Phorm and Cookies

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Thu, 03 Apr 2008 17:36:58 +0100 

james2@jfirth.net wrote:
> On 03 April 2008 10:29, Peter Fairbrother wrote:
>> James Firth wrote:
>>
>>> If ISPs do block ports it is usually only inbound traffic, i.e. servers
>>> you run from home.  It has been rumoured that outbound traffic has been
>>> intercepted for certain port numbers at the height of worm attacks such
>>> as Doom and Netsky.
>>>
>>> As far as I can tell, blocking traffic (i.e. refusing to pass messages)
>>> based on IP port numbers is completely legal.  The ISP is choosing only
>>> to implement certain services, distinguishable by traffic information in
>>> the IP header.

>> I disagree. The port number is used by the server on the other end, not
>> the ISP, and the ISP has no business looking at it.
>>
>> The only service which an ISP must provide is the message-passing
>> service - anything else is extra, and the rules which allow the ISP to
>> intercept in order to provide the message-passing service do not apply
>> to any other services.
>>
> 
> Port numbers are completely analogous to service codes/service types in the
> telecommunications industry.  Internet Protocol (IP) is defines 2^16
> different service codes.  In fact Unix-like systems today still call their
> port definition file "services".
> 
> Where is it stated that an ISP has to provide every one of these services?
> 
> Since the port number is at the top of the packet alongside the destination
> address, and is defined as "destination port", the ISP is clearly allowed to
> inspect this information as part of routing traffic.
> 
> If it's clear in the terms of service that users cannot access port 25
> (SMTP) of outside services then surely only competition law could be used to
> challenge this.

I may not have been clear. ISPs do not have to use port numbers in order 
to pass packets on, so looking at port numbers is _always_ interception, 
as 2(5) does not apply.

However this does not necessarily mean that it is unlawful interception, 
and the case of blocking SMPT traffic by looking for port 25 packet 
headers would probably be lawful under 3(3), as it improves the 
message-passing service, a situation analogous to spam and virus scanning.

Whether blocking traffic based on port numbers is lawful interception or 
not depends on the _reason_ for looking at the port number - eg if it's 
done in order to improve the message passing service then the 
interception is lawful under 3(3), but if it's to seperate web traffic 
in order to Phorm it then it isn't.


-- Peter Fairbrother