years in prison.

Which is where they belong. All of them. Though whether the wimpy Commissioner, or the DPP, will agree to a prosecution is another matter ..

BTW, if you want to break your contract with BT, Virgin etc - this is good grounds to do so. They are breaking the law. It's also good grounds to sue them .. :)

How Phorm plans to tap your internet connection

Peter Fairbrother

Re: Interception and RIPA

Come to think of it, ISPs selling _any_ customer traffic data is probably completely illegal under RIPA.

It's certainly interception, see RIPA s. 2(5)(a) (even though it might be "just" traffic data, it's still interception unless it's done to "facilitat[e] the transmission of communications by any means involving the use of electrical or electro-magnetic energy"),

and I can't see how it might be lawful under RIPA.

Peter Fairbrother

Interception and RIPA

If this statement:

"The website reruns the content you want, which is again intercepted by the ACE. A copy of the page contents is sent to the Profiler,"

is correct then that would be interception under RIPA, irrespective of whether "you" can be identified or not.

Interception is defined in RIPA as "making any of the contents of a communication available to a person other than the sender or recipient".

Afaict it would also be a criminal offense in this case, as none of the lawful interception exemptions in RIPA would apply.

In general, under RIPA ISPs are allowed to look at as much of the traffic data (URLs etc) as they need to in order to deliver the message, without this looking being interception; and they are also allowed to look at as much of the content as is necessary in order to provide their message-passing service.

Think of the Post Office - the first looking is like reading the address, the second is like opening an undeliverable letter in order to find where to send it. The Post Office can open a letter under these circumstances, but not for most other reasons.

The situation regarding IPSs is very similar. The latter kind of looking is interception, but not all interception is illegal, and it could be lawful interception if it's necessary in order to protect or perform their message-passing service - for instance it's how virus scanning and perhaps spam filtering are allowable, though spam filtering is a bit problematic - your computer is considered to be part of the network as far as virus scanning goes, so looking at content in order to protect it against viruses is okay, and there is an argument that spam filtering is necessary as email services would not be possible without spam filtering.

BT and Phorm are persons btw, in the meaning of the Act, and it would still be interception if BT made content available to itself for processing. It doesn't matter whether the looking is done by machine or by hand, whether BT or Phorm does it, or whether they do any anonymising, it would still be interception and illegal as it is not necessary in order to provide the message-passing service.

There are several other steps in the process described which might also be interception, but it's hard to tell from the limited information available - for instance, when the URLs are sent, how much of the URL is sent? Anything after the third slash (the one after the domain name) is considered content, not traffic data, and making content available to another person would be interception, and illegal interception to boot.

I'm not well up in them, but the process described also appears to involve many breaches of the Computer Misuse and the Data Protection Acts.

EU data guardians: search engines must obey our rules

Peter Fairbrother

re google.com and google.co.uk

I wrote:

"I imagine google.co.uk is an EU/UK subsidiary of google.com"

My imagination was getting away with me - google.co.uk is hosted in the US. Sorry.

Peter Fairbrother

google.com and google.co.uk

They will find it hard to make this effective.

When you make a google search through google.com, perhaps through the default search box on your browser, if you are thought by Google to be in the UK (for instance) it redirects from google.com to google.co.uk. Fair enough perhaps, though the results are different, but I won't get into that here.

The point is that the search terms go through (I presume) google.com in the US, and thereby leave EU data protection jurisdiction.

I imagine google.co.uk is an EU/UK subsidiary of google.com, and as such would comply with any EU data protection laws - but even if that happens the default may be to go through google.com.

You have been warned...

ISPs demand record biz pays up if cut-off P2P users sue

Peter Fairbrother

Re: Unbelievable

I said that downloading DVDs costs 40p -90p per GB in the UK, and I stand by that. It's an average range, for the average person, not for a monster torrent leech - in many circumstances it will cost more, and only vary occasionally will it cost less.

For instance, to change from a 20 GB/month limit to a 40 GB/month limit will cost about £10 per month more with most UK ISPs - that's 50p per extra GB. Considering that two ISPs are involved in most p-p transfers, that's 100p per GB in total - but the average punter's costs to themselves are 50p per GB, _if_ they use their limit, which is unusual, and 75p per GB if their up/down torrent ratio is 0.5. Never mind that the average torrent ratio has to be more than one...

UK ISPs who allow downloading at 400 GB (or even 100 GB) per month do exist, but they are rare or expensive, and the cheaper options are disappearing rapidly.

In your case, your seedbox costs £30 per month, and your UK ISP probably costs about the same. That's £60 per month, and from your description I guess you get about 100 MB of content in the average month - which means your costs average 60p per gigabyte of content.

Told you, you will pay that much (or even more), in one way or another.

"Never underestimate the bandwidth of a station wagon full of backup tapes" - or overestimate the cost of sending DVDs in the post.

Peter Fairbrother

Re: Is downloading copyright stuff illegal in the UK?

No, it is not illegal to download copyright material for your own use without the permission of the rights holder - but it is unlawful.

It is making another copy without authorisation from the copyright owner, which is an infringement of copyright. This is a civil tort (wrong) - but it is not a criminal offense. It is not theft, legally speaking. The police can't arrest you for it, you can't be convicted for it, but the copyright owners can sue you.

Supplying copyright material is sometimes an offense, it depends on the circumstances. Generally speaking, if you do it for money you can be busted.

Incidentally, ripping a CD for your own use is probably technically an infringement too, but you are unlikely to be successfully sued for it.

Peter Fairbrother

Re: Honeytraps

"About the record industry setting up honeytrap Torrents. Is evidence gained through a honeytrap eligible as evidence?"

In general, the Courts can exclude such evidence, or (in a criminal case) find the accused not guilty because they might not have committed the offence if the honeytrap or incitement wasn't there - but they very seldom do either.

The "ricin plot" is a case in point - the only chap found guilty was enticed, almost certainly with the connivance of the UK Police, to get castor beans by an informant in Algeria (who had been tortured btw), but presumably the Court found that he was a nasty shit anyway and deserved to be punished.

However in the case of downloading from honeytraps there is probably an implied permission from the rightsholder to make copies, so it wouldn't be unlawful anyway. :)

I am not a lawyer, this is worth only what you paid for it.

Peter Fairbrother

ISPs inspecting traffic for illegal filesharing ..

..would be an interception under RIPA, and highly illegal.

ISPs can look at traffic for purposes connected with the supply of their service. This is normally taken to include virus scans and spam filtering, though there is some question about the latter - but it certainly doesn't include inspecting traffic for illegal filesharing.

What the music/movie biz lawyers usually do is look at publicly available bittorrent information. Whether the download itself is encrypted or not doesn't matter much, it's this publicly available information which is used.

I am of the opinion that the music biz has it's knickers in a twist mainly because revenues are falling - and the reason isn't so much filesharing, though that has some effect, but simply that people do not listen to music as much as they used to.

The movie industry seems less vocal about filesharing, even though percentage wise I'd guess the amount is similar - but people aren't watching less movies.

Another factor may be the cost of downloading a DVD, which is significant, compared to downloading a music track, the cost of which can be ignored.

BTW, a DVD in the post is a much cheaper way to send a a movie than bittorrent - a blank DVD costs 20p, postage 29p, sleeve 2p, so it costs 51p, or two for 71p. Downloads cost about 40p - 90p per GB (you _will_ pay this, in one form or another), so to download a 4 GB movie costs £1.60 - £3.60.

Equifax asks customer to email debit card photocopies

Peter Fairbrother

Utility bill?

As I pay for utilities by direct debit, with online billing, I don't have any utility bills to send ...

Top cop urges RIPA review in coded attack on snoop code

Peter Fairbrother

RIPA and "bugs"

"After the CPS decision [not to prosecute]", says the IRR, "the family was told by the coroner that the full inquest could not be held because large portions of the police officers' statements had been crossed out under the Regulation of Investigatory Powers Act (Ripa) 2000, which covers information obtained from covert surveillance devices such as telephone taps or bugs."

Section 17 of RIPA excludes the product of interception (phone calls, email, snailmail) from legal proceedings - but there are no provisions in RIPA to exclude the product of "bugs" from legal proceedings.

RIPA is actually four laws (badly) stuck together - Part I covers interception, Part IIa covers communications data (who, when and where, but not what was said), Part IIb covers covert surveillance, and Part III covers demands for keys or plaintext of encrypted data.

If, as was recently announced by Gordon Brown, the product of interception is to be made useable in Court then there is no real reason for any change here - the idea that it can only be used in exceptional circumstances, chosen by the Prosecution, won't fly as the ECtHR won't let it happen, and in any case procedures and methods will be exposed even in those "exceptional" cases.

It's easiest just to be open about it all, though sufficiently after the fact in order not to compromise ongoing investigations - lots of, indeed most "free", countries do it that way

Rocket train smashes world land-speed record

Peter Fairbrother

Hydrogen - why not?

The passage of the train at Mach 1+ would disrupt the polytunnel covering the track to a fare-thee-well, and the rocket exhaust would ignite the hydrogen when mixed with air.

But so what?

Maybe the polythene from the tunnel might partly melt and fall back and mess up the tracks for future use, but if they were clever and had a weakened section at the top it would all go sideways - but in any case, the hydrogen wouldn't "explode".

Hydrogen is a whole lot cheaper than helium, which is very expensive, plus it has about half the "air" resistance in the covered section of track.

Much more cost-effective. I'd have thought.

UK gov issued 250k snoop licences in nine months

Peter Fairbrother
Boffin

Communications data demands and interceptions

The 253,557 figure is for communications data demands - which may be as simple as getting the address associated with a telephone number (RDQ's, reverse directory enquiries, in the parlance) which account for the majority of them, or as invasive as getting a list of numbers called, or tracing someone's movements from their cell 'phone. I can't recall the figure for the previous year offhand, but it wasn't very different.

Actual telephone and snailmail interceptions are much rarer, and require a warrant signed by a Minister - according to the report there were 1333 warrants issued by the Home Secretary in the nine months it covers in England and Wales, and 104 in Scotland. This is actually #down# on the previous 2005 figure of about 2500 (from memory). This does not give the entire picture, as warrants issued by the Foreign and Northern Ireland Secretaries aren't included, but those are generally thought to be less in number .

I have long thought and said that RDQ's should be separated from more invasive types of communications data demands, but the Home Office weren't listening. It's probably fine that eg a Senior Policeman signs a RDQ request, but IMO the more invasive requests should require a Court order. Apart from that and Ministers rather than Courts signing interception warrants, I don't think parts I and II of RIPA, which cover this stuff, are actually all that bad - unlike part III, the coercive demand-for-keys part, which stinks.

Colossus faces off against PCs in code-breaking challenge

Peter Fairbrother

Re: Why did Churchill order the original device destroyed?

"Why did he want it destroyed? Was it simply a question of economics, and they needed the valves for something else, or was there some other reason?"

Churchill ordered them dismantled/hidden because he wanted to keep the achievements at Bletchley secret, mostly the fact that Enigma had been cracked.

The Allies then sold Enigmas to many other governments after the war. They were in use until about 1970 or so.

Plastic police to enforce London bag ban?

Peter Fairbrother

Plastic bags are green (-ish)

A lot of twaddle is talked about plastic bags (which are almost universally made from polyethylene not PVC btw) being bad for the environment.

They are messy, sure, but non-biodegradable bags can in some ways be good for the environment, or are at least neutral.

Plastic bags are made from oil. The oil is taken out of the ground, where it is doing no harm and has successfully sequestered the carbon in it for millions of years. If the oil is made into non-biodegradable plastic bags and these are returned as landfill, little or no carbon dioxide is produced, and the carbon is returned to the ground,where it does no harm - in fact it may be doing good, as the presence of plastic sheet in landfill slows down the rate at which the rest of the landfill ferments.

Alternately, the oil will be burned in cars instead, and the carbon released.

As an aside, I don't know what idiot or spinmeister came up with the idea that biodegradable plastic bags are "greener" - they may lessen the mess from discarded bags, but they allow the carbon to be released into the atmosphere, increasing greenhouse gases.