BlackBerry Messenger archives open for inspection Messages passing through the BlackBerry Messenger system are almost certainly already under examination by the police, who need neither warrants nor ministerial permission to search them for evidence. While the Regulatory Investigatory Powers Act (RIPA) is necessary for interception of live communications. once the messages …
Not sure about the courts not caring, but agree with your second statement totally.
Having said that, desparate times call for desparate measures and I would rather the fuzz employ whatever measures they have to trap these bastards and bring them to task. Unless folk have been sending b0mb recipes or ch1ld pr0n links the police are unlikely to look for anything other than pertinent content purely because they won't have time or resource.
Bring it on, I say. We need to stop the rioting scum before it gets (even more) out of hand.
> you tell me the last time a judge excluded illegally obtained evidence ? It just doesn't happen.
Which just goes to show how the police only use legal means to obtain evidence.
You could just assume the police are guilty of any crime you care to accuse them of and not bother with a trial. But I'm sure you wont do that since it would be counter to your principals of innocent until proven guilty. Unless, of course, that principal only applies to groups of people on your "approved" list.
Also one for "historical purposes", i.e. keeping it all forever in case your descendants happen to be interested.
A partial list of exemptions is:
28. National security..
29. Crime and taxation..
30. Health, education and social work..
31. Regulatory activity..
32. Journalism, literature and art..
33. Research, history and statistics.
Together they are - a hole the size of a truck for the authorities.
You didn't think it was there to protect you from the state, did you?
http://www.legislation.gov.uk/ukpga/1998/29/contents
"Secure comms is a major part of the blackberry sell, they will shoot themselves in the foot (or radio) if they do this."
The reason a Blackberry is secure is ultimately because your data is encrypted end-to-end between you and the back end server. For (mostly business) customers running their own Blackberry Enterprise Server, this means that not even RIM itself has the decryption keys. However, consumers use Blackberry servers owned and operated by RIM. Obviously, RIM will have a copy of the encryption keys at that point.
-d
RIM are concerned about the image of the blackberry becoming the tool of choice for the young professional rioter, looter etc.. which is why they are co-operating with the UK authorities.
Just look at their attitude to the Indian government.
http://www.theregister.co.uk/2011/08/08/indian_blackberry_crackdown/
Methinks the location information may be interesting too:
What phones were in the area <blah> between <blah> and <blah>?
Find groups (particularly those present at more than one previous trouble zone).
See if any of thse groups start reassembling.
Send in the police before the riot.
They'll almost certainly be using endpoint information to identify phones of interest, certainly to chop down the list of possible phones to look at.
The problem is to find the owners of PAYG phones, which is where endpoint info comes in. If you have someone denying rioting and their phone has been in several trouble spots, you've got some fairly good questioning lines, or a possibility to tie it up with CCTV.
From RIPA2000:
"For the purposes of this section the times while a communication is being transmitted by means of a telecommunication system shall be taken to include any time when the system by means of which the communication is being, or has been, transmitted is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it."
Section 2(7). Pinsent Masons usually do a better job than they purportedly did here.
Vic.
Er, no it doesn't. "storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it.", doesn't cover storage that the original intended recipient does *not* have access to.
I read that as very specifically designed to cover voicemail and the like as it implies an online store to which the recipient has access and would not cover an internal archive. Whether that means that while it is still available for access by the recipient it is covered by RIPA, even when the actual desired access is to an archive of same held in parallel elsewhere, is an interesting point for discussion.
Also; "the system by means of which the communication is being, or has been, transmitted" blows out of the water coverage of anything held in an archive system seperate to the live BBM system anyway.
It's 'buffered' on a server ready for collection. Is that an archive? An email maybe in a POP account which means it's removed once collected. If it's in an IMAP or Webmail account it stays there unless the recipient deletes it.
Archiving would be a separate process and not a function of sending and receiving.
Do you think those kids are kicking down doors, stealing jewellery, setting fire to furniture stores, oh and then checking their Blackberry to see if there's any emails they need to answer from work, and perhaps check the value of their portfolios.
WTF!? Most of these kids are going to be on Nokias, LGs, or Samsungs.
This post has been deleted by its author
then it's perhaps time to shake up the law. Operators storing SMSes for a year? That's a tad too close to recording all calls and storing them for a year for comfort. And then lose the tapes in the mail, or something.
I mean yes it'd be nice if the rioters or at least the purported-and-if-any instigators and organisers and kingpins and whatnots got found out and locked up while the plod keeps looking cross eyed at the impounded crackberries from a distance, but, er, there's this little thing that's bothering me: The steady state of society is not rioting and so why do they have that sort of power? Is it really too much to ask to pop over to a judge and get him to agree that riots are Not Normal and that digging up some extra data to try and help catch the rioters would be helpful? There's a reason we normally require "judicial oversight", you know.
On a tangential note, now that they have whined up and down the public to go in and have the data, wonder if they'll filter for location too. Otherwise some crackberry-enthousiasts in, say, Scotland might find themselves dragged out of bed at oh-dark-thirty because they chatted to each other about the riots in txtspk.
..for rioters and looters who get caught by a data trawl.
How anyone can be worried about data privacy during a (hopefully) rare event, where there is clear reason for the police to do the digital equivalent of house to house enquiries is beyond me.
Whilst we should uphold the right to privacy, we (as a society) should use common sense, where waiving that right in an isolated case is to our benefit. The police can have all of my phone records for the last week if they wish.
The issue is that outside of such events as these riots there is a reasonable need for effective privacy protections. Situations such as these riots or any other sort of criminal investigation are the precise reason for allowing a judge to issue investigators with a warrant (or similar writ varying by circumstance and jurisdiction) to allow the investigators/police to intercept, collect or otherwise access private property or private communications.
Data privacy, as with any other legal protection, must be defended at all times. If such protections are not defended during an emergency or other extraordinary situation then they can be stripped away (under the argument of temporary emergency measures) and not be restored ("Oh, we got rid of that search warrant business because in one case we felt it took too long; and, don't you know, we didn't want to have it get in the way should that once in a decade event reoccur tomorrow.")
Systems are already in place to allow extraordinary measures to be taken during the time when they are appropriate and necessary without making those powers a permanent fixture of the law. During an emergency is not a time conducive to reasoned debate.
While I got off my seat and talked with my MP about RIPA (Anne Campbell, Labour, useless), it seems that this is covered by the DPA about which I have heard far fewer complaints.
Sure, privacy is a right that we should defend, but to expect that public mobile communications should automatically be afforded that right seems optimistic to me. That RIM have co-operated with police might be an issue that their end users could take up with them, but unless you've made specific provisions that your communications should be treated as secure, a high street mobile phone is about as private as.. well, the high street. RIM offer security in the corporate and personal sense, but don't to my knowledge suggest they'll protect you from the government.
As it is, I don't believe any special powers were exercised here, and I'm willing to trust that RIM will do a responsible job of handing over relevant data to the police. No puppies were hurt here and hopefully a few idiots will be taken off the streets.
And here I was thinking that this was about the possibility of a /private/ company handing over /private/ communications data that is stored as part of a service that is advertised as offering /privacy/. But since these supposedly encrypted messages sent by people to specific other people through a service that sells itself on privacy and security protections are now (at least if I read your response correctly) considered to be "public communications" then there is no need to go through any of that 'requiring a court order to search your private messages for evidence'. Because of course, you have just redefined private communications to be public.
Now if these searches were performed in a manner that at least made it less likely that innocents would have their privacy invaded it would be less of an issue. A few minutes of thinking about the process will I am sure come up with a series of questions that you can ask the mobile carriers and RIM (when combined in the appropriate sequence and accompanied with a few limited court orders) that would give you decent evidence for use in capturing and prosecuting the criminals while avoiding unnecessary violations of privacy or presuming guilt without evidence.
Also, it would be appreciated if you could check the spelling of the name of the person you are responding to, especially when it is displayed directly in front of you.
The quoted bit of RIPA relates to storage within the transmission system "in a manner that enables the intended recipient to collect it" - so it sounds as if my ISP's IMAP or POP server would be covered, but if the ISP is logging all my email traffic on some snooping system, that's outside RIPA's scope, or at least outside the scope of the quoted section.
It's a pretty glaring loophole, if that's the case - that the police can't access the traffic 'realtime' but can access it 1 ms later as it hits the log files - but somehow that wouldn't entirely surprise me.
"What they cannot do is intercept data between the BB and the server."
...and the servers for India might not actually be in India - they could be in the UK, for example. That would mean that the UK authorities could intercept Indian BB traffic but the Indian authorities could not. This could also be true for several countries in continental Europe and the Middle East.
Er, no again.
That particular gripe relates to email which is a different kettle of fish. What they *can* do is present BBM data on official request. What they *can* do is present email data off a BIS held in the local jurisdiction and one of the things they *will* do is ensure that Indian BB publicly offered email services are served by an Indian BIS.
What they *can't* do is present email data off a BES held by a company elsewhere in the world or intercept / decrypt same in transit.
Surely the shops have a record of, and the networks can just block, the IMEI numbers? Then the phone is worthless. I don't think we're seeing the greatest criminal minds in history here.
A few vigilante groups hanging rioters from the nearest lamp-post seems to stop the problem elsewhere in the world. Now that's a Big Society.
the handsets need *activating* first ?
I would be amazed if most of the looted stuff - particualrly high-end internet devices, like new TVs, couldn't be located the second they are connected to the internet, and they squawk their serial number back to base.
The only question will be if there is an infrastructure in place, allowing base to have a record of serial numbers of interest, and a legal framework to inform the authorities.
No handset on a GSM network needs activating, it is the SIM that needs activating. Not like CDMA where the handset needs bonding to your account.
Anyway, CPW have said that all their stock is registered on the Blacklisting Sytems so most of the robbed mobiles will not work in this country anyway. Time to look on Ebay for UK listings that are not being targeted at the local market as there is no global blacklist of IMEIs and they will work abroad.
Gone are the days when you could reprogram a handset's IMEI...
"allowing the police to check for interesting messages and then ask the identities of the senders"
Wrong.
Viewing the records of messages sent may come under the DPA if they're historical BUT the identities of the senders is considered 'subscriber data' and this requires a separate RIPA application.
The police don't need any permission to view twitter messages but they sure as hell do to obtain the details of the person who posted them.
The authorities absolutely love proprietary single-vendor services for that exact reason...
Whereas with SMS they have 4 operators to work with, with BBM they only have one.
Same thing with Twitter, a single source for them to get information from.
That's why they hate p2p technologies, and open technologies like email, xmpp and IRC where there could be potentially hundreds of different providers offering services.
Whether the Police looking at a Blackberry archive is interception or not is actually very much more complicated than what has been said here. I won't go into the gruesome details, but it could go either way.
However, even if it is interception, the Police can still do it. According to RIPA S.1(5)(c) interception is lawful if "it is in exercise, in relation to any stored communication, of any statutory power that is exercised (apart from this section) for the purpose of obtaining information or of taking possession of any document or other property".
The police would be looking at stored communications if they looked at a Blackberry archive, presumably using a statutory power under PACE. The question of whether it's stored so the intended recipient can access it or not doesn't come into it at all.
That may be an important distinction for journalists and ordinary people, but not for the Police - if it's a stored communication they can access it under PACE, no matter whether doing so is interception or not.
There is another question to be looked at though - Would Blackberry keeping an archive of messages be interception? Undoubtedly, yes it would be, see S.2(2)(b).
Would that interception be lawful? S.3(3)(b) says it would be if "it takes place for purposes connected [...] with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services."
Afaik there is no enactment forcing Blackberry to keep Blackberry messages, so it's probably illegal for Blackberry to keep an archive [*]. But not the Police to look at it.
[*] unless it's "for purposes connected with the provision or operation of the service" - eg an archive which intended recipients can access. However if Blackberry started keeping an archive specifically so it could be accessed by the Police then they would be intercepting, and doing so illegally.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
