Pending the publication of the RIPA Commissioners' Annual Reports, which might possibly be online on Tuesday or Wednesday, we would like to remind journalists, broadcasters and bloggers etc. not to confuse the meaningless statistics on the number of Communications Data requests (hundreds of thousands ? How many Subscriber Details, how many Location Data request, how many full Communications Traffic Data history requests ?) , with the meaningless statistics about the number of electronic communications Interception Warrants and Certificates (a couple of thousand ?).
A single Warrant or Certificate supposedly signed personally (except when it isn't) by the Home Secretary or the Foreign Secretary, might authorise mass snooping on multiple targets, or on, all transatlantic cable traffic etc.
- How many RIPA PArt III section 49 notices for cryptographic de-cryption keys or de-crypted plain text have there been in the last year ?
- Will there be any more criticism of the lack of a legal basis for the vast Automatic Number Plate Recognition national database ?
- Following the various Police fishing expeditions in Parliament against MPs and their constituents correspondence and emails, what about the Wilson Doctrine ?
Meanwhile, you might wish to read some detailed documents (in English), which describe how Lawful Interception of mobile phone and broadband internet communications is done in Switzerland.
Unlike the United Kingdom (which relies on potentially easily faked plaintext emails and callback telephone numbers) , the Swiss mandate the use of OpenPGP strong encryption and digital signing of emails, and of encrypted OpenVPN virtual private networks for handling their Lawful Intercept requests, authorisations and data.
Why can't we the British public, be absolutely sure that something like this, or better, is done as standard here in the UK ?
See the documents published by Die Wochenzeitung (WOZ) weekly newspaper:
- Die Wochenzeitung: Mit dem Staat ins Internet - by Heiner Busch and Dinu Gautier (main article in German)
- Technical Guideline for the implementation of lawful measures for monitoring telecommunications - Swiss Designation: TR TS Technical Requirements for Telecommunication Surveillance) (.pdf) (in English)
- Lawful Interception of telecommunications traffic - Organisational and administrative requirements (OAR) (.pdf) (in English)
The use of Strong Encryption is not, of itself, a magical panacea, but it should be the routine, normal, standard practice, for any professional, competent, trustworthy organisation with access to privacy or security sensitive data.