Today in Parliament

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <0F1F58F4-B6AF-4FD2-841B-861F1CC83527@batten.eu.org>, Ian
Batten <igb@batten.eu.org> writes

>
>On 17 Jul 08, at 1619, Lord West of Spithead wrote:
>
>> A lot of
>> information is available to the internet service providers through
>> headers, URLs and so on.
>
>If my ISP knows the URL that I am accessing, then that means they are  
>intercepting my TCP stream on port 80.   I thought that was illegal,

not necessarily, there are a number of statutory exemptions

>other than for the purposes of running a transparent proxy (which  
>fewer and fewer people are doing these days).  If they're recording  
>and acting on that information, then that's quite clearly personally  
>identifiable data, probably sensitive ditto, and they should have a  
>damned good reason for doing it.

you're mixing up RIP issues (does the interception meet one of the
exemptions?) with DPA issues (does their processing conform to the data
protection principles ?)

In that context, note this system:

  http://www.hitwise.co.uk/products-services/how-we-do-it.php

which is from all accounts completely DPA compliant.

Doubtless the ISPs that deploy it are able to tell you which section of
RIP they invoke to make it lawful under that Act...  (I'd guess they'd
argue that they need to understand website popularity to adequately
dimension their networks... but that's only arm waving by me, you'd need
to ask them why they believe it to be lawful).

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSH9xh5oAxkTY1oPiEQJ5FgCg62o50k0w8gsLC+9SMX+Qk1pKD68An2N4
oLQId2GfazZ+TMoxPlKoG3n7
=0pKq
-----END PGP SIGNATURE-----