Theories of whether http strings are comms data....

[Caspar Bowden]

There are two issues:

A) whether 20.4 admits an interpretation which would allow an http string
with embedded parameters, to be called comms data (as opposed to merely the
website - or its IP address)

B) if there is such an interpretation, whether it would be lawful for 21.3
authorized persons to acquire this directly (say via GTAC) without serving
Notice on an ISP

I've tried to give a clearer explanation of the "communication" = "request
to web-server" theory appended below, but there is an alternative (and much
simpler) theory : just eliding...

"any information which includes none of the contents of a communication and
is about the use made by a person of a  telecommunications service"

An http string does not INCLUDE the contents of the thing that it refers to,
and it IS information about the use made by a person of a telecommunications
service. So a log of web pages browsed (e.g. accumulated by the ISP
operating a transparent cache) IS COMMS DATA - without doubt ? (2.1 defines
"telecommunications service" - don't see any problem there)

There then remains the question whether it would be lawful to acquire the
http strings "on the wire". On the one hand it is communications data, so
authorized conduct to obtain it is lawful. On the other hand it is the
content of a communication, so requires a warrant?

I would be not really be happy without amendments that nail all this down -
with such complexity (seemingly by design), and with no definitive or
legally binding clarification of these issues in Hansard so far (anyone ?),
how sure can we be that there isn't a legal trap door? Effectively it is
going to be in one man's unchallenged judgement - the Interception
Commissioner - no-one else will know, or at least be allowed to tell.

BTW - I think we really should make a concerted effort to work in a
reference to some class of communications data that does not contain itself
:)
--
Caspar Bowden               Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at:    www.fipr.org/rip#media

...
"20.(4) In this Chapter 'communications data' means any of the following-
(a) any address or other data comprised in or attached to a communication
(whether by the sender or otherwise) for the
purposes of any postal service or telecommunication system by means of which
it is being or may be transmitted;
(b) any information which includes none of the contents of a communication
(apart from any information falling within paragraph (a)) and is about the
use made by any person-
(i) of any postal service or telecommunications service; or
(ii) in connection with the provision to or use by any person of any
telecommunications service, of any part of a
telecommunication system;
(c) any information not falling within paragraph (a) or (b) that is held or
obtained, in relation to persons to whom he provides the service, by a
person providing a postal service or telecommunications service."

There appears to be a problem in interpreting this to mean a full http
string, because the full string is NOT data BY MEANS of which IT (the
communication) is BEING transmitted (TO the web server) - you just need the
www.bloggs.com but you don't need the stuff after the slashes to deliver it.

But if you construe "communication" not as a message, but as a "request to
transmit a web page", and this is allowed by

"72.-(1) In this Act-'communication' includes-(c) signals serving...for the
actuation or control of any apparatus;"

...then there is a reading where by the "transmission" might refer to the
fulfillment of the request to the web server

Substituting:
"other data comprised in a signal serving for the control of an apparatus
for the purposes of a telecommunication system by means of which it may be
transmitted"

So there is at least a definite ambiguity (!) about whether 'it' refers to
the signal or the 'other data'.