Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] PrivateSky Takedown

Caspar Bowden (lists) lists at
Fri Dec 13 08:30:08 PST 2013

> ...Posted by Brian Spector...
> Secondly, a very important point wasn't printed. GCHQ couldn't, by
> law, request a blanket back door on the system.

Untrue. A "property warrant" under the Intelligence Services Act 1994 
<> can require 
installation of a backdoor

> There are a very rigid
> set of controls that mean only specific individuals can come under
> surveillance.

Untrue. A RIPA S.49 decryption order can be applied to a RIPA s.8 
"certificated warrant" (which is used for GCHQ trawling of international 
comms e.g. TEMPORA - bit like a FISA 702 but without the constraints by 
US nationality/residency).

Even if a S.49 order is applied to a RIPA s.5 warrant targeted at a 
particular person's comms internal to UK (think Title III), it can 
require a key for past or FUTURE 
<> ("is likely to 
do so") data, so whilst in theory a session key could suffice 
<> (50(5)) for 
former, obvious the latter would require a private (assymetric) key, and 
BTW could also require a stream of PFS transient keys to be logged and 
handed over thereafter

>   The legal request for such surveillance has a due
> process that must be stridently followed.

I think he means stringently. Actually there is no "due process" that 
would be recognizable US legal terms. There is a possible appeal to a 
Technical Advisory Board (which at least up until a few years ago had 
never convened to hear such a case), but only on grounds of technical 

> At no time did I or anyone
> at CertiVox talk about CertiVox in relation to any RIPA warrant, only
> the generic process by which these warrants are served.

RIPA S.49 decryption orders can carry an indefinitely long secrecy 
requirement (see here <> ; 
numbering is anomalous because it's a draft)

Rather looks as if Certivox trying to dig out of the hole they might 
have breached secrecy in previous reports, and trying to backpeddle

(author of - not updated since 2001)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list