Thursday, January 07, 2016

investigatory ploughsharing bill - srambling for safety

for a thorough report on today's scrambling for safety 2016 debate, its hard to beat George Danezis blog - one thing I was going to ask about was the really broken part of the bill, which prevents any discussion between a service provider and the agency that serves a warrant on them for intercepoton (whether a standard surveillance or a bulk one, or interference on a device or a broad spectrum of devices).

I realize that some level of stealth is, by definition, needed during the surveilance - however the world is rapidly evolving, and it is clear that operators and service providers are at the bleading edge and are able to offer (and do, in practice under today's laws in the UK)  on a request  (e.g. no, you don't want that IP address, you want this URL prefix, as that's a load balancer/VM, NATed device that changes etc etc) - in my example question (no., you don't want to run interference on that device as it isn't just a routine users ipad, its their tesla dashboard, and if you weaken the random number generator in the OS on that device, you open it up to hackers who will crash the car), not only is it obvious the security and police agencies don't have expertise yet in the area, we need to have a cooperatively evolveable law - latching the law (the first in 500 years to admit that agencies need these powers, but under legal controls) we need to make sure it isn't the last law made in the area either - just as the "Internet Connection Record" is meaningless in the world today, so the interference model is extremely dangerous in the IoT space, where there are currently more devices that are not end-users comms gadget (==phone/skype) than are - pretty soon, there will be 100s or 1000s of devices - monitoring these is mostly a waste of resources (more haystacks to not find needles in) - interfering with these devices (e.g. pacemakers, car brakes, traffic lights) is incredibly dangerous - [footnote...]

proportionality requires risk assessment - "collateral damage" that is a death because of interference on a device which causes a car crash or a heart failure, is not assessable today. it may be one day, but I posit that it is not an acceptable risk level for gleaning a little bit more sigint, that probably wont be acted on anyhow. Basically, this blows out of the water any fig leaf of proportionality, unless there is a wholly different way to manage (transparently) the codes of practice, in a way that future proofs (actually makes fit for purpose for today's internet) this dodgy draft bill.

footnote - let not forget algorithmic lawyers - when the music biz wanted to chill the p2p file sharing world, they started getting s.w that generated letters to threaten disconnecting users from their ISP - one fabulous case ended up with a tech guy defending himself in court, because the IP address the lawyers s/w detected allegedly uploading music in breach of copyright from. was his HP laster printer. doh. if they can get that wrong, then the spooks software can and will confuse a crims phone with an innocent ("collateral damage") bystander's  auto-defibrillator or internet enabled insulin pump.

1 comment:

Ross Anderson said...

Here's the programme

and here's the video of the event


Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home