Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014

Sat 16th Sep 00:31 2006: It's not F1, it's not ID, so it must be Security... RIP

Scrambling for Safety #8 (they convened with the Home Office in August... here is their agenda, annotated with the slides (PDF). Brian Gladman's slides make the obvious statements that GOV.UK security has always been based on security through obscurity, and closed-source models, and why this is a silly idea.

I've not read the rest properly yet, but BBC summed it up as "Police decryption powers 'flawed'".

When I was a sysadmin, I found the Regulation of Investigatory Powers Act (RIP) unbearable (I could have sworn that I blogged that, but I can't find it); now I'm not, it's even worse ;-0

RIP has been well documented, though poorly publicised. GOV.UK basically told me, as an email administrator, that if they wanted to see any email that passed through our system (same goes for any other UK server), that if they asked me for somebody's mail traffic, that:
(a) I must provide it
(b) I was not allowed to informed the "victim"; otherwise I would be in breach of the RIP Act.

So - even if they told me that they wanted my MD's emails, I would be legally obliged to provide it, and legally obliged, if he asked, to lie.

Unfortunately, as I'm no longer the admin for any of my email accounts, I'm on the other side or the RIPA coin... if my emails are requested, it would be illegal for the informant to inform me that it had happened (maybe it already has happened - I would only know if an admin had taken the risk of illegally informing me).

Anybody heard of a certain G. Orwell, who wrote a book in 1948 about the year 1983... or was it 1985? Sometime around then, anyway. I've got a feeling a book was written; you never know, it may be relevant.

Fortunately, I was never put in such a situation (I think that I'm allowed to admit that much!) It seems that they are still beating out the details, six years later. It gives me some hope that they have got the Cambridge guys onboard; http://www.lightbluetouchpaper.org/ - they often come up with sensible answers to silly questions.


Comments for 'It's not F1, it's not ID, so it must be Security... RIP'

Mon 18 Sep 2006 @ 12:35 GMT : lou (Anonymous Poster)
sorry Steve - didn't meant to categorise your posts so completely! I remember my dept. once being asked by the police to look for some info when I was at icl. But we didn't find anything so there was no issue!
Mon 18 Sep 2006 @ 13:19 GMT : Steve Parker
:-)
But it's true ;-)

You could post a comment if you were logged in.

You are logged in as 0

create an account

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org