Spy Blog - SpyBlog.org.uk

They took oral evidence from Lord Carlile of Berriew QC, the independent reviewer of terrorism legislation

Lord Carlile: "...Journalists on the whole, if those present will forgive me, are rather lazy and they like to have stories written for them, by and large, and do not like to look in rather dense resources,..."

[...]

"...I have said that the number of section 44 searches under the Terrorism Act could be reduced by 50% without damage to national security and the number of Schedule 7 stops at ports could be reduced by the same proportion without risk to national security...."

They took oral evidence on Computer Encryption from Professor Ross Anderson, Professor of Security Engineering at Cambridge University and chair of the Foundation for Information Policy Research, Mr David Lattimore, Technical Manager, Digital Crime Unit, LGC Ltd, and Mr Peter Sommer, London School of Economics.

Professor Ross Anderson: "...Encryption products nowadays tend to be either good or useless and if they are good then you either guess the password or you give up..."

[...]

"...given the extremely low prevalence of encryption use by bad guys, quite frankly you would be better getting after them for tax evasion or social security fraud...."

[...]

"Mr Lattimore: I was involved in NTAC. I am not going to go into too much detail about it. I set it up with a number of other people and I was operational in there for a number of years and our success rate was very, very good, but it is not just a matter of brute forcing encryption, there is a lot of work that goes in by a team of people that all work together, all with different skills and that is the way forward for dealing with encryption in the future.

Q136 Mrs Dean: If the police had twice as many computers and skilled operators, would it mean that they could achieve the results twice as quickly as they do now?

Mr Lattimore: No. The police would never ever be able to deal with this type of encryption because (a) they have not got the time and (b) they have not got the hardware to deal with it because you do need specialist hardware which most police forces cannot afford to purchase and that is the beauty of NTAC.

Q137 Mrs Dean: So what you are saying is that there are the resources available but the police have not called on them, are you not?

Mr Lattimore: Some police forces call upon them and some do not. Some see it as they have failed in what they are doing. Some used to use us all the time and our success rate was in the 70% range which was very, very good."

NTAC = National Technical Assistance Centre is co-located with MI5 the Security Service:

To provide technical assistance to UK law enforcement and intelligence agencies in order to assist serious crime investigations and national security activities. This assistance includes access to and delivery of warranted intercept.

Tel: 0870 000 1585

[...]

"Q141 Chairman: Taking Professor Anderson's point, can you think from your own personal experience of a case where somebody or a team has worked flat out for 90 days?

Mr Lattimore: Yes, myself. I have worked on cases that have taken longer than 90 days to crack. I am not going to go into the techniques I use because I want to keep them out of the public domain. You do a lot of work in the background before you mount the attack on the encrypted data and once that work has been done you have got somebody else that may have to write a programme to attack the data, then you put it onto a very big computer and the work goes on. If it is not done after 28 days you are not going to get it done at all. It normally comes about very quickly once you have done the initial work. That work used to take me three or four weeks. I would be sat at my hard drive doing a lot of biographical programming on a suspect for three or four weeks. It is very time-consuming work."

[...]

"Mr Sommer: Trying to interpret Parts 1 and 2 of RIPA, whether it is content or communications data, is becoming increasingly difficult because of the problem of legal interpretation. This has all been drafted in terms of you can make a distinction between the voice component and the traffic component, who contacts who, when and for how long, and it makes it much more difficult when you are dealing with e-mails or web-based e-mails or voiceover Internet protocol or things like that. There are going to be problems which are completely unavoidable."

They took oral evidence on Mobile Phones from
Mr Darren Greener, Systems Technology Consultants Ltd, Mr Vinesh Parmar, Telecoms Forensic technical manager, Digital Crime Unit, LGC Ltd, and Mr Greg Smith, Principal, Trew & Co

"Mr Smith:One cannot use one particular technical problem to hijack everything as I do not think that is correct. If you obtain a mobile telephone that has no PIN or PUK connected to it, there is no reason why you cannot turn the evidence round within seven days. People are concerned that if they have a mobile telephone that has been password protected three or four times and that causes delays then everyone should quote the worst case scenario but that is not the case. We are not dealing with the worst case scenario. If somebody picked up 20 or 30 mobile phones you may find one or two are problematical but the others would not be a problem at all."

[..]

"Mr Smith: Yes, I would say that is quite correct. There is a section where, if you allow an individual or an individual is smart enough to put all the passwords and identity numbers in place, you can have on the 3G up to 16 different passwords which would take you a long time to crack. Most people do not bother; that is the truth of the matter, so 90 days, yes, but I think that must be scrutinised very carefully as to the reasons for that."

"Q153 Chairman: How long does it normally take for network providers to provide the necessary information?

Mr Parmar: It depends on the level of the crime. They have got to have five levels and they are graded one to five.

Q154 Chairman: What about if it was a terrorist case?

Mr Parmar: Level one is a threat to immediate life. So it really depends on whether the particular terrorist incident dictates that. If it is a level one incident then it is usually within two to three hours or, for the worst case scenario, it would be within 24 hours that the information would be available. That is not just obtaining data from the UK networks, that is also obtaining data from non-UK networks."

[...]

"Q166 Chairman: Can I just check one thing for my understanding? What I think you are all saying to the Committee is that the challenges here are not actually the handset issues. The challenge in terms of understanding and analysis is the records from the phone companies of the calls made and so on. Is that broadly right?

Mr Smith: Broadly speaking that is correct."

The Regulatiion of Investigatory Powers Act 2000 was mentioned, regarding:

• the current prohibition on the use of Electronic Intercept evidence in court, (rather than for intelligence purposes)
• the still as yet not brought into force Part III which deals with Encrypted data,
• the increasing difficulties of distinguishing between "content" and "communication traffic data" under Part I and Part II.

Various NuLabour members of the Committee got the experts to admit that there could theoretically be cases where either computer encyption or mobile phone evidence gathering difficulties could posssibly take 90 days or more to investigate or analyse.

References were made to the letter by Assistant Commissioner of the Metropolitan Police Andy Hayman, which which we thought worthwhile transcribing from the usual Home Office locked "no copy and paste" Adobe PDF format, in order to give our readers the chance to see just. how weak the justification for "90 days" was. Worryingly. this letter now appears to have been censored or removed from the Home Office website,

No references were made to Prime Minister Tony Blair's uninformed "Gigabytes to Feet" soundbites on the topic of the alleged amount of computer evidence as a justification for "90 days"

There was also no mention of Chancellor Gordon Brown's comments on extending the 28 days period, which has not yet even passed into law, under the monitoring of the Independent Reviewer i.e. Lord Carlisle, which Gordon Brown uttered in his speech on Monday 13th February. We wonder if Gordon Brown actually bothered to consult Lord Carlisle on this issue.