Today in Parliament

James Firth ukcrypto at chiark.greenend.org.uk
Thu, 17 Jul 2008 17:29:59 +0100 

Ian Batten wrote:
> If my ISP knows the URL that I am accessing, then that means they are
> intercepting my TCP stream on port 80.   I thought that was illegal,
> other than for the purposes of running a transparent proxy (which
> fewer and fewer people are doing these days).  If they're recording
> and acting on that information, then that's quite clearly personally
> identifiable data, probably sensitive ditto, and they should have a
> damned good reason for doing it.

Ian, as someone who works (has worked) extensively in the telecoms industry
there is a great deal of confusion over what does and does not constitute
"traffic" information.  The system architects like myself are not always
clued up with the law, and during requirements capture phrases get
misrepresented.

A nonspecific example: "Capture and store traffic information" might become
"Capture and store Layer 2 header information" (which is still, arguably,
correct).  This then may be misrepresented as general "header information"
which could then be interpreted as all the headers, including HTTP headers.

Now obviously the DPI kit would have to be there in the first place for this
kind of requirement to be implemented.

On a wider point, can anyone explain to me why (or indeed if they are) ISPs
are required to capture Domain Name Service (DNS) lookup logs as part of
data retention legislation?  If so, what is supposed to happen if
subscribers choose to use their own or 3rd-party DNS servers?

I ask the question because it is kind of obvious that ISPs need to keep a
log of which IP addresses were assigned to any subscriber at any given point
in time.  I can see the argument for traceability.  But I can't see the
argument for DNS lookups. 

Furthermore I have some concerns about the accuracy of IP address assignment
logs, in that it has since become a legal requirement to keep these records,
however the logging equipment has, to the best of my knowledge, not been
properly audited.  The typical logging mechanism will record when an address
has been assigned, but if a log-write operation fails, it could be
interpreted that an IP address was still assigned to the previous
subscriber.

Questions have already been raised by at least one of the 800 people Virgin
Media sent warning letters accusing them of copyright violations.  I hate to
think a conviction or worse rests on a logging mechanism which has not yet
come under close scrutiny in court (to the best of my knowledge).

James Firth