When a Ghanaian individual was recently abducted in the Netherlands having travelled through the UK, Dutch, Belgian and British police were able to close in on his kidnappers because of historic phone data they analysed. The man was freed from his captors, having suffered severe torture, and arrests were made as a direct result of information from phone records that might otherwise have been deleted. Such data was also critical in the conviction of a terrorist gang who set off bombs in London and Birmingham in 2003, injuring several people and causing millions of pounds worth of damage.

So how do either of these examples justify Data Retention for 2 years or more ?

National Criminal Intelligence Service:
Service Authority Annual Report 2001-2002

http://www.ncis.co.uk/downloads/NCISAnnualRep2002.pdf

Page 14

“CASE STUDY

International kidnap

The section supported a complicated and protracted
international kidnap situation involving Ghana, the Netherlands, Belgium and the UK.

The Ghanaian Police made an urgent request for
assistance. A Ghanaian businessman had been
kidnapped in Amsterdam, and taken to a stronghold
in Belgium. Ransom demands were made to his
family in Ghana. Criminals in the UK were controlling the hostage taking.

With the National Crime Squad, the section
coordinated the international response over 13 days and nights.

Strategy, tactics and negotiating advice were given to the investigating officers in Ghana. This led to a major international surveillance and intelligence gathering operation, which identified the Belgian stronghold.

After crisis meetings with all countries involved,
coordinated action in Europe resulted in the release of the hostage, who had been tortured.

Simultaneous arrests took place in London and throughout the Continent.”

It may well be that Communications Data Traffic analysis of current data was important for this case, but to claim that this justifies the retention of 450 million people’s data for two years or longer is beyond belief.

Such data was also critical in the conviction of a terrorist gang who set off bombs in London and Birmingham in 2003, injuring several people and causing millions of pounds worth of damage

What bomb attacks in London and Birmingham in 2003 ?

http://news.bbc.co.uk/1/hi/uk/2930957.stm

The trial of the Real IRA plotters took place in 2003, the bomb attacks and the investigation and the arrests took place in 2001.
see BBC news story
What “millions of pounds worth of damage” ?

7 people were injured and there was an estimated £200,000 damage to shop windows in Ealing, virtually no damage to the BBC, virtually no damage to Hammersmith Bridge, and virtually no damage to Smallbrook Queensway in Birmingham.

Is this really a posting by Hazel Blears ?

Thank you Mrs Blears for engaging in this debate. Could we please be told the age of the retained data that lead to the arrest of the Ghanaian individual’s kidnappers and their accomplices?

Previous “business cases” submitted by the Association of Chief Police Officers to justify data retention Satutory Instruments in 2003 turned out to rely on cases solved using data that was either substantially below or above the time limits that were being addressed.

Horrified but not surprised. Justification on demand, no direction relation to the facts.

Okay, so that I’m clear:

ISP’s and service providers for E-mail, Telephony and Instant Messaging (plus every other conceivable means of communication based on the inevtiable vaguenes of the act) will be required to retain headers for all communications – i.e. everything except the body of the message.

So basically all a professional criminal or terrorist organisation has to do is purchase their own server(s), host them with some ISP, and provide secure and ecrypted access (via web or other) to the content.

Naturally the logs kept by these guys will be either non-existent or complete crap.

All for about £1500 upfront cost and £500 a year for basic internet hosting.

Not exactly beyond reach for even the lest sophisticated of criminal/terrorist.

So either the legislation and our european leaders are very naive, or there is a hidden agenda.

Dr David Kelly died because the the UK government
identified him as the source of the story about
exaggerated claims in the WMD dossier. Is he not
reason enough to prevent governments from being
able to identify the source of anonymous
communications?

It is flabbergasting that the few examples used to justify such a large scale invasion of privacy are apparently flaky.

What about data on the cost to telecoms companies and tax payers of such measures? What about the loss of good will from the public.

Why spending so much on invasive powers to be used after the facts? Surely gaining more confidence from the public and spending more on intelligence work that may prevent some of these crimes would be money better spent?

br -d (a victim of UK’s “strategy for tackling terrorism”)

The novel 1984 is supposed to be a warning, not a manifesto, this is yet another Orwellian Fascist wet dream of Tony Blairs. As someone who beleives in the British people being able to go about their lawful business without interference from government, this is another attempt to impose their tyrranny on us, we fought Hitler and won, we will fight and win against these new fascists, if we are lucky we will see this sort of criminal behaviour by the government struck down in courts or by the Law Lords, who we should thank for keeping us free so far from Tony Blair and his criminal cabal, if we are unlucky we will have open warfare on the streets to keep us free.

This is, in-effect, a press release dressed up as a blog entry and sent to outlets like the Register by the Home Office, and I completely agree with the comment about 1984 being a warning and not a manifesto.

The Home Office has been at the absolute forefront of the dehumanizing tyranny going on in the UK. That is a regrettable situation but not debatable.

It is equally regrettable, that those like Ms. Blears think that by endlessly describing dehumanizing and sickening political choices as ‘necessary and proportionate’ that they magically become so. Unfortunately, nothing could be further from the truth.

2 points on data retention:

1.Long running logging of website visits (which as far as I know from other reports is part of this) is not the same as logging landline or mobile phone numbers called or received. Data retention for websites reveals automatically the entire interests, political affiliations and often deeply personal issues about a person and for that reason alone it is utterly intolerable.

2. It is child’s play for anyone to mask their activities on the internet, revealing nothing but useless URLS that do not pertain to the actual activity. Knowing that is the case, why would any government wish to retain data at all ?

Therefore the government have been caught lying again. This is all about crushing dissent, pushed through Europe by the backdoor and wrapped-up in a nice little Murdoch-friendly package of ‘tough on those nasty wasty tewwowists’.

The way I see it, the question the Home Office need to ask themselves quite seriously, is how their humiliating and degrading police state apparatus are going to be removed ? Will it be through them realizing they have got it wrong or will people be left with no choice but to make proportionate and necessary decisions in the circumstances to remove it themselves ?

I hope there will be some strong legal challenge to this within Europe. And I’m sorry to tell the Blair-fronted regime and their instrument of terror, the Home Office, that the world doesn’t revolve around grandstanding off of terrorism, misusing it and the fear of crime to rewrite society with, and the UK regime need to stop using doublespeak by fraudulently referring to ‘rights’ and ‘freedom’ in terms of the expansion of their horrifying police state.

Liberty is a hard thing to fight for, but it’s the only thing worth fighting for, and without it everything else is meaningless. In the end liberty will win, and those, like Blears, who have been paid to switch-off reality and paint black as white and up as down so as to rewrite society for their political masters will ultimately have to confront the consequences of their actions.

> This is, in-effect, a press release

Well, that’s how government communicates. Anyone who wants to engage with government rather than carp from outside has to get used to it. That’s the starting point. Obviously we hope it will change.

> dressed up as a blog entry

I run the blog. I asked for the piece. I posted it up.

> and sent to outlets like the Register by the Home Office,

Incorrect. Emailed to me. Posted to Ideal Government by me. The Register called & emailed me to check its provenance, which struck me as sensible.

> That is a regrettable situation but not debatable.

If you say its not debatable you don’t want to carry on the conversation. Ideal Government isn’t a podium for lectures. It’s a conversation about what the online community wants from e-enabled government. Everything is debatable, and those with closed minds will be more comfortable elsewhere.

In The Register, John Lettice’s whole point was that we don’t know where Ministerial participation in blogs will lead. We don’t even know if they know what they’re letting themselves in for. I agree.

I quite accept the points 1 & 2. Caspar Bowden made them very effectively on behalf of FIPR five years ago in the RIP Act debate. He dubbed it Big Browser.

The questions on my mind are:

- can they use comms data to investigate relatively rare instances of serious crime without mass systematic data retention?
- if so with what safeguards?
- how can we discuss and debate these issues before bouncing everyone into EU legislation?
- where do we go from here on this policy, which does strike me as an balance sinister and likely to further erode trust in on-line society.

I thought the Minister’s piece was OK – at least it gave some examples for why this is presented as necessary, so opponents start to know what they’re up against. But I was surprised her piece did nothing to assuage the concerns of the onine community. I did spell out to them that “My correspondence so far has been almost entirely with European NGOs who seem resolutely against the idea.”

So either they’re oblivious to it, or they just dont care what the online communities and NGOs think (the “they’re not real people” attitude we’ve seen elsewhere). I dont know – maybe we’ll find out. But “Our cause is just and will prevail” as they say each year at the Cliffe Bonfire Society.

It was Winston Churchll who said “Success consists of going from failure to failure without loss of enthusiasm”, and he could have been describing every Home Office initiative since this government came to power, starting with the Regulation of Investigatory Powers and finishing perhaps in some Orwellian future that few of us would wish to be part of. It’s not that politicians aren’t seeking the best most effective and proportionate solutions to the crime and terrorsim problem, it’s just that they don’t appear to have the imagination or the information available to grasp what is practical, sensible and in the interests of a civil society and what is not.

I applaud Ms Blears contributing to the debate in this way but it’s sad that what we were given resembles little more than a finely worked press release and not a real argument.

http://en.wikipedia.org/wiki/Paranoia

Far from engaging with the blogosphere, I suspect Hazel Blears isn’t even aware of this blog or the piece written up to go in her name.

E-mail data retention:

When is an ISP (“firm” in the post) an ISP? If I set up a mail server on my broadband connection, or even better, a dedicated server anywhere on the internet, and let some people use it to send e-mail, am I an ISP? Do I have to keep headers for two years? Do I have to register as an e-mail provider somewhere? What about e-mail anonymising services?

Telephone data retention:

OK for mobiles and POTS, but what about VoIP?

Sorry if these have already been answered by the government somewhere that I haven’t noticed.

Having been the prime movers behind the push for this EU Data Retention Directive during the UK presidency of the EU, it is the duty of the Home Office to explain, to the British public, exactly what the detailed impact of the EU Data Retention Directive is likely to be.

Apart from the inevitable costs to the consumer, which have not been spelled out, there must surely be changes to the UK Regulation of Investigatory Powers Act schemes that must flow from this Directive.

e.g. “EU data Retention plans implications for UK Regulation of Investigatory Powers Act”

Are their colleagues in, say the Department for Work and Pensions or in Local Authorities aware that, for example, the Directive specifies the European Arrest Warrant definition of a “serious crime” ? This will probably prevent the DWP or Local Authority Trading Standards or Environmental Health investigators from having access to “Communications Data”, for anything but actual serious organised gangs, but not individuals engaged in, benefit fraud, bankrupt or rogue trading, fly tipping etc. even to the realtively low level of access needed for, say, the registered name and address of a mobile phone number placed in an advertisment ?

Will the DWP’s legacy powers of investigation, which are used primarily to avoid having to pay a data access fee to telecomms and ISP companies, be trumped by implementation of the EU Data Retention Directive ?

The European Arrest Warrant mentions “terrorism”, but it does not mention espionage, which is not the same thing. Will our counter-intelligence services be legally hampered by this ?

The other massive change to the way in which RIPA etc. works in the UK would be the welcome introduction of independent judicial authorisation for access to Communications Traffic Data, which would be a big change from the current scheme. At present this involves self-authorisation by relatively junior or middle ranking police and other officials (more junior than those required to authorise electronic intercepts of the contents of phone or email traffic) with the weak rubber stamp audit of procedures and the annual censored report by the Interception Commissioner or the Intelligence Services Commissioner.

How will this all work in practice, how much will it cost, and what are the checks and balances against the abuse of power by corrupt or overzealous or incompetent petty officials ?

Will the Home Office dither over these issues as long as it has over the production of the Code of Practice on Data Retention introduced by the Anti-terrorism, Crime and Security Act of December 2001 ?

Does it really matter if Hazel Blears reads this personally or not ? If we are very lucky, this Ideal Government blog and perhaps a few others will have been added to the Home Officie’s political intelligence gathering / media monitoring operation funded by the taxpayer, which, according to Sir Stephen Lander (ex-DG of MI5 and now Chair of the Serious Organised Crime Agency) apparently monitors “newspaper column inches” on a topics and partially sets policy priorities accordingly, despite their colleagues having fed most of these stories to the media in the first place.

“Sir Stephen Lander, SOCA, setting priorities via tabloid column inches”

Surely this blog has a readership of “opinion formers” at least as influential as that of, say, a local newspaper ?

The only reason that Tony needs all these stupid laws is because he started an illegal war and really wants to cover his ass. I mean, with all the news that these awful laws produce, it probably distracts people from arresting his ass for committing the most gevious of all war crimes (a war of agression).

I think that others have talked about why this particular legislation will be in general ineffective, and thus a burden on business and a further erosion of individual liberty. I am sure a 30 (or 45) day period would have been equally effective. Of course all access should only be allowed with a warrant issued by the courts.

So we come on to the more important (at least as far as this site is concerned) issue of the government engaging with the blogging world.

First and foremost, is that blogging is a two-way process and I hope there is someone from Hazel Blears’s office at least reading the replies.

Secondly is the timing. I am sure that this would have been better some 6 to 12 months ago, not as an after-the-facts apologia.

Finally the location. Obviously it appeared here because of William’s sterling efforts in pushing the Home Office into communicating with us. In future it might well be better if all such communications (and hopefully they will evolve into dialogue and debate) from Ministerial level were in one easy to find, easy to archive place – sort of like the MySociety HearFromYourMP. In fact I would see it as a good use of public funds to invest in such a site now (after all doesn’t the govt. bemon public lack of involvement). On a more sour note we have also started to see the bad side of online communication – petty abuse unrelated to the subject at hand. It is likely that such abuse would proliferate on such a site so it is likely to need a full time admin.

The terrorism argument is an important one, but it is important to realise that the data retention plans pre-date “9/11” by at least a year. This would have been enough time to get similar legislation passed in the UK. A year before “9/11” the police, criminal intelligence and security agency proponents pushing for legislation like this raised questions of legality under human rights and privacy laws. (http://cryptome.org/ncis-carnivore.htm) The current state of a affairs may leave people wondering if this was a case of “policy laundering” a controversial policy trough the EU small (maybe even obscure) justice and home affairs council, minimising UK oversight, at a time when few would dare asking questions. (This also avoided questions from people who know what IP packets are, how many very different public communication networks there are and what a terabyte of data looks like.)

Legislation with such a question hanging over it cant be the prettiest result of the UK presidency, but I can imagine that some people will rather talk about this than the budget deal.

For every example of law enforcement, intelligence or others using traffic data “for good” there are examples of its use going terribly wrong. These simply haven’t been heard in the limited debate.
I like to point to the example (dutch: http://www.netkwesties.nl/editie124/artikel1.html) of a Dutch woman who was arrested early in the morning by six police officers at her home. A threatening E-mail was supposedly send to a celebrity from a phone for which her name was apparently in the billing records. During the interview that follows after many hours in a police cell she keeps her cool. After a long talk the investigating officer finally confronts her with the “evidence”. A piece of paper with her name, a phone number and the address where she lived ten years ago (but wasn’t picked up early in the morning). She quickly points out that she never had a phone with that number or from that provider. She manages to figure out that here personal detail might have been used by someone who stole her car and papers a couple of years back.

The investigating police officer lets her wait while he “checks her story”. Later he lets her go “based on her background, appearance and education”.. which begs the question? what would have happened if she had another skin color, was just laid of and/or went to a different school? It turned out the police had mistaken the pre-paid phone for one for which a contract was signed with a billing address. Even then the bills wouldn’t have been paid at a decade old address, which isn`t where they picked her up…

But that just an unlucky example from which no conclusion can be drawn right? No one in the debate took the time to realise why this is an important example regardless of which side you are on..

What if the sender of the threat had really hurt the target of the threatening e-mail?

Would the perpetrator have framed an innocent person, or would a defence attorney successfully explain the police the difference between a phone number and a social security number thus cutting the legs from underneath any future attempts to use traffic data (collected at billion Euro costs Europe wide) as evidence in a court of law? What about organisations that don’t haul people in for questioning but just start spying on a person?

But you can ask whether one would want legislation passed based on a few examples that supposedly demonstrate usefulness anyway. In my opinion its a shame that legislation that initially demanded colossal changes to the huge multi-billion Euro communication infrastructure was allowed to pass without any research into the usefulness, cost or or impact of the legislation. (Asking the people that came up with this plan to try and prove who send them an offer for products that can “enhance” various body parts should adequately demonstrate that E-mail protocols aren’t designed for this.)

Would the EU ever pass environmental legislation without at least considering a serious impact study?

To use the data retention “victory” as a measure of UK success in its EU presidency could invite scepticism.
The original “plans” were never specific or feasible and have been watered down significantly because of this. But some of the changes to the early legislative proposals are more likely to be the result of opposition than of a late realization of the inherent problems in the actual plans. Or rather any less sci-fi plans that might be drawn up now the legislation is done.
Because of the mysterious deal that killed any debate before the arbitrary years end deadline that the UK (and/or others?) are rumored to have imposed in the parliament few will use this legislation as a shining example of European democracy or an inspiring UK presidency in action.

This post comes through the “tor” onion routing network, don’t bother figuring out who send it.

You are possessed with astonishing naivety and arrogance in this government. I can only assume the current political class of “scarcely elected” political animals in western “democracy” either don’t have a clue about IT or technology as such.
For every electronic measure, there is an equal and opposite electronic countermeasure, whether it be radars, e-mail, spam, or simply speaking languages with a rare alphabet. In the case of governments attempting to interfere with the liberty of the individual in the (vain) hope it will gain the approval of the majority, the main reason why the UK never became a dictatorship in the past was not because of anything basically humane about the British (read English) character but because of the hopeless incompetence of the bureaucracy compared with other countries like France, Germany, or Russia.
We can only hope, despite the harvesting of MASSES of information by the US (despite them being unable even to find a single person to read arabic before 9-11) and the UK, then hosting them on easily hackable databases, that those in power (with a small P)but convinced of the need for “big government” will be the final guardians of our liberty by their total incompetence.

Well it’s encouraging to see you reply.There’s a lot here so I’ll do one subject at a time….

It is easily and readily proven, because you make no effort to protect this page from being harvested by spambots (again I refer to my previous post showing how technologically ignorant you are in government,- and you have just proved it!), that were I to post with my REAL e-mail, I would by now be faced with an immediate influx of extra unwanted mail onto my E-mail server which as it happens is hosted in the Russian federation.
So far I take great steps only to be harvested by Russian spambots not English language ones (!!!)

This again illustrates how stupid the proposed (and now enacted) new EU legislation is with reference to both privacy and intercepting & retaining communications.
By mere comparison,- no-one in Russia would permit you to intercept my mail, no matter who made the request,- probably in fact because it already is by the FSB,- the successsor to the KGB, and you would be treading on their feet….
In fact:-
I have very good evidence to suggest foreign passport holders in the federation routinely have ALL their SMS comms intercepted, as it is extemely poorly protected and easy to detect when those SMS traverse the international border comms gateways.
SMS,- it’s unencrypted data,- but do you realise what route you are treading?
I mean I EXPECT this sort of behaviour generated by a government as corrupt and paranoiac as that of Putin. He is after all a KGB man, but I don’t expect this from what is supposed to be the great historic democracy of the world, with habeas corpus!
To have my data intercepted at a whim, by some faceless bureacratic organisation in the UK,-who may be given the right to charge up to your home at 2am,- who knows, it’s what they do for no reason at all with police on Traffic duty (!) -
I mean they can’t even enter the right info on a computer in DVLA, or verify the driver of a vehicle is the real owner or not….WHAT hope is there for the presumption of INNOCENCE which is going out of fashion so fast, you could blink and miss it!
A final comment on government competence again.

Surely the head of MI6 should have been fired in July 2005, after confessing to not knowing in advance of the imminence of small time terrorism on the mainland UK.
All the paranoia about legislation that came after. It’s so pathetic,- I can remember the regular IRA bomb scares in London in the 1980s, and did they need to disfigure the palace of westminster with concrete blocks, like anti tank barriers then, monitor mobile phones et al?
Did they need this latest legislation for countering the mafia and detecting the killers of Falcone in Italy?

I mean the IRA even managed to fire a rocket at No10 in the 80s, and tried to blow up M Thatcher in Brighton. Did it give us this media pow-wow we got in July, and more FUD?
Don’t tell me you weren’t warned before 7/7 last year and 9-11 in NY.
I mean there have been programmes on the BBC years before, showing UK home grown loonies were going to sacrifice themselves for “jihad”, (always shown with appropriate masked interviewees) and Bin Laden tried to get WTC blown up 7 years before finally finding the right demolition techniques.

What is profoundly worrying is you ACTUALLY appear to believe what you are doing will work and make our modern world safer, despite proof that amongst others that Iraq is training an entirely new breed of terorist, and both the British and the Americans are paying for it,- just like they did with Bin Laden (who make no mistake was trained and financed by the CIA to fight the Russians in Afghanistan,- no wonder he is so skillful at getting away!)

There is no greater delusion than self-delusion.