[cryptome] Re: A Question of Trust.. Report on Investigative Powers UK Govt 2015

  • From: "Douglas Rankine" <douglasrankine2001@xxxxxxxxxxx>
  • To: <cryptome@xxxxxxxxxxxxx>
  • Date: Sat, 13 Jun 2015 15:02:33 +0100

Hi Shaun,

The trouble with being honest, is that one soon gets found out. So said
Oscar Wilde in "A Picture of Dorian Grey". Funny when one contrasts it
with Cardinal Richelieu... J.

I am pleased that you can see the nature of the problem. A couple of years
back me and me missus bought a house. Apart from visiting the place and
meeting up with the owners, the whole transaction was done via the internet,
from contacting estate agents, conveyancers and solicitors to emailing the
necessary documents. If you have ever purchased and sold a house, you will
know that there is a lot of paperwork, from asking questions of the owners,
to asking questions of the local authority and the Land Registry, and both
sides of the buying and selling establishing each other's identities, land
title, exchange of bank account numbers, birth certificates and other
identifiers. Once all the preliminaries were done, the contracts were
exchanged and money was transferred between our bank and that of the
solicitor acting for the seller. It was all done very quickly and very
cheaply. All of this was done by sending the documents, or legally
acceptable documents, via email and attachments. Due to the amount of
information and the sensitivity of the information in terms of personal
identifiers and of course not forgetting the money, and the fact that the
email system was open or not enciphered, we used three methods, one entailed
going to the secure websites of the conveyancers, estate agents and
solicitors, the other, I used WinZip or winrar, one or t'other, and wrapped
it up in a password, after which I did a test, sending it back to myself to
see if I could open it. When I found out that it worked, I phoned the
recipient, explained what I was doing and gave them the password. Some of
our colleagues might disapprove of such a method, or methods, but it
worked, as far as I was concerned.

It was only later that I found out that the secret intelligence services
have a policy of collecting all encrypted communications and keeping them
until such time as they can decipher them. I wasn't so concerned about that
when I found out, because I wasn't money laundering or doing anything wrong,
but I just felt that being placed on their books, so to speak, for
protecting my identity from criminals and criminal behaviour, was a bit
much...almost as if I was being punished, branded, tagged for doing the best
I could to protect my identity and my property as a private citizen; and
shouldn't they be out there catching real terrorists and criminals, with tax
payers money instead of targeting me, because they find it more convenient
and cheaper to sweep us all up into their storage banks, at great cost to
the taxpayer, I might add.



From: cryptome-bounce@xxxxxxxxxxxxx [mailto:cryptome-bounce@xxxxxxxxxxxxx]
On Behalf Of Shaun O'Connor
Sent: 13 June 2015 12:57
To: cryptome@xxxxxxxxxxxxx
Subject: [cryptome] Re: A Question of Trust.. Report on Investigative Powers
UK Govt 2015

Good find there Doug,
I am reminded of some correspondence I had with a company that was using a
third party for age verification based on supplied information from a person
wishing to verify their age,.
the company claimed that the the data path between itself and the third
party was secure and that all identifying data would be erased, I argued
that even in the event of such data erasure there would still be trace data
remaining in the network since there would not necessarily be a direct one
to one path between the involved parties. I therefore concluded that the
public where being misled, ( other legal issues relating to personal data
and jurisdictional issues where also touched upon).

Ultimately the company concerned ceased its age verification program
following the conversation.
So yes most definitely the question of storage, security and deta erasure to
a sufficiently acceptable degree of reliability is a very knotty question
that, in my view warrents close scrutiny.



On 13/06/2015 10:41, Douglas Rankine wrote:

See url: http://cryptome.org/2015/06/question-of-trust.pdf

Page 33.

"Show me six lines written by the most honest man in the world, and I will
find enough therein to hang him." Cardinal Richelieu

Dear Colleagues,

As I was reading through this report (A Question of Trust) I came across the
above quote very early on, which I thought expressed so well, the way that
many folks feel when it comes to all this massive collection and storage of
all data pertaining to the internet of things. I am working my way through
the document, which I am finding quite interesting and easy to read and it
is most helpful in my getting a better understanding of the issues involved,
particularly the historical aspects and its width and breadth.

I would recommend reading it to those of you who have a particular
interest in the subject, particularly our 5 eyes citizens, as it helps
encapsulate what is happening in the world of Information Technology amongst
those nation states; its security (or the lack of it) and the balance
between data collection for the security purposes of the state, or for the
use of the private corporation; and protecting individual civil liberties,
such as free speech, freedom of association and freedom to inform
anonymously, through selective measures, both legal and in practice. Please
note, I am neither endorsing, or supporting, or condemning this report, but
trying to look at the stuff which interests me and may interest others, from
the point of view of an individual consumer and the man on the Clapham
omnibus... J. Neither do I consider it the "b" all and "end" all of
information on the subject. However, in my view it is a good starting point
to see where the problems are, what the problems are; and which way the UK
government is thinking and may develop its policies, laws, regulations and
methodologies of collection and protection in the future, and how those
developments will affect the relationship between the security of the state
and the civil liberties of the individual.

One problem which needs to be addressed in my view, and is nearly always
missed or goes unnoticed, is that once electronic information is collected
and stored, it cannot be deleted, unless the storage media itself is
destroyed effectively. A second problem is that whilst information may be
deleted from one storage media, it doesn't mean to say that it will be
deleted from all forms of storage media. In my view one of the best ways,
but not the only way, to operate a safer collection system would be to have
no mass collection and for the intelligence services and law enforcement to
use more selective and targeted practices, against suspected criminals or
terrorists; backed up by stronger public oversight (idealism rears its ugly
head again... J). Until such a system is in place, publicly verifiable,
open and transparent, then any measures for deletion of bulk electronic
material will not receive my support, however qualified by judicial or
executive or administerial oversight...With that in mind I will be
continuing to read this report with interest...and will let you know...when
and if I can be bothered...and if I think you are sufficiently
interested...and I am not doing any building work or gardening... J. As
always our colleagues views are much appreciated... J.







No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5961 / Virus Database: 4360/9993 - Release Date: 06/11/15

Other related posts: