Messages passing through the BlackBerry Messenger system are almost certainly already under examination by the police, who need neither warrants nor ministerial permission to search them for evidence. While the Regulatory Investigatory Powers Act (RIPA) is necessary for interception of live communications. once the messages have …
No sympathy with the rioting & looting yoofs, but surely RIM can't just hand over total access to everyone's messages without notice, consent or a warrant? Secure comms is a major part of the blackberry sell, they will shoot themselves in the foot (or radio) if they do this.
This is the UK ....
where courts don't really care about the law.
Anyway, if secure communications mattered *that* much, wtf are you doing trusting to a 3rd party ?
Not sure about the courts not caring, but agree with your second statement totally.
Having said that, desparate times call for desparate measures and I would rather the fuzz employ whatever measures they have to trap these bastards and bring them to task. Unless folk have been sending b0mb recipes or ch1ld pr0n links the police are unlikely to look for anything other than pertinent content purely because they won't have time or resource.
Bring it on, I say. We need to stop the rioting scum before it gets (even more) out of hand.
There is a general exception to the Data Protection Act for the prevention and detection of crime.
Also one for "historical purposes", i.e. keeping it all forever in case your descendants happen to be interested.
A partial list of exemptions is:
28. National security..
29. Crime and taxation..
30. Health, education and social work..
31. Regulatory activity..
32. Journalism, literature and art..
33. Research, history and statistics.
Together they are - a hole the size of a truck for the authorities.
You didn't think it was there to protect you from the state, did you?
OK, you tell me
the last time a judge excluded illegally obtained evidence ? It just doesn't happen. And barristers that try to point it out to a jury will be help in contempt.
The consumer Blackberry has never been secure
"Secure comms is a major part of the blackberry sell, they will shoot themselves in the foot (or radio) if they do this."
The reason a Blackberry is secure is ultimately because your data is encrypted end-to-end between you and the back end server. For (mostly business) customers running their own Blackberry Enterprise Server, this means that not even RIM itself has the decryption keys. However, consumers use Blackberry servers owned and operated by RIM. Obviously, RIM will have a copy of the encryption keys at that point.
Re AC @ 21:51
> you tell me the last time a judge excluded illegally obtained evidence ? It just doesn't happen.
Which just goes to show how the police only use legal means to obtain evidence.
You could just assume the police are guilty of any crime you care to accuse them of and not bother with a trial. But I'm sure you wont do that since it would be counter to your principals of innocent until proven guilty. Unless, of course, that principal only applies to groups of people on your "approved" list.
"Having said that, desparate times call for desparate measures..."
Here, ladies and gentlemen, is the seed of autocracy.
Re: OK, you tell me
Without giving any details, which would be illegal in itself, exactly this happened in a trial that I served on the jury of and we were carefully instructed by the judge to ignore the "evidence" concerned.
Your point is utter bullshit trolling of the highest order.
Its all about image
RIM are concerned about the image of the blackberry becoming the tool of choice for the young professional rioter, looter etc.. which is why they are co-operating with the UK authorities.
Just look at their attitude to the Indian government.
How long after you press send does the message remain real-time ?
The most common legal opinion on this question is that it remains real-time until it is read at the other end.
Volentary tracking devices.
Methinks the location information may be interesting too:
What phones were in the area <blah> between <blah> and <blah>?
Find groups (particularly those present at more than one previous trouble zone).
See if any of thse groups start reassembling.
Send in the police before the riot.
Or arrest them, they just need time and location to demonstrate they were unlawfully assembled for Rioting.
Putting the punks away for awhile, would be a better solution.
They'll almost certainly be using endpoint information to identify phones of interest, certainly to chop down the list of possible phones to look at.
The problem is to find the owners of PAYG phones, which is where endpoint info comes in. If you have someone denying rioting and their phone has been in several trouble spots, you've got some fairly good questioning lines, or a possibility to tie it up with CCTV.
The 1970's called
>Putting the punks away for awhile, would be a better solution.
What do you have against the punks? All the morons look like classic hoodies to me.
Arrest someone at scene who has a phone. Now find who their contacts were... etc
Can already hear
The calls for plods to have realtime access to bbm data, "just in case".
To be honest they are lucky I am not in charge as I would have the little bastards shot as looters
Who is lucky?
"To be honest they are lucky I am not in charge as I would have the little bastards shot as looters"
The looters are lucky, but the lootees aren't.
a Twitter campaign backed by BSkyB
Can their 'journalists' not hack crackberries?
My ironometer exploded at the use of Twitter to campaign against the use of BBM for coordinating riots...
A whole stack messages from people aged 12-18? The mere thought of trawling thousands of messages all in "txt-speak", what a joy that must be. The cops come out of that, sanity intact, they deserve a bonus and a load of time off!
Erm, surely RIPA
Applies to the bit where RIM are intercepting the messages and putting them in an archive?
Unless the TOS say "We will keep copies of all your messages", in which case, I guess you have agreed to be spied on.
I don't think so
my understanding is that telecoms providers have to keep archives under EU legislation
You are kidding right?
With the keyboards on Blackberries?
I have just been given (Soon to be returned) BB Bold for work and if anyone can actually use it to send a message let alone have a conversation, they are a bloody genius.
Give it a week, and you'll be typing like a pro. You'll shortly after be bursting out in cold sweats if it's more than 5ft away from you too. They're deceptive like that.
So 'live' interception needs oversight...
...but 0.01 seconds later it's 'archived' and can be trawled at will for any reason without any due process or oversight whatsoever? Fuck that very much.
"For the purposes of this section the times while a communication is being transmitted by means of a telecommunication system shall be taken to include any time when the system by means of which the communication is being, or has been, transmitted is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it."
Section 2(7). Pinsent Masons usually do a better job than they purportedly did here.
But presumably ....
Once received (collected) by the recipient it is part of the archive, thus subject to the DPA?
Given what has happened over the last few days I can't see why any right minded person would object to the police having access to this information anyway.
Read the bit I quoted. It says the exact opposite of what you suggest.
Wheres the archiving part?
It's 'buffered' on a server ready for collection. Is that an archive? An email maybe in a POP account which means it's removed once collected. If it's in an IMAP or Webmail account it stays there unless the recipient deletes it.
Archiving would be a separate process and not a function of sending and receiving.
Might be worth reading on to s.3 :) Add in http://us.blackberry.com/legal/pdfs/BBSLA_UnitedKingdom_English_UK.pdf (article 21(a)(iv) is the pertinent one) and you've got an exemption.
Er, no it doesn't. "storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it.", doesn't cover storage that the original intended recipient does *not* have access to.
I read that as very specifically designed to cover voicemail and the like as it implies an online store to which the recipient has access and would not cover an internal archive. Whether that means that while it is still available for access by the recipient it is covered by RIPA, even when the actual desired access is to an archive of same held in parallel elsewhere, is an interesting point for discussion.
Also; "the system by means of which the communication is being, or has been, transmitted" blows out of the water coverage of anything held in an archive system seperate to the live BBM system anyway.
Are you kidding me?!
Do you think those kids are kicking down doors, stealing jewellery, setting fire to furniture stores, oh and then checking their Blackberry to see if there's any emails they need to answer from work, and perhaps check the value of their portfolios.
WTF!? Most of these kids are going to be on Nokias, LGs, or Samsungs.
The must-have phone, if you're down with the kids(tm), is a Blackberry.
£120 on PAYG, much cheaper on Ebay.
Cheaper still if you happened to have just kicked the windows in of your nearest phone store.
Well, if that's how the law lays
then it's perhaps time to shake up the law. Operators storing SMSes for a year? That's a tad too close to recording all calls and storing them for a year for comfort. And then lose the tapes in the mail, or something.
I mean yes it'd be nice if the rioters or at least the purported-and-if-any instigators and organisers and kingpins and whatnots got found out and locked up while the plod keeps looking cross eyed at the impounded crackberries from a distance, but, er, there's this little thing that's bothering me: The steady state of society is not rioting and so why do they have that sort of power? Is it really too much to ask to pop over to a judge and get him to agree that riots are Not Normal and that digging up some extra data to try and help catch the rioters would be helpful? There's a reason we normally require "judicial oversight", you know.
On a tangential note, now that they have whined up and down the public to go in and have the data, wonder if they'll filter for location too. Otherwise some crackberry-enthousiasts in, say, Scotland might find themselves dragged out of bed at oh-dark-thirty because they chatted to each other about the riots in txtspk.
Struggling to find sympathy...
..for rioters and looters who get caught by a data trawl.
How anyone can be worried about data privacy during a (hopefully) rare event, where there is clear reason for the police to do the digital equivalent of house to house enquiries is beyond me.
Whilst we should uphold the right to privacy, we (as a society) should use common sense, where waiving that right in an isolated case is to our benefit. The police can have all of my phone records for the last week if they wish.
@Andy 73 RE: Struggling to find sympathy...
The issue is that outside of such events as these riots there is a reasonable need for effective privacy protections. Situations such as these riots or any other sort of criminal investigation are the precise reason for allowing a judge to issue investigators with a warrant (or similar writ varying by circumstance and jurisdiction) to allow the investigators/police to intercept, collect or otherwise access private property or private communications.
Data privacy, as with any other legal protection, must be defended at all times. If such protections are not defended during an emergency or other extraordinary situation then they can be stripped away (under the argument of temporary emergency measures) and not be restored ("Oh, we got rid of that search warrant business because in one case we felt it took too long; and, don't you know, we didn't want to have it get in the way should that once in a decade event reoccur tomorrow.")
Systems are already in place to allow extraordinary measures to be taken during the time when they are appropriate and necessary without making those powers a permanent fixture of the law. During an emergency is not a time conducive to reasoned debate.
@Brendan Sullican RE: Struggling to find sympathy...
While I got off my seat and talked with my MP about RIPA (Anne Campbell, Labour, useless), it seems that this is covered by the DPA about which I have heard far fewer complaints.
Sure, privacy is a right that we should defend, but to expect that public mobile communications should automatically be afforded that right seems optimistic to me. That RIM have co-operated with police might be an issue that their end users could take up with them, but unless you've made specific provisions that your communications should be treated as secure, a high street mobile phone is about as private as.. well, the high street. RIM offer security in the corporate and personal sense, but don't to my knowledge suggest they'll protect you from the government.
As it is, I don't believe any special powers were exercised here, and I'm willing to trust that RIM will do a responsible job of handing over relevant data to the police. No puppies were hurt here and hopefully a few idiots will be taken off the streets.
@Andy 73 RE:RE:RE: Struggling to find sympathy...
And here I was thinking that this was about the possibility of a /private/ company handing over /private/ communications data that is stored as part of a service that is advertised as offering /privacy/. But since these supposedly encrypted messages sent by people to specific other people through a service that sells itself on privacy and security protections are now (at least if I read your response correctly) considered to be "public communications" then there is no need to go through any of that 'requiring a court order to search your private messages for evidence'. Because of course, you have just redefined private communications to be public.
Now if these searches were performed in a manner that at least made it less likely that innocents would have their privacy invaded it would be less of an issue. A few minutes of thinking about the process will I am sure come up with a series of questions that you can ask the mobile carriers and RIM (when combined in the appropriate sequence and accompanied with a few limited court orders) that would give you decent evidence for use in capturing and prosecuting the criminals while avoiding unnecessary violations of privacy or presuming guilt without evidence.
Also, it would be appreciated if you could check the spelling of the name of the person you are responding to, especially when it is displayed directly in front of you.
Stored *for customer access*
The quoted bit of RIPA relates to storage within the transmission system "in a manner that enables the intended recipient to collect it" - so it sounds as if my ISP's IMAP or POP server would be covered, but if the ISP is logging all my email traffic on some snooping system, that's outside RIPA's scope, or at least outside the scope of the quoted section.
It's a pretty glaring loophole, if that's the case - that the police can't access the traffic 'realtime' but can access it 1 ms later as it hits the log files - but somehow that wouldn't entirely surprise me.
So, they are just about to do what they have been telling India they *CANNOT* do?
Appropriate coincidence that the two stories turned up on Reg today.
@So, they are just about to do what they have been telling India they *CANNOT* do?
What they cannot do is intercept data between the BB and the server. If they host the server, they can do what they like with the data on it.
Er, no again.
That particular gripe relates to email which is a different kettle of fish. What they *can* do is present BBM data on official request. What they *can* do is present email data off a BIS held in the local jurisdiction and one of the things they *will* do is ensure that Indian BB publicly offered email services are served by an Indian BIS.
What they *can't* do is present email data off a BES held by a company elsewhere in the world or intercept / decrypt same in transit.
Thanks for pointing me in the right direction on this
@So, they are just about to do what they have been telling India they *CANNOT* do?
"What they cannot do is intercept data between the BB and the server."
...and the servers for India might not actually be in India - they could be in the UK, for example. That would mean that the UK authorities could intercept Indian BB traffic but the Indian authorities could not. This could also be true for several countries in continental Europe and the Middle East.
All these phones they're looting
Surely the shops have a record of, and the networks can just block, the IMEI numbers? Then the phone is worthless. I don't think we're seeing the greatest criminal minds in history here.
A few vigilante groups hanging rioters from the nearest lamp-post seems to stop the problem elsewhere in the world. Now that's a Big Society.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...