>Clive D.W. Feather
...
>Calling this "NCIS carnivore" is misleading. It's concerned with
>transaction logs (who logged in when, web site logs, the sort of thing
>covered as "communications data" in RIP). Nothing to do with
>the contents of phone calls or email.
Carnivore does both. Note proposals in 6.8 (below) that allow Agencies to
maintain their own databases, mix-and-matych souced however they see fit.
"Inter-connectivity between certain CSPs and the law enforcement agencies
(LEAs) has provided direct, automated access to data"
"that LEAs have retained this data means it can be quickly analysed in-house
with information from other sources to develop intelligence on the global
scale....LEAs need the statutory authority to maintain their own
communications data intelligence database."
>I've been aware of these proposals for some time. Basically, the police
>*have* the power to obtain this data *where the CSP has
>retained it*.
After RIP yes. Shame NCIS didn't see fit to tell Parliament about all this
when it was going through.
>could be useful, and for ease of access (under lawful
>authority, of course) consolidate it in a single database.
Nope. There will be many different databases sprawling across Whitehall as
well as the centreal data warehouse
>It is pointed out that defence lawyers have use for such data as well.
Isn't this nonsense? The authorities may use this information to demolish
false alibis, but the defence could not rely on communications data to
verify an alibi, since there is never any assurance that a particular person
made a call or was online - otherwise you would get people laying false
alibi trails just by lending their phone or passwords to eachother.
All that "interests of justice" baloney is just got up to provide flannel
for ministers spouting "striking a balance". There is marvellously careful
wordsmithing whenever Criminal Cases Review Commission are mentioned in the
NCIS document. Between the lines I bet they are saying "crap idea for
corroborating innocence, but handy for eliminating bogus appeals by the
guilty"
--
Caspar Bowden Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at: www.fipr.org/rip#media
6.8 RETENTION OF DATA OBTAINED BY POLICE AND CUSTOMS
6.8.1 The retention of communications data for evidence or intelligence
purposes once obtained by police and customs is another important area,
which needs to be addressed in parallel with retention by CSPs.
Inter-connectivity between certain CSPs and the law enforcement agencies
(LEAs) has provided direct, automated access to data. This has made good
commercial sense in relation to high volume areas, such as
subscriber-related and billing data. For example, over the past 12 months
the Metropolitan Police Service SPOC required access to 63,590 subscriber
details and 4,256 billing accounts. Consequently more CSPs are going live
with these services relying on the expedience of secure electronic transfer
of data to the LEAs via the Internet.
6.8.2 Most Police Forces and HM Customs and Excise retain such data obtained
electronically on their own individual databases, in particular subscriber
identities and itemised billing. Where such systems do not exist, such data
is held by the Agencies in paper form. The data relates to specific
investigations and includes information that may originally have been sought
for intelligence purposes only. Most of that data will have been retained
regardless of whether or not it was subsequently produced in evidence. All
the data will have been lawfully obtained under the Data Protection Act
exemption provisions or through the Courts by way of a Production Order.
Having acquired it lawfully, there is no appropriate authority allowing
further retention.
6.8.3 These databases are an invaluable tool enabling police and customs to
search for association links between live and past investigations where they
cut across each other. It is vitally important to identify where the same
criminal elements are involved in a range of activities over many years,
most notably when significant individuals, who have been dormant for some
time, become active again.
6.8.4 The fact that LEAs have retained this data means it can be quickly
analysed in-house with information from other sources to develop
intelligence on the global scale of organised criminal groups and thereby
identify the full extent of their operations and associates.
6.8.5 LEAs need the statutory authority to maintain their own communications
data intelligence database. It is proposed that the agencies should be
regulated in the following manner. Access is subject to the provisions of
RIPA; A designated chief officer has oversight; Data less than 12 months old
should be available live; and After 12 months the data can be archived and
retained for a maximum of 6 years. Reviews are undertaken to ensure that the
purpose for which data is retained is still relevant. After 7 years all data
must be deleted. The Commissioner proposed under RIPA should be similarly
able to audit applications to access the Agencies' archives. [Recommendation
7.4]
