It’s very hard to work out exactly what UK policymakers think they are aiming for here… quite possibly because their own understanding is less than perfect.
In the parliamentary debate yesterday, the Home Secretary repeatedly referred to retention of “the first page or device accessed by a user”. I don’t think I know what that means. I also wonder, for instance, how that would work in a “portal”-style environment, where a single “landing page” could contain dynamic content elements. Nor is it clear to me whether, once I visit a site, my CSP would have to log the “first connection” my browser gets to each embedded third-party-served element on that page (e.g. ads, ssh sessions etc… etc…). If it does, there’s potential for this measure to result in volumes of data that are so large as to be increasingly unusable. (Obviously, as a privacy-concerned citizen, if the interceptors drown in data, I can see an upside in that ;^) ) I will be looking at the detail of the Bill over the coming days, and no doubt ISOC will be publishing some analysis, comments and conclusions. Yrs., Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: [email protected] Phone: +44 705 005 2931 Twitter: @futureidentity On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall <[email protected]> wrote: > (moving a thread from Stephane on dns-privacy here to perpass) > > I wanted to highlight for perpass the draft UK Bill [1] that dropped > yesterday. > > It includes the following language in Section 71(9) that ISPs, on > notice, will need to retain the following for one year (and, yes, some > of this is completely crazypants and totally unclear how to map these > concepts onto technical concepts): > > ---- > > (9) In this Part “relevant communications data” means communications > data which may be used to identify, or assist in identifying, any of > the following— > > (a) the sender or recipient of a communication (whether or not a person), > (b) the time or duration of a communication, > (c) the type, method or pattern, or fact, of communication, > (d) the telecommunication system (or any part of it) from, to or > through which, or by means of which, a communication is or may be > transmitted, > (e) the location of any such system, or > (f) the internet protocol address, or other identifier, of any > apparatus to which a communication is transmitted for the purpose of > obtaining access to, or running, a computer file or computer program. > > In this subsection “identifier” means an identifier used to facilitate > the transmission of a communication. > > ---- > > While the press before had highlighted this bill would require > retaining "web browsing history" it seems both somewhat worse, and > potentially Netflow data for what seems like all an ISPs subscribers. > > Wondering if others have thoughts. > > best, Joe > > [1]: > https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf > > ---------- Forwarded message ---------- > From: Stephane Bortzmeyer <[email protected]> > Date: Wed, Nov 4, 2015 at 10:28 PM > Subject: [dns-privacy] We'll have stakeholders in Great Britain... > To: [email protected] > > > http://www.bbc.com/news/uk-politics-34715872 > > The bill will force companies to hold "internet connection records" > for 12 months so they can be requested by authorities. > > Such data would consist of a basic domain address, > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > > > -- > Joseph Lorenzo Hall > Chief Technologist > Center for Democracy & Technology > 1634 I ST NW STE 1100 > Washington DC 20006-4011 > (p) 202-407-8825 > (f) 202-637-0968 > [email protected] > PGP: https://josephhall.org/gpg-key > fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
