URLs, IPs and interception

Roland Perry ukcrypto at chiark.greenend.org.uk
Sat, 1 Mar 2008 22:02:19 +0000 

In article <47C9BE8F.3060102@zen.co.uk>, Peter Fairbrother 
<zenadsl6186@zen.co.uk> writes
>Assuming you are correct, are URLs traffic data? I exclude any parts 
>after the third slash here.

For consistency I think you should talk about "after the first single 
slash". Although that's not exactly what RIPA specifies, as I've 
described in detail earlier today.

Traffic data associated with a web access is to all intents and purposes 
the identity (IP address normally) of the server [see 2(9) and 
especially the tailpiece].

>I don't think so - when the DNS is done the URL is content (the URL is 
>neither needed nor used to transmit the DNS messages), and when the 
>request is sent to the website only the IP address is needed to 
>transmit the message (usually).

I think you need to split the url up into its constituent parts, and 
think about what is actually sent by the browser and to whom (to a DNS 
server, to the web server, and so on) at the various stages of the 
transaction.

Let's say we want to read: http://www.davros.org/legal/interception.html

The browser turns www.davros.org into 195.173.131.60 by asking a name 
server, during which time it is not interception to pass the necessary 
"www.davros.org" to the DNS server [1].

The browser then asks the server at that IP address for the content of 
the page by sending the whole url (necessary because of virtual servers 
and so on): http://www.davros.org/legal/interception.html as content.

At this stage, the "legal/interception.html" part is not traffic data 
and *would* be interception if siphoned off and sent to a third party; 
but probably the first part of the url is still traffic data because it 
might be needed to identify [2] which virtual server at that IP address 
was being queried.

>Caching might complicate this though.

Not sure if there's anything special about a cache that changes any of 
these basic principles.

[1] This assumes that the human user does not regard the DNS server as 
an "intended recipient", but the belt and braces does work, because even 
the human doesn't think that, but the browser does, it's covered by 
2(5)(b) anyway.

[2] "actuation of apparatus"
-- 
Roland Perry