We should have picked up on this earlier, but then so should lots of other people:
The (.pdf) document:
This current Home Office Public Consultation on Communications Traffic Data, has had even less media or blogger or privacy or security activists attention, than the one on RIPA Part III Encrypted Data and Encryption Keys
The (.pdf) document also uses non-standard fonts, which present a small technical barrier for many people who are simply trying to Copy and Paste portions of text to quote in their submissions to the Public Consultation, so feel free to use our HTML version if you prefer.
Our RIPA Part I Chapter II consultation blog:
As with the RIPA Part III consultation blog, if anybody does not feel up to writing a full submission, leave your comments on the relevant section, and we will summarise them in our formal response, again by the closing date of 30th August 2006.
Some initial thoughts which we will expand on in our RIPA Part I Chapter II blog:
- This Draft Code of Practice has massive implications when combined with the European Union's plans for mandatory Data Retention of Communications Traffic Data.
- There is quite a detailed section on Emergency Phone Calls (999 / 112), but the rest of the CoP is not as detailed.
- The section on Data Protection Act Subject Data Access requests to see if your phone calls or internet logs have been snooped on (unlike RIPA Part III, there is no "tipping off" offence") is interesting. At what point is a Communications Service Provider ever informed that a person is no longer being currently investigated by the Police or the Security agencies, and that they can now provide full details in a DPA Subject Data Access Request ?
- The section on access to Communications Data by foreign governments does not reassure us.
- The use of a Personal Identification Number (PIN) to authenticate people who are allowed to request Communications Traffic Data does not appear to be very secure, and could well be open to abuse.
- Where is there any guidance on Data Retention and Destruction of Communications Traffic data which is no longer needed ?
- Just like the RIPA Part III Code of Practice, there is no concept of using Digital Signatures or even of Government Approved Encryption e.g. Kilgetty to protect this sensitive data from being disclosed to the wrong people, e.g. when someone loses a laptop computer.