October 1st 2007 is another milestone in the British State Surveillance, when some more of the authoritarian and repressive Labour Government's snooping policies come into legal force. Why were the Opposition parties so feeble and ineffective when these horribly complicated and bureaucratic yet draconian laws and secondary legislation were meant to have been properly scrutinised by Parliament ?

Firstly, Communication Traffic Data, initially for mobile phones and landline telephones and faxes etc. is to be retained by the telecommunications network providers for at least a year i.e. far longer than would otherwise be legal to do so once they have no legitimate business use for the data such itemised phone bills which have been paid.

* Statutory Instrument 2007 No. 2197 - The Regulation of Investigatory Powers (Acquisition and Disclosure of Communications Data: Code of Practice) Order 2007  http://www.opsi.gov.uk/si/si2007/20072197.htm

* Statutory Instrument 2007 No. 2199 - The Data Retention (EC Directive) Regulations 2007  http://www.opsi.gov.uk/si/si2007/20072199.htm

This extension of the Regulation of Investigatory Powers Act 2000 Part II, which has been in force for years, will obviously take a few weeks or months to start to affect the millions of innocent people whose privacy and security is being put at risk "just in case" there may be some unspecified criminal investigation or intelligence agency snooping in the future

However, there is now a further immediate potential threat to your privacy, security and online financial transactions and money, namely Government access to encryption keys or decrypted data, under the Regulation of Investigatory Powers Act Part III Section 49 Disclosure Notices  http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_8#pt3-pb1-l1g49 :

* Statutory Instrument 2007 No. 2196 (C. 85) - The Regulation of Investigatory Powers Act 2000 (Commencement No. 4) Order 2007  http://www.opsi.gov.uk/si/si2007/20072196.htm

* Statutory Instrument 2007 No. 2200 -The Regulation of Investigatory Powers (Investigation of Protected Electronic Information: Code of Practice) Order 2007  http://www.opsi.gov.uk/si/si2007/20072200.htm

Incredibly, this bit of law, which has lain dormant on the statute books for over 7 years, was amended by the notorious Terrorism Act 2006, so that the penalty for refusing to disclose your secret cryptographic Decryption Key(s) or to provide plaintext decrypted versions of the protected data, has been increased from 2 years in prison to 5 years in prison for catch all and undefined "national security investigations". Since the penalties for terrorism or espionage are longer than this, how is this anything but gesture politics ?

There is also the provision for a "tipping off " offence, again, punishable by up to 5 years in prison, if the law enforcement or intelligence agency bureaucrats tick the "secrecy" box on the still as yet undefined format of a Section 49 Notice demanding your cryptographic keys etc.

It sjhould also be remembered that RIPA Part III also makes the Police or Intelligence Agenciy staff legally liable for breaches of the security of seized cryptographic keys or the protected material disclosed under a Section 49 order.

Even though our good advice during the alleged public consultation on the Code of Practice last year has been ignored, we still feel that is is vital that any such cryptographic keys and / or protected plaintext data should itself be encrypted using UK Government approved cryptography or even reasonable commercially or freely available cryptography, especially when on removable media or laptop computers or when transfered via the internet or WiFi etc

If there are any lost or stolen or computer malware infected laptop computers or removable media or USB flash memory devices or plaintext email attachments or data transfers or data backups etc, then those individuals responsible and their bosses, should be prosecuted for malfeasance in public office, and be made to pay financial compensation and damages to anyone whose innocent data, intellectual property or electronic money etc. has been compromised or put at risk.

If, say, the private encryption key for the SSL / TLS Digital Certificate for an e-commerce or internet banking website is compromised by negligent data handling following a RIPA Section 49 Notice, then the amount of damages which a Court might award could run into millions of pounds.

See our sub-blog published last summer  http://spyblog.org.uk/ripa3 during the so called public consultation process on the Code of Practice for RIPA Part III

Please contact us if you are served with a RIPA Section 49 notice, (obviously not if it has a secrecy rider), as we would like to be able to recognise a genuine one, to differentiate it from the inevitable "phishing" scams which will seek to exploit the secrecy and unfamiliarity of the public and commercial with such Notices.

We demand that the RIPA Commissioners, the Home Office and the supposed Single Point of Contact, the National Technical Assistance Centre (now under the management of GCHQ and the Foreign Office) should keep records of, and provide a breakdown of the actual numbers of RIPA Section 49 Notices which have been served. These figures should include how many Section 49 Notices have the "tipping off" secrecy requirement, and how many, according to the Code of Practice, have required that the Financial Services Authority be informed (e.g. when obtaining financial services cryptographic keys).

is my fingers randomly banging on keys,i don't have a clue what it is.so i can't give it to anyone

As a non-techie I am not sure how this affects me or what actions I now need to take to protect myself when the authorities/police decide to use it.
Am I still secure (ie anonymous) when posting on Inymedia, or using say, riseup mail?

advice gratefully awaited

use  https://www.indymedia.org.uk
for secure posting.
and if you feel you need to wipe your tracks google dban and wipe your disk with a combination of russian and us dept of defence software.

Go to
www.knoppix.de
when your there click the english flag and download knoppix.You will need a dvd burner,might be able to get knoppix 3 which fits on cd.Anyway once you burn it boot from cd.When splash screen comes on type knoppix lang=english.= will be shift+0(zero)press enter.when it boots click the blue icon on the taskbar once(left clik)set screen to 1024.By default the browser konquerer will open.clik settings and scroll to configure konqurer.scroll down to browser identification and uncheck the four box's.

added he can disconnect his hard disk for knoppix.
anyway. anyone answar this.i snapped a pin off my hard disk,now 39,but it seems to have made it much faster.anyone know why?

Have you a single drive on that interface ?

Pin 39 on an ATA is the Drive Active / Slave Present signal. During POST, pin 39 shows whether a slave drive is present on the interface and then each drive asserts the signal to indicate that it is active. Breaking the pin will let the signal float. It shouldn't really speed things up unless you had your jumper settings in the wrong position to start with, but I'm guessing on that, I don't want to break a pin on a working drive to test that !