Quote:
Originally Posted by AlexanderHanff
So even the government "snooping" party is less invasive than Phorm and even though the data is retained the police still need a warrant to access it.
|
That’s not my understanding of it, but IANAL either. You just need two different flavours of RIPA Authorising Officer. An investigator will make a request to a RIPA Single Point of Contact (SPoC). The SPoC will get authorisation from a RIPA Designated Person. The SPoC will then handle all the data flow between their organisation and the postal or telecommunications operator. Sadly, there’s no mention of a court or warrant. I thought the police only needed Home Office approval to tap the
contents of telecommunications.
Here is the relevant section from Macclesfield Borough Council’s
Policy on Use of Covert Surveillance:
4 Communications Data
4.1 The Regulation of Investigatory Powers (Communications Data) Order 2003 extends to local authorities the powers set out within RIPA to access communications data. Communications data includes information relating to the use of a communications service but does not include the contents of the communication itself. Communications data can be split into three types; “traffic data†ie where a communication was made from, to whom and when; “service data†ie
the use made of the service by any person eg itemised telephone records; and “subscriber data†ie any other information that is held or obtained by an operator on a person they provide a service to.
Local authorities are allowed to access ‘service data’ and ‘subscriber data’ but only for the purposes of the prevention or detection of crime or the prevention of disorder.
4.2 Access to communications data may be authorised in two ways; either (a) through an authorisation by a designated person which would allow the authority to collect or retrieve data itself, or (b) by a notice given to a postal or telecommunications operator requiring that operator to collect or retrieve the data and provide it to the local authority.
4.3 Application will be made by the investigating officer and submitted to a Single Point of Contact (SPOC) who will either accept or reject the application. If the SPOC accepts the application he/she will forward it together with a SPOC report and a draft notice (where appropriate) to a Designated Person for authorisation. If the Designated Person accepts the application, the forms will be returned to the SPOC and the SPOC will deal with the postal or telecommunications operator directly. The SPOC will also advise investigating officers and Designated Persons on whether an authorisation or a notice is appropriate in the circumstances .
4.4 No officer will be nominated as the Council’s SPOC unless that officer has received training on a course recognised by the Home Office
The end of the document gives the names of those two Authorising Officers.
My biggest worry is that, while ISPs store only which websites are accessed, not which pages, Phorm get a stream of full URLs. All parties have to trust that Phorm won’t use those URLs to obtain full page contents at a later time, by making their own requests for the pages. The stream of full URLs can be considered to be a highly compressed for of the full traffic; you can use those snippets of information to reconstruct nearly all of the original.