[asterisk-biz] UK proposed wiretap legislation

[Trixter aka Bret McDanel]

On Thu, 2008-05-22 at 09:15 +0100, Steve Kennedy wrote:
> On Wed, May 21, 2008 at 11:17:02PM +0200, Trixter aka Bret McDanel wrote:
> 
> > I want to be clear, this is *proposed*.
> > Basically the UK gov is working on a database that would have at least
> > CDRs, email headers, and web requests (the headline suggests that
> > content is also preserved, but I do not get that from the article
> > itself, basically its unclear).  
> 
> The UK already has legislation under The E-Commerce Act, RIP Act,
> Communications Act etc, the Comms Act covers anyone providing an
> electronic communications service (and the obligations get more onerous
> if you're offering Public ECS). They apply to EVERYONE not just the old
> traditional telecos (to people providing service in the UK).
> 
> ISP/ITSP/Telco/s all have to maintain various records, it's just now the
> Government want to be able to store the data in a central location and
> do what they want with it. They already have some of these facilities
> under RIP (under legal intercept rules). Depending on how big you are
> depends on whether you have to include RIP facilities as part of your
> infrastructure or the spooks will fit their own (and it's an offence to
> tell anyone if you've had a RIP warrant served on you too).

that is how I understood the article, and the records have to be for 1
year or something.  The big difference as you pointed out is that the
government would have the database without the need to actually goto the
ISP/ITSP/etc to get the records.  There is the potential for abuse too,
if they have the data someone somewhere is going to access it in ways
that was not intended.  It always happens.  

If the government decides in its own best interest to look through them
without a court order, and then use that information to figure out who
are suspects and who arent, using more traditional police tools to get
something to be used in court how would anyone really know other than
those that are involved in doing it?

What is to stop them from data mining that information to create hot
lists of people?  What is going to stop them from adding to that
switch/credit card info (switch is a debit card type thing)?  Why not
medical records, wire transfers, anything else they can get and use that
too.  

Ok now its starting to get a bit off topic, so to bring it back in
focus, I think this is a dangerous thing, and there is time for those
that would be affected by it to actually attempt to challenge the bill
before its passed into law.  

There will also be a minimal cost of implementation to each ITSP that
provides service in the UK, as they will have to do something, whether
its uploading to a webpage or mailing in CDs or whatever there has to be
a way to get the data to the government, which will inherently have some
cost on cpu, staff, materials if any, etc.  Granted some of the costs
are fairly low, but it would be additional to everything else.

So if you dont object to a big database that is most likely going to be
abused (or data collected and "lost" as has happened oh so many times)
then you may object to the financial aspect of it.  Either way, if you
object I do encourage you to try to stop the law, and enlist the help of
customers, employees, coworkers, friends, etc.  

-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast +44 28 9099 6461        US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!