Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,, and, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

Web cryptome

17 September 1998

From: SS
Subject: Police surveillance (Long)
Date: Thu, 17 Sep 1998 16:06:19 +0000


The police, MI5 and the Home Office are trying to push through a scheme
to pressure other service providers to hand over private e-mail
information without the court order that is required for telephone calls
and the mail. Are the police taking liberties with our privacy? Duncan
Campbell reports Police tighten the Net 

TWO WEEKS AGO in the dim hours before dawn, 30 police entered the north
London offices of Demon Internet, one of Britain's biggest Internet
companies, and seized two computer servers and computer logs. It was
Britain's largest-ever Internet raid and although it was part of the
well-publicised Operation Cathedral investigation of the international
"Wonderland" child porn ring, the raid has gone unreported, until now. 
But the inclusion of one of the biggest ISPs (Internet service
providers) in Britain in a major child porn raid has sent a timely,
clear and frightening message to industry insiders. The "Wonderland"
raids, organised by Britain's National Criminal Intelligence Service
(NCIS), took place just days before a police, MI5 and industry
discussion group is due to meet to agree "law enforcement" access to
private information about the Net and its users. 

This afternoon in London, an informal group convened by Acpo, the
Association of Chief Police Officers, is holding a press conference to
announce its plans to introduce a private "memorandum of understanding"
about police access to e-mail users' identities, activities and
messages. Over the next three weeks, senior police officers and key
industry figures will host three seminars in Edinburgh, Manchester and
London to be addressed by police, industry and prosecution computer
specialists. The seminars are being run by a group called the "Acpo, ISP
and Government Forum". The press, public, lawyers and defence computer
legal specialists are excluded. 

"The ISP industry is being privately pressurised into revealing
information that others would not reveal as a matter of course," says
one senior ISP manager who has followed the police-ISP negotiations. 

If the ISP industry were to go along with the current police position,
then ISPs will soon be routinely sent electronic forms under the Data
Protection Act, certifying that the police needed the information
requested for the prevention or detection of crime. The forms were first
introduced in 1994, but had to be extensively revised after being shown
to the office of the Data Protection Registrar, Elizabeth France. 

According to her office, the section of the Act being used "was intended
as an exceptional measure and not as a routine tool . . . it should not
be seen as an easier approach than a court order." 

"We say it time and time again < information can only be released on a
case by case basis. Fishing expeditions are not allowed", France said
this week although they may have happened in the past. 

"It is important that [e-mail] has the same level of protection for
individuals as for any other communications mail and telephone calls".

Although the proposed Data Protection Act forms certify that the
information is required for a specific case, they also say that
information passed "may be used for any other investigation". The forms
have to be countersigned, but do not require the signature of a rank
higher than an inspector. 

If successful, the Acpo initiative would mean that the contents of
e-mail, unlike ordinary mail or telephone conversations, could when
requested in this way be intercepted and read without a warrant from the
Home Secretary. 

It would also mean that it could be produced as evidence in court,
unlike normal mail intercepts or phone taps. Police sources say,
however, that they would not expect access to e-mail as it was being
sent (as opposed to stored e-mail) unless they had a normal phone-tap
warrant. But the Home Office is currently reviewing the Interception of
Communications Act. Home Secretary Jack Straw revealed during this
month's emergency debate on terrorism that a review of the Act,
including necessary technological changes, has been under way since
July. It is understood that this includes reviewing whether or not
e-mail should be treated the same way as ordinary mail. 

The problem for ISPs is not that they object to court orders or police
search warrants being used when they are asked for evidence of serious
Net-related crime, but that the threat of disruptive police raids is
being quietly used to obtain more extensive information, without legal
powers or adequate justification. 

"We've had any number of cases when police have come and asked 'tell us
about all your subscribers who are living in Warwickshire' ", says one
member of the Acpo-ISP group. The problems are that the information may
not exist, may not be obtainable, or, if it did exist, would be illegal
to hand over. 

The worry for legal specialists is that public concern about paedophile
activities in particular could result in ill-advised police-industry
agreements sidestepping privacy laws and good practice. 

"A mood of public alarm taken together with a poorly developed forensic
science is the most dangerous combination imaginable for miscarriages of
justice," says Peter Sommer, a computer forensics research fellow at the
London School of Economics and defence legal specialist. "Those factors
have historically led to some of the gravest judicial errors in our

This month's raid on the ISP may be a case in point. The company
maintains that the police went for the wrong target and arrested an
innocent employee, based on a misunderstanding about how its part of the
Net was engineered and whether or not its employees would have known
what specific users were doing. 

Since "computer forensics is in its infancy", says Sommer, the right way
forward is to legislate and to introduce codes of practice such as are
already in use under the Police and Criminal Evidence Act. "We need to
regularise law enforcement access to and use of computer-derived
evidence. The result will be all the stronger for having been the result
of democratic scrutiny, rather than cosy discussions between a police
lobby group and a few ISPs." 

Police officers face serious problems investigating Net-based crime,
given the diversity of size, sophistication and outlook among ISPs. Even
if Acpo does obtain a "memorandum of understanding" signed by key
industry bodies, this would not be binding on any company providing
services. Many on the ISP side say privately that the description is
inappropriate. They have asked Acpo to reconstitute the proposed
"agreement" as a "guide to best practice" in providing information to
the police. 

Further problems were highlighted at a meeting between police, Home
Office, MI5 and industry specialists held at Scotland Yard three months
ago to discuss what information ISPs could and should make available.
The police and government side asked for "all e-mail sent in the last
week to be recorded as a matter of routine". Another "desirable
facility" was "the ability to turn on logging of all incoming e-mail for
a customer account". 

But the ISP representatives explained that these records were not
normally kept at many ISPs and that creating them for routine police or
MI5 use would be costly. The ISPs were however "happy to do work that
has little or no cost implication and is clearly legal". 

Detective Chief Superintendent Keith Akerman of Hampshire Police,
chairman of the Acpo computer crimes group, told Computing magazine: "We
want to ensure the criminal doesn't take best advantage of the Internet,
without government using the sledgehammer of regulation." 

Acpo was unwilling this week to release any drafts of the proposed
memorandum of understanding, or to provide copies of the form that Acpo
has already drafted to be used by police forces seeking Net information.
The form is based on a system now widely used to get lists of telephone
numbers called from BT and other telecoms providers without Home
Secretary warrants or court orders, which was revealed in OnLine in
September last year. 

Apart from suspicion in some parts of the industry and reluctance in
others, the Acpo and government initiative to access e-mail information
also faces the problem that a new EU directive on communications privacy
comes into force in less than two months. The directive says that:
"Member States shall ensure via national regulations the confidentiality
of communications by means of public telecommunications network and
publicly available telecommunications services. In particular, they
shall prohibit listening, tapping, storage or other kinds of
interception or surveillance of communications, by other than users,
without the consent of the users concerned, except when legally

"There's not much left for a 'memorandum of understanding' to cover,"
says LSE's Sommer. He suspects that, with the directive, a new Data
Protection Act and a Home Office review of the interception of
communications act due in the next three months, the "cosy agreements"
between Acpo and ISPs may be as futile to the police as they are
aggravating to Net civil liberties and privacy campaigners. 


2 August 1996
Following a rash of child porn investigations, the Metropolitan Police
invite Internet service providers (ISPs) to a seminar at New Scotland
Yard to discuss how to deal with obscene material on Net newsgroups. 

9 August 1996
Letter from Metropolitan Police Clubs and Vice unit to ISPs circulates
veiled threat: "We trust that with your co-operation and self regulation
it will not be necessary for us to move to an enforcement policy." A
list of 200 sex-related newsgroups was appended to the letter. Worried
ISPs quickly start ad hoc meetings with police to try and agree a modus

September 1996 
Internet Watch Foundation launched with government backing to consider
curbs on Net content, with particular reference to child pornography. 

October 1996
National Criminal Intelligence Service (NCIS) launches Project Trawler
to study the extent of criminal use of the Net,and the methods law
enforcement officials should use. 

May 1997
NCIS announces results from Project Trawler, and requests urgent action
to introduce laws enabling police to intercept and monitor e-mails. No
action is taken because of the election. 

May 1998
Acpo (Association of Chief Police Officers) and major ISPs plan seminars
to promote informal agreements for police access to e-mail and Net

18 June 1998
Meeting at New Scotland Yard between Home Office, MI5, police, BT and
ISP representatives discusses law enforcement requirements for Net
information, including stored e-mail and logs of Web usage. 

2 September 1998 
Police raids on 11 sites in Britain, including one major ISP, seize
child porn material connected with a US Web site called "Wonderland"; 30
others arrested in 12 other countries. 

22 Sept 1998 
First Acpo seminar in Edinburgh aims to win industry acceptance of
"memorandum of understanding" allowing automated access to ISP
information. [Duncan Campbell is a freelance journalist and not the
Guardian's crime correspondent of the same name] 

17 September 1998 

JYA Note: For Duncan Campbell on the National Security Agency's Echelon global electronic intercept program: