Annex 5: IMPACT OF ENCRYPTION AND ANONYMISATION
(4.61 above)
1.
In this Annex the following key is used:
(a)
(b)
(c)
(d)
(e)
2.
Eve: Agency.
Alice: Sender of email.
Bob: Recipient of email.
SSL: Secure Sockets Layer.
The communications data being discussed in the following examples is
sender/recipient details.
First example: there is no encryption in use. Eve can obtain access to the content
and sender/recipient details of an email sent by Alice to Bob via the CSP.
Eve
OTT
CSP
CSP
Alice
3.
Bob
Second example: the OTT provider is using SSL, meaning that the content and
sender/recipient details of an email sent by Alice to Bob are visible to the OTT. They
are not visible to the CSP. The CSP is only able to see that the email is to be sent to
the particular OTT provider.
Eve x
OTT
SSL
CSP
CSP
Alice
4.
SSL
Bob
Third example: Eve can access the content and sender/recipient details from the OTT
provider via a warrant or court order. If the OTT provider is based overseas, it may
not cooperate with a UK court order.
Eve
OTT
SSL
CSP
CSP
Alice
SSL
Bob
321