Wednesday, 18 February 2015
I have commented as to how the "Snooper's charter" is so out of date already, but it gets worse.
I was chatting to someone at LINX who has been at some of the ICANN/IANA type meetings covering the top level operation of "the Internet". It is a complex and worrying arrangement where ultimately everything, including domain names and IP addresses, ultimately gets authority from IANA which is part of ICANN which has a contract from the US government (which is all changing, maybe).
We already see some crazy steps in verification of domain owner details, and the anecdote I was told was positively scary. Apparently, at such meetings, there are people from law enforcement like Interpol. They want things like "the ability to take an IP address off the Internet" or even remove whole ranges.
But one of the scariest and amusing comments was that they apparently were confused over verifying a phone number against an address. Surely one can check the phone book? A comment was made that "well, you can take your phone number with you when you move" and apparently the Interpol person was "No you can't?!". They seemingly had no idea that a phone number was not physically tied to an address for ever,
Even 50 years ago when phone lines and numbers were more physically associated using elect-mechanical exchanges, one could move house within a town and take a phone number or arrange an out-of-area line. These days you can do it and move to anywhere (in the world) if you want. Many phone numbers have no physical presence in the first place (as with all of our VoIP numbers). They are just an over-the-top logical service to convey voice. Why would they have "an address"?
What is worrying is that people in power to influence policy that could affect us all are so totally and utterly clueless. And for a change I am not even picking on David Cameron.
But just considering UK law, and EU law, there needs to be a massive shake up. The whole concept of communications and communications providers needs redefining to fit with reality now, and in the future. The current definitions simply don't work, and it is only going to get more complex.
There is a need for some laws and regulations, I am sure, but the current laws do not fit and do not work.
The one RIPA request we had that was actually related to some mis-use of something by a customer was one where we sent a member of staff to court for his trial, an he ended up spending most of his time explaining how things worked to both prosecution and defence. Neither of them had any clue that you could route a geographic phone number to a mobile phone and/or a SIP phone or PABX and even a landline or have them go to them all at once or have calls from somewhere present any number you like. In the end the case, of someone making stupid bomb threats (allegedly) ,was thrown out. We got bugger all for his time, and in future will "offer" consultancy services at commercial rates and not offer to be an witness. Lesson learned.
The endless possibilities of layers on layers of communications with levels of encryption and different means of addressing are just beyond anything anyone in parliament or the EU has any clue.
How do we fix this?