aa.net.uk Broadband - Broadband you can work with

Skip to Navigation / Skip to Content

Black boxes

Policy

We are strongly in favour of basic human rights, including those rights relating to privacy. This means we are opposed to blanket surveillance and snooping on communications, such as your Internet connection.

Having said that, there are, obviously, cases where targeted surveillance on suspects in serious crimes, with suitable controls and oversight, are sensible to detect crime. The distinction is between targeted surveillance, and general surveillance on the public. The latter can have a general chilling effect on rights to free speech, to challenge government, and many other lawful activities and basic human rights.

The law in the UK allows a significant amount of snooping by a variety of means, both targeted and bulk / general monitoring. Indeed, some of this is simply compelling ISPs and telephone companies to record and retain data on everyone and keep it for much longer than may be needed for any technical reasons (data retention).

Our policy is to oppose such general measures wherever we can, and as director of Andrews & Arnold Ltd, I have personally responded to consultations, contacted MPs, and spoken to a parliamentary select committee during the passage of the Investigatory Powers Act in order to try and mitigate some of the measures.

Andrews & Arnold Ltd also supports Open Rights Group and other organisations to help challenge such laws. It is interesting that some of the Investigatory Powers Act has already been challenged, and some parts considered illegal under EU law.

In keeping with our stance on government surveillance, we take your privacy very seriously. Unlike some ISPs, we do not snoop on your traffic for our own commercial purposes, such as for analytics or marketing.

You will be snooped on

The sad truth is, in spite of all we do, you pretty much have to assume you are been snooped on. One of the big issues is that the back-haul networks we (and other ISPs) use could be subject to secret orders to monitor our traffic. My reading of the law is that would not be legal, they would have to ask us to do so, but it is possible that the Home Office may have a different view. The sad part is that this will never see the light of day, or scrutiny by a court, because such orders are secret. It is also similarly possible that peering and transit networks have similar secret orders.

As such, whilst a small ISP, it is unlikely that any such orders would be imposed on us, it is possible that your traffic is already being surveilled.

Canary

We have, to date, followed an idea that started in the US, to include a warrant canary. There are several ways to do this, but the concept is that we post a statement, as per that below, and if we don't update it then you may assume we have had some sort of order. The principle is that we cannot be forced to make a false statement, and so the statement does not get updated.

Under US law, such forced speech is very much illegal, but even so, such canaries have not been tested.

Under UK law, we are advised by lawyers, that it is not in our interests to try and maintain such a canary. It is not a matter of the law forcing us to make a false statement, it is unlikely it can, just that by our choice not to make such a statement we would be disclosing such an order and thus breaking the law (some of which could lead to people like me going to jail!).

As I say above, you have to assume the sad state of affairs under UK law that you are almost certainly being snooped on, and so even our strong stand on this, and even if we risked breaking the law to tell of any orders imposed on us, it would not really change anything for you.

You need to take your own steps to protect your own communications. Use end-to-end encrypted applications, PGP email, Tor, and other means to communicate securely and with the privacy you deserve.

As such, we don't expect to update the following statement on any sort of regular basis, if at all. It may be that if you ask me in person I'll confirm we have no black boxes, etc, but I may not, and if I do not that does not mean any more than my lawyer has been suitably convincing. Sorry.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

As of the 13th December 2017

* A BBC article today http://www.bbc.co.uk/news/technology-42338067
  Broadband over 'wet string' tested for fun

* Andrews and Arnold Ltd have never had a data retention notice under the
  Investigatory Powers Act or previous legislation.

* Andrews and Arnold Ltd have never had any interception capability notice under
  the Investigatory Powers Act or previous legislation.

* Andrews and Arnold Ltd have no "black boxes" snooping generally on customer
  traffic for any government or anyone else.

* At this point Andrews and Arnold Ltd have had no contact from the Home
  Office, or any other government agency, or anyone else, to suggest they
  are considering even talking to us to request any such orders.

* Andrews and Arnold Ltd have a policy to oppose and challenge any general
  surveillance measures being deployed within our network so as to ensure
  customers can enjoy their basic human rights related to privacy.

* Given the advice from our lawyers on the ineffectiveness of "warrant canaries"
  we do not expect to update this notice, but may choose to do so. Nothing can
  be inferred from our choice not to update this notice.

Adrian Kennard
Director
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEK27/mAzq/8+SGneiR3bLOJcuygwFAloxNKQACgkQR3bLOJcu
ygyUiBAArZjoN+3HOhWHLb1oyNhz9LnLvW1QUrpkXtlKg0+aajur9I7a066bFRUJ
rUr6mYxFBStbsJc14J3uk2UxDdJqnp0vQ/g5tP5Ffx3nc/VytT4U5zPE8iaF8eHW
Y4trCudzVTc7JIzHVTHdsn6rziy9tm/Rq9b011W3t01eTTbFwL0XBsY0+JNvHuSA
QztiwnKBvPEZkzozeYi1t9gI7q8XC6BMvT3yUYfR8fmpI12LQMRUqJgYP+kmCoe9
oBqqfIGO2Bkjkpiq7zSEhERNJ6VxKGjm80PMonnvFSlT34knSuVq0sHdD5HAL+Qb
vW+BrkzHvW7B1IwG8fMmaRz190bUsnfEgJ3/6E+V9H3eD6b+cP7So/zTxhqxqNy1
iOvwo8MNZJpJQ5KbRU24bDYqTnFKn1kDtBu6VyGDaCG+Wp7VJS1ZYU4+mCd3dm+W
U005qwMRb2ri/Tj/NikgL8xg/1xs6C/i/y/nhHAH/jUgML9hRuqAj74/Du8kgBfz
DYeWSlllZJ6UeSNmq9ju05qvJ06ue2NNpANk0rXvnMovwK8mP01l29vsOu8Vib8c
34KeOn35dTEohylPhkI9kde1smNibDZYkOg/6L9CEJ4kImre1y7q0FCWITIWUmhT
GUqrhGV+k09r+P2G9gNNYUaLQDZm/knJWhAEkrtQmOXzE/xyGiU=
=NPq+
-----END PGP SIGNATURE-----