Digital Wiretap Warrant: Improving the security of ETSI Lawful Interception

Lawful Interception (LI) of data communications is an essential tool for Law Enforcement Agencies (LEA) in order to investigate criminal activities carried out or coordinated by means of Internet. However, the ability to secretly monitor the activities of citizens also has a great impact on civil rights. Therefore, democratic societies must prevent abuse and ensure that LI is only employed in specific cases with justifiable grounds or a probable cause. Nowadays, in many countries each interception must be authorized by a wiretap warrant, usually issued by a judge. However, this wiretap warrant is merely an administrative document that should be checked by the network or service operator before enabling the monitoring of its customers, whose communications are later handed over to a LEA in plaintext. This paper proposes the idea of employing a Digital Wiretap Warrant (DWW), which further protects the civil liberties, security and privacy of LI by ensuring that monitoring devices can only be enabled with a valid DWW, and by encrypting the captured data so only the authorized LEA is able to decrypt those communications. Moreover, in the proposed DWW framework all digital evidence is securely time-stamped and signed, thus guaranteeing that it has not been tampered with, and that a proper chain of custody has been met. In particular this paper proposes how to apply the DWW concept to the lawful interception framework defined by the ETSI LI Technical Committee, and evaluates how the additional security mechanisms could impact the performance and storage costs of a LI platform.     

From porn to cybersecurity passing by copyright: How mass surveillance technologies are gaining legitimacy … The case of deep packet inspection technologies

Recent coverage in the press regarding large-scale passive pervasive network monitoring by various state and government agencies has increased interest in both the legal and technical issues surrounding such operations. The monitoring may take the form of which systems (and thus potentially which people) are communicating with which other systems, commonly referred to as the metadata for a communication, or it may go further and look into the content of the traffic being exchanged over the network. In particular the monitoring may rely upon the implementation of Deep Packet Inspection (DPI) technologies. These technologies are able to make anything that happens on a network visible and recordable. While in practice the sheer volume of traffic passing through a DPI system may make it impractical to record all network data, if the system systematically records certain types of traffic, or looks for specific patterns in all traffic, the privacy concerns are highly significant. The aim of this paper is twofold: first, to show that despite the increasing public awareness in relation to the capabilities of Internet service providers (ISPs), a cross-field and comparative examination shows that DPI technologies are in fact progressively gaining legal legitimacy; second to stress the need to rethink the relationship between data protection law and the right to private life, as enshrined in Article 8 of the European Convention on human rights and Article 7 of the European Charter of fundamental rights, in order to adequately confine DPI practices. As a result, it will also appear that the principle of technical neutrality underlying ISP's liability exemptions is misleading.     

How to control interception-does the UK strike the right balance?

This Article critically analyses the regime for intercepting the content of communications under the Regulation of Investigatory Powers Act 2000 in the light of the recent ruling by the European Court of Human Rights in Kennedy v the UK. It looks at the safeguards for privacy protection provided such as the requirement for a warrant and the roles of the Investigatory Powers Tribunal and the Interception of Communications Commissioner and whether these safeguards are compliant with Article 8 of the European Convention of Human Rights.     

警察在拦截车辆时预防袭警的战术

警察在拦截车辆时预防袭警的战术,首先必须明确犯罪分子可能袭警的时机,其次是掌握迫近和拦截车辆的战术原则,最后是加强对袭警事件的预防和演练。     

How about me? The scope of personal information under the Australian Privacy Act 1988

A recent Australian Federal Court decision has raised the issue of the scope of information protected under the Australian Privacy Act 1988. The Court failed to adequately address this question, leaving Australians unsure as to whether sections of their information, such as the IP addresses allocated to their mobile devices, will be considered personal information under the Act. The main consideration the Court dealt with was what it means for information to be “about” an individual. In this paper I address two questions: a) how is information determined to be “about” an individual under the Act; and b) how should this determination be made in the future? I conclude that currently available guidance from the courts, the Australian Information Commissioner and scholarly commentary are inadequate to enable individuals, organisations and agencies to consistently make such determinations. Accordingly I draw on approaches to this question taken in Canada, New Zealand, the European Union and the United Kingdom to argue that the definition should be broadly interpreted in a technologically-aware manner. This will help to ensure that personal information is more comprehensively protected under the Privacy Act.     

英国《1985年通信截收法》：立法背景、制度架构及当代命运

通信截收是英国侦查机构和情报机构长期适用的高效秘密侦查手段，但却缺乏起码的法律依据。1984年．欧洲人权法院就Malone v．the United Kingdom一案所作的判决对推进英国通信截收的立法进程．促使英国《1985年通信截收法》的出台起到了巨大的推动作用。《1985年通信截收法》的内容涉及通信截收之禁止；通信截收许可证的范围、签发、期间及其修正；隐私之保护；通信截收的法律监督及其违法通信截收的救济渠道等等。由于历史的局限性，英国（（1985年通信截收法》存在不少缺陷，《2000年侦查权规制法》最终取而代之，从而使英国的通信截收制度更加完备和发达。