Peter Fairbrother Evidence
APIG Communications Data Inquiry Oral Evidence
Peter Fairbrother
Wed, 18 December 2002
MR. WHITE: Our final witness is Peter Fairbrother, who is described in my brief as a freelance mathematician.
MR. FAIRBROTHER: I am a mathematical cryptographer. I have recently
become interested in information security, particularly in things like
RIPA. I would like to make a couple of points. Just storing data by
itself is intrusive whether or not anyone gets round to accessing it.
The point I made about traffic analysis not being terribly effective,
particularly against the more determined criminal, is one point to take
on board when you are making a judgment and balance between intrusion,
effectiveness and what you are seeking to achieve.
MR. ALLAN: RIPA Part III is the Government's ability to demand
cryptography keys. We were told that you have launched a software
product called MOOT, which is, I assume, one of these throw-away key
systems where people can encrypt data and are not able to provide the
key?
MR. FAIRBROTHER: Yes.
MR. ALLAN: Even if asked.
MR. FAIRBROTHER: Yes. It is a CD based system. It does not use the
operating system on the computer. It has its own operating system. For
messages it uses throw-away keys. To store data, you have a filing
system but you cannot tell whether there is a file in it. It also uses
storage in foreign data havens.
MR. ALLAN: Is there a lot of interest in the IT community in this project?
MR. FAIRBROTHER: Yes, there is, a fair amount.
MR. ALLAN: Do you have tools available now that you would say can be used?
MR. FAIRBROTHER: There are tools available which anyone can use for
this. In GPG software there is a tool whereby you can sign a public key
for messages. In BestCrypt software, which is quite commonly available
for Windows, you can preserve a filing system. Those two together are
enough to provide secure messaging and data in relation to Part III.
MR. ALLAN: In terms of the Chapter 1 traffic data, are you aware of tools being available?
MR. FAIRBROTHER: There are not many available. For Part III, there
are quite a few. You need discipline. For example, if you are using a
mobile phone and you are contacting somebody on a mobile phone from a
public telephone, you do not want to use the same public telephone
every day, you need the discipline to pick a new public telephone every
day. For the serious criminal that is not a problem, but for the lesser
criminal they will not bother. They do not perceive the threat. If the
Government access the keys, the situation is different. You can arrange
things so that it is very very hard to do anything which is insecure.
MR. ALLAN: But for the traffic data side, someone would have to be very organised in order to do that.
MR. FAIRBROTHER: Yes.
MR. ALLAN: So your principal argument in terms of what we are
looking at in having this pool of data itself is the value of having
this pool of data itself, not specifically that people can cover their
tracks within it. The tracks may be there but can they be found?
MR. FAIRBROTHER: The best way is not to have tracks there in the
first place. You can hide it in amongst other data. A favourite one is
to communicate through a doctor's receptionist because they get
hundreds of phone calls. The doctor's receptionist will just pass the
message. It is almost impossible to tell where the message is going.
MR. ALLAN: To the South West Dorset GP Service.
MR. FAIRBROTHER: That is an example of hiding data in other traffic
data, but the best way is not to get traffic data in the first place.
If you only use an unregistered pay-as-you-go mobile occasionally and
use it only for particular purposes, it is very hard to track back to
an individual person.
MR. ALLAN: Do you have any perception as to where we are in the
arm's race, because it is clearly an arm's race between those who want
to do dotty things and those who want to catch them?
MR. FAIRBROTHER: In that arm's race, I reckon it is staying fairly
even. If you bring in long-term data retention, that is a big advantage
to one side. There are some new techniques coming in which have been
developed.
MR. ALLAN: So if data retention comes in in that sense, then people
who are wise to it will find new techniques in order to respond to them?
MR. FAIRBROTHER: Yes.
MR. WHITE: One of the things you seem to be saying is that we are
setting up legislation which is primarily looking at catching organised
crime and catching the terrorists, but that the techniques which are
available mean that what we will end up doing is using this legislation
to catch the common or garden criminal or the stupid terrorist?
MR. FAIRBROTHER: Yes. I gave a couple of examples regarding Bin
Laden. I do not know if this is true or not, but it has been suggested
that because his family owned a satellite company, he had the foresight
to have a friend of his in that company and they would phone him up and
say, "Watch out. The Americans are tracking your location". He said
"Okay" and he stopped using his satellite phone. That is why the Cruise
missile attack failed. Another example is the Omagh Bombing. The police
did not catch the actual bombers but they caught the chap who supplied
the mobile phones. The bombers themselves were clever enough not to use
their own mobile phones. They got them from somewhere else.
MR. WHITE: One of the things which we have been talking about is
the distinction between subscriber data and intrusive data, and the
suggestion that you need judicial authorisation. Do you go along with
that?
MR. FAIRBROTHER: I would, indeed, yes. At the moment, if the police
want much more invasive types of data, they can get it by using PACE
without any problems about European legislation and compliance with
various other Acts.
There is one slight problem, and that is that people have said that
Chapter II of RIPA separates subscriber data from the more intrusive
comms data. I disagree with that entirely. I think section 21(4)(c),
which is the bit that we are referring to, actually includes far, far,
far more than just what you would call subscriber data, which is name
and address of people who are subscribing.
MR. ALLAN: One of the other things which has come through in this
hearing is the difference in regime between the UK and the US. The US
is the country which has the greatest incentive in having suffered the
September 11th attacks for measures like the ones proposed in the ATCS.
Our understanding is that they do not have any mandatory or voluntary
global data retention policy. Do you get any sense of where the debate
is there?
MR. FAIRBROTHER: The debate is constitutional; the American Constitution.
MR. ALLAN: You mean that the Government would if they could but they can't?
MR. FAIRBROTHER: Yes. I am not so sure about data retention. There
is a big program going on under Admiral Poindexter, which is called the
Total Information Awareness Program.
MR. ALLAN: My understanding is that that is based on data that is,
anyway. The key difference is the holding of data which otherwise would
not be held.
MR. FAIRBROTHER: Yes. That in itself is intrusive. You are holding
it not for a specific reason which is either useful to you or to the
people holding the data.
MR. ALLAN: Is there an activists' network in the States? In the UK
there was an activists' network. Presumably, the MOOT project is an
activists' network of people wanting to promote the ----
MR. FAIRBROTHER: Yes. It is security people.
MR. ALLAN: I was thinking of Internet activists. That is strong is it?
MR. FAIRBROTHER: Yes, it is, but not, perhaps, as much as it was
but it still exists. Especially Part III of RIPA, which saw a lot of
people getting annoyed about that. I was one of them.
MR. ALLAN: So we may expect to see people coming forward again next year when the consultation takes place.
MR. FAIRBROTHER: Yes; you can expect it.
MR. WHITE: If you are suggesting that it is next to impossible to catch the terrorists ----
MR. FAIRBROTHER: I am not saying that.
MR. WHITE: ---- given that you do not think that RIPA is the right
way forward or that RIPA is not adequate to catch them, how would you
suggest that we look at it?
MR. FAIRBROTHER: I do not know. I do not really have a problem if
you want to store data to catch terrorists, but if you want to store
data to catch terrorists and then use it for other things, then, yes,
there is a problem. If you want to store it just to catch terrorists, I
do not think you will have a lot of luck, but if you want to do it, I
am not saying you should not do it.
MR. ALLAN: So somebody who has a privacy exposure, your judgment
would be to say, for the purposes of terrorism, I can accept this?
MR. FAIRBROTHER: Yes.
MR. ALLAN: But for the other range of purposes, I cannot?
MR. FAIRBROTHER: Yes. The idea of subscriber details, they were
saying that an inspector would authorise a request nowadays. That
sounds like a reasonable level for an authority to demand, because
Chapter III makes it a demand rather than a request. This creates
problems. There is no penalty on a policeman if he fudges the grounds
for a request. There is no way for a CSP at all to judge whether or not
a particular request is based on proper information, because the police
would not tell them the proper information. They just say, "Here is the
demand. Give us the information". There is no way they can separate out
the information which might be relevant to a particular demand from the
other information we have because they do not know the background.
From the other point of view, the police cannot specify what they
want because they do not know what information the CSPs are holding.
Basically, if you have a demand, you can either limit it to something
like subscriber details or say, "Give me everything". There is not a
lot of difference between them unless it is a specific piece of
information that you need like the location of a particular call.
MR. WHITE: One of the things which has been suggested to us is that
there is a difference between the big ISPs and the smaller ones.
MR. FAIRBROTHER: Yes.
MR. WHITE: Do you see that as a problem?
MR. FAIRBROTHER: In the interception bit, they have one per 10,000.
They intercept one line in 10,000. For a little ISP with less than
10,000 customers, yes, I see it as a big problem for them. You have to
store the data securely. You have to store the data in a format where
it can be searched and be useful.
MR. WHITE: Let me go to my final question. This concerns the use of
SPOCs. Is it a reasonable system if we have a number of SPOCs in
different agencies, or would you prefer to see what has been suggested
by the Home Office as a possible way forward, which is a single SPOC
rather than having a myriad?
MR. FAIRBROTHER: I would like to see a SPOC for a CSP rather than
the police. I guess that different police forces would want different
SPOCs for themselves as well.
MR. WHITE: How would the CSP know that the person who is asking for the information is genuine?
MR. FAIRBROTHER: Having a police SPOC would be useful from that point of view.
MR. WHITE: Is there anything that you think we have not covered which you think we should be looking at?
MR. FAIRBROTHER: No. I think that is just about everything.
MR. WHITE: Thank you very much.
MR. ALLAN: Thank you.
(The witness withdrew)
Back to main Oral Evidence Page.
