Should there be limits on access to information?

Should there be limits on access to information? Ian Brown, FIPR

Overview
What are the current limits, and how should they change?
Access to information on journalists and their sources – data trails and access
Access to leaked information by journalists – watermarking and trusted computing
Access by society to legally restricted information – permanent Web archives

Data trails
Web server and cache logs
E-mail records
Mobile phone location

Web server logs
17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 229936
17:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 4944
17:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 6869
17:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 3323
17:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 5118
20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 353
20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 1383
20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 9499
20:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 427
20:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0"
21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 3661
22:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 4265
22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 244
22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 411
22:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0"
6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 7698
6:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 3725
7:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 4381
7:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142389
7:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142674
7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 4714
7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811

E-mail trails Messages are full of clues about their origins

Regulation of Investigatory Powers Act 2000
ISPs must install “black boxes” upon production of a SoS s.12 notice
“ Comms data” obtained by self-authorised demand from police, Customs etc.
Content requires warrant from SoS

“ Snooper’s charter”
The Department for Environment, Food and Rural Affairs.
The Department of Health.
The Home Office.
The Department of Trade and Industry.
The Department for Transport, Local Government and the Regions.
The Department for Work and Pensions.
The Department of Enterprise, Trade and Investment for Northern Ireland.
Any local authority within the meaning of section 1 of the Local Government Act 1999.
Any fire authority as defined in the Local Government (Best Value) Performance Indicators Order 2000
The Scottish Drug Enforcement Agency.
The Scottish Environment Protection Agency.
The United Kingdom Atomic Energy Authority Constabulary.
A Universal Service Provider within the meaning of the Postal Services Act 2000
A council constituted under section 2 of the Local Government etc. (Scotland) Act 1994.
A district council within the meaning of the Local Government Act (Northern Ireland) 1972.
The Common Services Agency of the Scottish Health Service.
The Northern Ireland Central Services Agency for the Health and Social Services.
The Environment Agency.
The Financial Services Authority.
The Food Standards Agency.
The Health and Safety Executive.
The Information Commissioner.
The Office of Fair Trading.
The Postal Services Commission.

Anti-Terrorism, Crime and Security Act 2001
Contains provisions for data retention by Communications Service Providers
“ There is great merit for having information about subscribers kept for five years and call information for two years” –John Abbot, NCIS

Other access
Private investigators through social engineering and hacking
Civil actions e.g. breach of confidentiality
Accidental revelation

Watermarked data
Inter-character, word and line spacing can hide information in text
Many similar methods for audio, video…
(c) F. Petitcolas – Facade of Notre Dame de Fourvière Basilica in Lyon

Trusted computing
Documents can be “locked” to individual machines or groups of machines
Breaking protection both very difficult, and illegal (c.f. EU Copyright Directive)
Coming soon to a PC/PDA/mobile phone near you…

The end of rehabilitation?
Mary Bell and daughter; Robert Thompson and Jon Venables
Sex offender registers – paediatricians vs. paedophiles
Press coverage of trials

Actions
Prevent data retention; require higher standard for access to data on and from journalists
Journalists may need to change working practices with source materials
Rehabilitation issues very difficult

Should there be limits on access to information?

by Ian Brown on Sep 07, 2008

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Should there be limits on access to information? — Presentation Transcript