Friday, 14 December 2012
No black boxes
However, as an ISP, we could end up with an order under RIPA to install a "black box" to monitor some customer that is being investigated by the police. Now, I can appreciate that there may be legitimate reasons that the police need to tap someone's phone or Internet access, but it has to be proportional and specific and justified. Like many I have concerns about any sort of black box ever being installed on our network. This is why I am always happy to state that we don't have any.
One of the issues is that we(I) could get an order to install a "black box" and a "gagging order" so that I must not tell anyone. I am no legal expert, but I can understand that if there is a legal court order requiring me not to say something then I can't say it. What I don't know, and would be quick to ask if ever I got such an order, is whether the law can require that I actively lie to people.
To this end, and as per a pretty standard trick (Warrant Canary), I regularly state that we have no black boxes publicly (e.g. on this blog now) and answer that question on irc and email as and when people ask. If I don't respond or decline to answer you can draw your own conclusion and blog and post about it. Though do give me a chance - even I have days off!
Would this work? Or can the law require me to actively lie about this?
So, what else could we do? Well, for a start, it is standing orders that the staff that go to the data centre should remove anything that is not correctly recorded on our equipment database. If I am bound by a gagging order not to even tell my staff, then any black box would get quickly removed.
One bright idea we had today, which may be logistically difficult, is whether we can set up a live web cam on our rack which can include a screen with current news or irc channel or some such in picture, showing that there are no black boxes. What effect would a gagging order have on that I wonder? Sadly that pretty much means two glass fronted racks facing each other, and we don't have that, so not something we can do yet. If and when we can I'll let you know.
I would hope that this policy stops anyone asking us to install a black box, as it would not be possible to do secretly. I wonder what else we could do to ensure this never happens.
[Obviously we have boxes (routers) that happen to be black, and you know that is not what I mean here]
Update: Now stop it you lot! I did not post this as a cunning way to say we have black boxes, really. We don't. I posted this so that I had something on the matter to put on AAISP's facebook page as we are trying facebook advertising (yes, really) and I can do this targeted at Open Rights Group interest groups, who do seem a responsive lot and will be interested to read about our policy on this and may rush out and buy some Home::1 broadband for Christmas. My feeble attempt at some marketing, but it does reflect my views on the idea of black boxes on my network!
16:32 * mstevens wonders if RevK has ever announced anything irc haven't managed to overcomplicate and confuse