Wednesday, 23 December 2015

#IPBill Christmas Quiz

[Updated 1 January 2016 with answers at foot of page]

Now that everyone has sent in their submissions to the Joint Parliamentary Committee scrutinising the draft Investigatory Powers Bill, here is a little Christmas quiz to alleviate the withdrawal symptoms.

For most of the questions you need only study the draft Bill. One requires the Explanatory Notes. For one other you have to go slightly further afield. Answers may be indeterminate.

  1. When is a person not a “person”? 
  2. What is an internet communications service? 
  3. How many times does ‘proportionate’ appear? 
  4. How does generation of data differ from obtaining data by generation? 
  5. What may identify an identifier? 
  6. When might you have to grapple with the meaning of meaning? 
  7. How many times is encryption mentioned? 
  8. Can general be specific? 
  9. Which two differently worded provisions describe the same thing? 
  10. When is data not itself?

Q1.When is a person not a “person”?

In Part 2.

“Person” is defined in Clause 195(1) to include “an organisation and any association or combination of persons”. But that does not apply to Part 2 (dealing with targeted and thematic interception and other types of lawful authority for interception).

Q2. What is an internet communications service?

Anyone’s guess, as was the case with DRIPA and the CTSA 2015.

Clause 47(4)(b) of the draft Bill describes one of three grounds on which the authorities may access an internet connection record. It rests on the critical undefined term 
internet communications service, which is neither a legal nor a technical term of art. 

The Explanatory Notes (paras 120 and 122) give the impression that internet communications service might mean a human to human messaging service, such as e-mail or text messaging. In her statement to Parliament introducing the draft Bill the Home Secretary said that law enforcement would be able to access records about a communications website, but not a mental health website, a medical website or even a news website. But the Guide to Powers and Safeguards (para 46) mentions mapping services. If a mapping service would be included, where is the intended dividing line?

Q3. How many times does ‘proportionate’ appear?


Q4. How does generation of data differ from obtaining data by generation?

We know they must be different because Clause 71 (the data retention power) mentions both:

“The requirements or restrictions mentioned in subsection (7)(d) may, in particular, include … (b) requirements or restrictions in relation to the obtaining (whether by collection, generation or otherwise), generation or processing of— (i) data for retention …”. (emphasis added).

How do they differ? Hmm.

Q5. What may identify an identifier?

Communications data.

Clause 71(9) refers to “communications data which may be used to identify, or assist in identifying … (f) the internet protocol address, or other identifier, of any apparatus to which a communication is transmitted for the purpose of obtaining access to, or running, a computer file or computer program.” (emphasis added).

Clause 71(9) also tells us that “identifier” means an identifier used to facilitate the transmission of a communication.

Q6. When might you have to grapple with the meaning of meaning?

When considering what constitutes the content of a communication.

The definition of “content of a communication” (Clause 193(6)) refers to elements which reveal “anything of what might reasonably be expected to be the meaning of the communication”. We can perhaps see what this is getting at when considering a message that one human being has written to another; but what is meant by the ‘meaning’ of a machine to machine communication, or of the background exchanges between device and server that take place when we access a website? Do we have to consider what 
meaning means to a computer?

Q7. How many times is encryption mentioned?

By name, once (in Clause 169, oversight functions of the Investigatory Powers Commissioner).

In addition Clause 189 (technical capability notices) affects encryption. But similarly to the existing interception capability regulations made under RIPA the clause refers to removal of “removal of electronic protection applied by a relevant operator to any communications or data”.

Q8. Can general be specific?

The draft Bill (e.g. Clause 111(4)) says that the “specified operational purposes” stated in a warrant cannot merely recite the statutory purposes such as national security, but may still be general purposes. However the Home Office Guide to Powers and Safeguards refers throughout to a 
specific operational purpose.

Q9. Which two differently worded provisions describe the same thing?

Clauses 47(6) and 71(9)(f), apparently.

Clause 47(6) defines an “internet connection record”. According to the Explanatory Notes (paras 120 and 190) Clause 71(9)(f) also describes internet connection records. The two provisions are significantly different. 47(6) refers to data identifying a destination “telecommunications service” whereas 71(9)(f) refers to communications data identifying a destination “internet protocol address, or other identifier, of any apparatus”.

Q10. When is data not itself?

When it includes “any information which is not data” (Clause 195(1)).