I should also point out, on a different part of the Bill, section 189, "Maintenance of technical capability" requires non-UK providers/companies to provide access to cleartext. e.g., this part reaches non-UK folks:
"An obligation specified in regulations under this section may be imposed on, and a technical capability notice given to, persons outside the United Kingdom (and may require things to be done, or not to be done, outside the United Kingdom)" :/ On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton <[email protected]> wrote: > It’s very hard to work out exactly what UK policymakers think they are aiming > for here… quite possibly because their own understanding is less than perfect. > > In the parliamentary debate yesterday, the Home Secretary repeatedly referred > to retention of “the first page or device accessed by a user”. > > I don’t think I know what that means. > > I also wonder, for instance, how that would work in a “portal”-style > environment, where a single “landing page” could contain dynamic content > elements. > > Nor is it clear to me whether, once I visit a site, my CSP would have to log > the “first connection” my browser gets to each embedded third-party-served > element on that page (e.g. ads, ssh sessions etc… etc…). > If it does, there’s potential for this measure to result in volumes of data > that are so large as to be increasingly unusable. (Obviously, as a > privacy-concerned citizen, if the interceptors drown in data, I can see an > upside in that ;^) ) > > I will be looking at the detail of the Bill over the coming days, and no > doubt ISOC will be publishing some analysis, comments and conclusions. > > Yrs., > Robin > > Robin Wilton > Technical Outreach Director - Identity and Privacy > Internet Society > > email: [email protected] > Phone: +44 705 005 2931 > Twitter: @futureidentity > > On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall <[email protected]> wrote: > >> (moving a thread from Stephane on dns-privacy here to perpass) >> >> I wanted to highlight for perpass the draft UK Bill [1] that dropped >> yesterday. >> >> It includes the following language in Section 71(9) that ISPs, on >> notice, will need to retain the following for one year (and, yes, some >> of this is completely crazypants and totally unclear how to map these >> concepts onto technical concepts): >> >> ---- >> >> (9) In this Part “relevant communications data” means communications >> data which may be used to identify, or assist in identifying, any of >> the following— >> >> (a) the sender or recipient of a communication (whether or not a person), >> (b) the time or duration of a communication, >> (c) the type, method or pattern, or fact, of communication, >> (d) the telecommunication system (or any part of it) from, to or >> through which, or by means of which, a communication is or may be >> transmitted, >> (e) the location of any such system, or >> (f) the internet protocol address, or other identifier, of any >> apparatus to which a communication is transmitted for the purpose of >> obtaining access to, or running, a computer file or computer program. >> >> In this subsection “identifier” means an identifier used to facilitate >> the transmission of a communication. >> >> ---- >> >> While the press before had highlighted this bill would require >> retaining "web browsing history" it seems both somewhat worse, and >> potentially Netflow data for what seems like all an ISPs subscribers. >> >> Wondering if others have thoughts. >> >> best, Joe >> >> [1]: >> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf >> >> ---------- Forwarded message ---------- >> From: Stephane Bortzmeyer <[email protected]> >> Date: Wed, Nov 4, 2015 at 10:28 PM >> Subject: [dns-privacy] We'll have stakeholders in Great Britain... >> To: [email protected] >> >> >> http://www.bbc.com/news/uk-politics-34715872 >> >> The bill will force companies to hold "internet connection records" >> for 12 months so they can be requested by authorities. >> >> Such data would consist of a basic domain address, >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dns-privacy >> >> >> -- >> Joseph Lorenzo Hall >> Chief Technologist >> Center for Democracy & Technology >> 1634 I ST NW STE 1100 >> Washington DC 20006-4011 >> (p) 202-407-8825 >> (f) 202-637-0968 >> [email protected] >> PGP: https://josephhall.org/gpg-key >> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >> >> _______________________________________________ >> perpass mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/perpass > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
