ISPs, traffic data and interception

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Sat, 01 Mar 2008 05:41:59 +0000 

Re-sent message, with a different Subject, as requested.

Ignore otherwise.


-------- Original Message --------
Subject: Re: URLs, IPs and interception
Date: Fri, 29 Feb 2008 23:02:06 +0000
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
Reply-To: ukcrypto@chiark.greenend.org.uk
To: ukcrypto@chiark.greenend.org.uk
References: <47C873A1.6080308@zen.co.uk>

Peter Fairbrother wrote:
> Can someone please correct me if I'm wrong, but doesn't a browser 
> usually work like this: You enter a URL, the browser looks up the IP of 
> the domain name in a nameserver, then sends the URL to that IP address.
> 
> So is there any reason for an ISP to look at the URL (including any 
> parts after the third slash) at all, in order to perform it's function 
> as a CSP?
> 
> And isn't an ISP looking at URLs illegal interception?

Looking at RIPA again (and I'm sorry if it's boring, but !! ..), can an
ISP give out traffic data without it being interception?



Part II doesn't make it an offence to give out traffic data, and it has
been assumed that giving out traffic data is not interception, but I've
just had a look at the relevant part of Part I again.

S.2(5) says:
" (5) References in this Act to the interception of a communication in
the course of its transmission by means of a postal service or
telecommunication system do not include references to—

(a) any conduct that takes place in relation only to so much of the
communication as consists in any traffic data comprised in or attached
to a communication (whether by the sender or otherwise) for the purposes
of any postal service or telecommunication system by means of which it
is being or may be transmitted; or

(b) any such conduct, in connection with conduct falling within
paragraph (a), as gives a person who is neither the sender nor the
intended recipient only so much access to a communication as is
necessary for the purpose of identifying traffic data so comprised or
attached. "



So afaict ISPs giving out or using _any_ traffic data, in any manner or
form, is interception unless it is "conduct [...] for the purposes of
any [...] telecommunication system".

And, afaict (see 2(1)), that's only for purposes that facilitate the
transmission of communications.



So Phorm is out. And so is giving clickstream or URL data, or traffic
data, to anyone unless authorised elsewhere.


Am I incorrect here?


-- Peter