The stupid thing about the Gloucester fiasco is that the police don't need to examine anyone's computers to prove whether or not they've been downloading files from monitored web links. They can do all that simply by passive surveillance, looking at browser fingerprints. After all, the constabularies buy and sell Big Data. Used to be called business intelligence but tomato/tomayto, the media catch them buying, and from information they themselves have put in the public domain they sell the data from their (unregistered, unaudited, and undisclosed to the parliament) "intelligence" databases at vast profit. By inference they can buy the information if they don't already have it. Remember the Snowden-Schneier conversation: "It's not that the NSA woke up one morning and said, 'We want to spy on the Internet.' They woke up one morning and said, 'Corporations are spying on the entire Internet; let's get ourselves a copy'“.
Conclusion: paying swarms of police to go around arresting people based on IP addresses and confiscating their computers is just inept and costly bastardisation (unless of course it's intended, thus an act of terrorisme (sic), pour encourager les autres...)
I'm thinking of writing a pro bono app for the UK constabularies to identify automatically whether data subjects' computers have been compromised in the Gloucester fashion; and then automatically to email the subjects as to the fact. Would cost the police nothing in labour or money; and would be a very valuable public service. This of course is a subversive proposal, as it would put the police to strict proof as to whether their objective is to protect the public, rather than ramping up the politics of fear. The only downside is it would require the police/security services to plug in the relevant data (via API, not manually) thus exposing the scope of data processing operations, so it would be still-born. So I probably won't do it... In fairness to use it as evidence it *might* (I'm not updated in this area) also require the special judge's formal permission to collect the subject's browser fingerprint, which would mean actual paperwork, but that's bound to be cheaper than running around arresting people at random.
However, it also might exacerbate exemplary damages in wrongful arrest, and its siblings false imprisonment and kidnapping, if it subsequently emerges they already had proof of non-involvement. Likewise if they even had the ability to determine non-involvement: interestingly, matching browser fingerprints is not a difficult technique to learn manually, I could teach it to laypeople such as coppers in 5-10 minutes. Any other lawyers or IT developers are welcome to develop these ideas.
Biting the hand that feeds IT
