Peter Fairbrother Evidence
MR. WHITE: Our final witness is Peter Fairbrother, who is described in my brief as a freelance mathematician.
MR. FAIRBROTHER: I am a mathematical cryptographer. I have recently become interested in information security, particularly in things like RIPA. I would like to make a couple of points. Just storing data by itself is intrusive whether or not anyone gets round to accessing it. The point I made about traffic analysis not being terribly effective, particularly against the more determined criminal, is one point to take on board when you are making a judgment and balance between intrusion, effectiveness and what you are seeking to achieve.
MR. ALLAN: RIPA Part III is the Government’s ability to demand cryptography keys. We were told that you have launched a software product called MOOT, which is, I assume, one of these throw-away key systems where people can encrypt data and are not able to provide the key?
MR. FAIRBROTHER: Yes.
MR. ALLAN: Even if asked.
MR. FAIRBROTHER: Yes. It is a CD based system. It does not use the operating system on the computer. It has its own operating system. For messages it uses throw-away keys. To store data, you have a filing system but you cannot tell whether there is a file in it. It also uses storage in foreign data havens.
MR. ALLAN: Is there a lot of interest in the IT community in this project?
MR. FAIRBROTHER: Yes, there is, a fair amount.
MR. ALLAN: Do you have tools available now that you would say can be used?
MR. FAIRBROTHER: There are tools available which anyone can use for this. In GPG software there is a tool whereby you can sign a public key for messages. In BestCrypt software, which is quite commonly available for Windows, you can preserve a filing system. Those two together are enough to provide secure messaging and data in relation to Part III.
MR. ALLAN: In terms of the Chapter 1 traffic data, are you aware of tools being available?
MR. FAIRBROTHER: There are not many available. For Part III, there are quite a few. You need discipline. For example, if you are using a mobile phone and you are contacting somebody on a mobile phone from a public telephone, you do not want to use the same public telephone every day, you need the discipline to pick a new public telephone every day. For the serious criminal that is not a problem, but for the lesser criminal they will not bother. They do not perceive the threat. If the Government access the keys, the situation is different. You can arrange things so that it is very very hard to do anything which is insecure.
MR. ALLAN: But for the traffic data side, someone would have to be very organised in order to do that.
MR. FAIRBROTHER: Yes.
MR. ALLAN: So your principal argument in terms of what we are looking at in having this pool of data itself is the value of having this pool of data itself, not specifically that people can cover their tracks within it. The tracks may be there but can they be found?
MR. FAIRBROTHER: The best way is not to have tracks there in the first place. You can hide it in amongst other data. A favourite one is to communicate through a doctor’s receptionist because they get hundreds of phone calls. The doctor’s receptionist will just pass the message. It is almost impossible to tell where the message is going.
MR. ALLAN: To the South West Dorset GP Service.
MR. FAIRBROTHER: That is an example of hiding data in other traffic data, but the best way is not to get traffic data in the first place. If you only use an unregistered pay-as-you-go mobile occasionally and use it only for particular purposes, it is very hard to track back to an individual person.
MR. ALLAN: Do you have any perception as to where we are in the arm’s race, because it is clearly an arm’s race between those who want to do dotty things and those who want to catch them?
MR. FAIRBROTHER: In that arm’s race, I reckon it is staying fairly even. If you bring in long-term data retention, that is a big advantage to one side. There are some new techniques coming in which have been developed.
MR. ALLAN: So if data retention comes in in that sense, then people who are wise to it will find new techniques in order to respond to them?
MR. FAIRBROTHER: Yes.
MR. WHITE: One of the things you seem to be saying is that we are setting up legislation which is primarily looking at catching organised crime and catching the terrorists, but that the techniques which are available mean that what we will end up doing is using this legislation to catch the common or garden criminal or the stupid terrorist?
MR. FAIRBROTHER: Yes. I gave a couple of examples regarding Bin Laden. I do not know if this is true or not, but it has been suggested that because his family owned a satellite company, he had the foresight to have a friend of his in that company and they would phone him up and say, “Watch out. The Americans are tracking your location”. He said “Okay” and he stopped using his satellite phone. That is why the Cruise missile attack failed. Another example is the Omagh Bombing. The police did not catch the actual bombers but they caught the chap who supplied the mobile phones. The bombers themselves were clever enough not to use their own mobile phones. They got them from somewhere else.
MR. WHITE: One of the things which we have been talking about is the distinction between subscriber data and intrusive data, and the suggestion that you need judicial authorisation. Do you go along with that?
MR. FAIRBROTHER: I would, indeed, yes. At the moment, if the police want much more invasive types of data, they can get it by using PACE without any problems about European legislation and compliance with various other Acts.
There is one slight problem, and that is that people have said that Chapter II of RIPA separates subscriber data from the more intrusive comms data. I disagree with that entirely. I think section 21(4)(c), which is the bit that we are referring to, actually includes far, far, far more than just what you would call subscriber data, which is name and address of people who are subscribing.
MR. ALLAN: One of the other things which has come through in this hearing is the difference in regime between the UK and the US. The US is the country which has the greatest incentive in having suffered the September 11th attacks for measures like the ones proposed in the ATCS. Our understanding is that they do not have any mandatory or voluntary global data retention policy. Do you get any sense of where the debate is there?
MR. FAIRBROTHER: The debate is constitutional; the American Constitution.
MR. ALLAN: You mean that the Government would if they could but they can’t?
MR. FAIRBROTHER: Yes. I am not so sure about data retention. There is a big program going on under Admiral Poindexter, which is called the Total Information Awareness Program.
MR. ALLAN: My understanding is that that is based on data that is, anyway. The key difference is the holding of data which otherwise would not be held.
MR. FAIRBROTHER: Yes. That in itself is intrusive. You are holding it not for a specific reason which is either useful to you or to the people holding the data.
MR. ALLAN: Is there an activists’ network in the States? In the UK there was an activists’ network. Presumably, the MOOT project is an activists’ network of people wanting to promote the —-
MR. FAIRBROTHER: Yes. It is security people.
MR. ALLAN: I was thinking of Internet activists. That is strong is it?
MR. FAIRBROTHER: Yes, it is, but not, perhaps, as much as it was but it still exists. Especially Part III of RIPA, which saw a lot of people getting annoyed about that. I was one of them.
MR. ALLAN: So we may expect to see people coming forward again next year when the consultation takes place.
MR. FAIRBROTHER: Yes; you can expect it.
MR. WHITE: If you are suggesting that it is next to impossible to catch the terrorists —-
MR. FAIRBROTHER: I am not saying that.
MR. WHITE: —- given that you do not think that RIPA is the right way forward or that RIPA is not adequate to catch them, how would you suggest that we look at it?
MR. FAIRBROTHER: I do not know. I do not really have a problem if you want to store data to catch terrorists, but if you want to store data to catch terrorists and then use it for other things, then, yes, there is a problem. If you want to store it just to catch terrorists, I do not think you will have a lot of luck, but if you want to do it, I am not saying you should not do it.
MR. ALLAN: So somebody who has a privacy exposure, your judgment would be to say, for the purposes of terrorism, I can accept this?
MR. FAIRBROTHER: Yes.
MR. ALLAN: But for the other range of purposes, I cannot?
MR. FAIRBROTHER: Yes. The idea of subscriber details, they were saying that an inspector would authorise a request nowadays. That sounds like a reasonable level for an authority to demand, because Chapter III makes it a demand rather than a request. This creates problems. There is no penalty on a policeman if he fudges the grounds for a request. There is no way for a CSP at all to judge whether or not a particular request is based on proper information, because the police would not tell them the proper information. They just say, “Here is the demand. Give us the information”. There is no way they can separate out the information which might be relevant to a particular demand from the other information we have because they do not know the background.
From the other point of view, the police cannot specify what they want because they do not know what information the CSPs are holding. Basically, if you have a demand, you can either limit it to something like subscriber details or say, “Give me everything”. There is not a lot of difference between them unless it is a specific piece of information that you need like the location of a particular call.
MR. WHITE: One of the things which has been suggested to us is that there is a difference between the big ISPs and the smaller ones.
MR. FAIRBROTHER: Yes.
MR. WHITE: Do you see that as a problem?
MR. FAIRBROTHER: In the interception bit, they have one per 10,000. They intercept one line in 10,000. For a little ISP with less than 10,000 customers, yes, I see it as a big problem for them. You have to store the data securely. You have to store the data in a format where it can be searched and be useful.
MR. WHITE: Let me go to my final question. This concerns the use of SPOCs. Is it a reasonable system if we have a number of SPOCs in different agencies, or would you prefer to see what has been suggested by the Home Office as a possible way forward, which is a single SPOC rather than having a myriad?
MR. FAIRBROTHER: I would like to see a SPOC for a CSP rather than the police. I guess that different police forces would want different SPOCs for themselves as well.
MR. WHITE: How would the CSP know that the person who is asking for the information is genuine?
MR. FAIRBROTHER: Having a police SPOC would be useful from that point of view.
MR. WHITE: Is there anything that you think we have not covered which you think we should be looking at?
MR. FAIRBROTHER: No. I think that is just about everything.
MR. WHITE: Thank you very much.
MR. ALLAN: Thank you.