Friday, 14 December 2012

No black boxes

As some of you may know, we don't have any government snooping or RIPA black boxes on our network. Obviously we can't comment for BT or transit providers, but we don't.

However, as an ISP, we could end up with an order under RIPA to install a "black box" to monitor some customer that is being investigated by the police. Now, I can appreciate that there may be legitimate reasons that the police need to tap someone's phone or Internet access, but it has to be proportional and specific and justified. Like many I have concerns about any sort of black box ever being installed on our network. This is why I am always happy to state that we don't have any.

One of the issues is that we(I) could get an order to install a "black box" and a "gagging order" so that I must not tell anyone. I am no legal expert, but I can understand that if there is a legal court order requiring me not to say something then I can't say it. What I don't know, and would be quick to ask if ever I got such an order, is whether the law can require that I actively lie to people.

To this end, and as per a pretty standard trick (Warrant Canary), I regularly state that we have no black boxes publicly (e.g. on this blog now) and answer that question on irc and email as and when people ask. If I don't respond or decline to answer you can draw your own conclusion and blog and post about it. Though do give me a chance - even I have days off!

Would this work? Or can the law require me to actively lie about this?

So, what else could we do? Well, for a start, it is standing orders that the staff that go to the data centre should remove anything that is not correctly recorded on our equipment database. If I am bound by a gagging order not to even tell my staff, then any black box would get quickly removed.

One bright idea we had today, which may be logistically difficult, is whether we can set up a live web cam on our rack which can include a screen with current news or irc channel or some such in picture, showing that there are no black boxes. What effect would a gagging order have on that I wonder? Sadly that pretty much means two glass fronted racks facing each other, and we don't have that, so not something we can do yet. If and when we can I'll let you know.

I would hope that this policy stops anyone asking us to install a black box, as it would not be possible to do secretly. I wonder what else we could do to ensure this never happens.

[Obviously we have boxes (routers) that happen to be black, and you know that is not what I mean here]

Update: Now stop it you lot! I did not post this as a cunning way to say we have black boxes, really. We don't. I posted this so that I had something on the matter to put on AAISP's facebook page as we are trying facebook advertising (yes, really) and I can do this targeted at Open Rights Group interest groups, who do seem a responsive lot and will be interested to read about our policy on this and may rush out and buy some Home::1 broadband for Christmas. My feeble attempt at some marketing, but it does reflect my views on the idea of black boxes on my network!

16:32  * mstevens wonders if RevK has ever announced anything irc haven't managed to overcomplicate and confuse

12 comments:

  1. Some datacentres aren't happy with cameras... but how about instead someone sets up a Twitter bot that spams @aaisp every day asking "got any black boxes yet?" and when you finally block it or stop responding... ;-)

    ReplyDelete
    Replies
    1. That is a way to get me to stop answering even when we don't have black boxes. I do not mind the occasional question.

      Delete
    2. GCHQ take note: there's a denial of service attack possible on RevK which can be exploited to make your black boxes less detectable. ;-)

      The video feed idea is an interesting one — but if the authorities can force you to lie, surely they can force you to install the black boxes in a rack out of view? or they tap a splitter off your incoming fibres? or they make you superimpose live video of the news/IRC screen on top of a loop of fake data-centre footage?

      It's an arms race, I guess.

      Delete
  2. So what happens when the ministry of peace gives you a blue box?

    ReplyDelete
  3. Possibly a website like this one?
    http://hasthelargehadroncolliderdestroyedtheworldyet.com/

    ReplyDelete
  4. Have you seen the rsync.net warrant canary? It's online at http://www.rsync.net/resources/notices/canary.txt - the idea is that if it's not updated, if the private key changes, or if the headlines stop being reasonably current, you can reasonably deduce that rsync.net are under a court order that they can't discuss.

    ReplyDelete
    Replies
    1. Someone (who may know) seems to think I would be expected to lie even, which is a concern.

      Yes, I did see the rsync warrant canary, and it does have some interesting advantages over my just answering people in irc, etc. It means actually signing the statement, which means, for example, not "losing" the key, or "forgetting" the pass phrase due to all the stress of the situation. But I wonder what happens if the signing is done by more than one person, myself, and someone that lives outside of UK jurisdiction, who, for no apparent reason, or because they do look at a web cam of my rack, decides to stop signing...

      Delete
  5. Another trick would be for me to support a political party, e.g. something like the pirate party (not sure I want to yet, but for the sake of example). I could tell everyone that if I stop supporting them then that means we have black boxes and a gagging order. I could tell the political party to make my withdraw of support public. All in advance. Then, in order for me to comply with the gagging order I would be forced to support a political party which I would no longer want to. Laws on interfering with political parties win over RIPA and gagging orders and so on, don't they? So again, gagging order loses.

    ReplyDelete
  6. I would imagine that the offence would be in communicating the fact, not in directly telling people. So pre-arranging and then carrying out any of these schemes would be just the same in the eyes of the law as just posting the fact.

    ReplyDelete
    Replies
    1. Well yes, but I think the political party one is tricky - where laws conflict one takes precedence over the other. I doubt a law can force me to continue supporting a political party as doing so would undermine the the whole basis of law.

      Of course, I suspect there is no reason under such a gagging order for me not to start another ISP, not subject to any such order or with black boxes.

      Delete
  7. The law certainly can require you to avoid telling the truth. As well as laws which specifically require you to keep something confidential and not even admit to the fact that you know it (such as the Official Secrets Act), you can be prevented from telling the truth by defamation laws, the Data Protection Act, a whole host of court orders related to identifying minors, etc. How you avoid telling the truth is up to you, but if it takes an outright lie then so be it.

    ReplyDelete
    Replies
    1. Well, as I say, there should be ways to thwart it. What if, for example, someone not in the UK and not subject to the UK RIPA, is the one that signs the warrant canary, and they have access to web cams of the rack, equipment database, switch port config, etc. They would be able to expose the black box quite safely.

      Delete