URLs, IPs and interception

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Sun, 02 Mar 2008 20:34:02 +0000 

Beer! ! More beer!! The contents of this missive have been edited by 
alcohol!! and the champagne is in the fridge ...  and there's always my 
reasonably extensive collection of single malt, and some blended malt, 
Scotch whiskies for after ..

Roland Perry wrote:

> I agree this is all far too obscure for comfort.

Roland, have a look at Ch2 again, with the "conduct" interpretation in mind.

Ch2 starts off saying Ch2 doesn't cover interception - but is the 
conduct envisaged in Ch2 interception?

Giving out historical traffic data, originally collected by the ISPs in 
accordance with the "conduct" interpretation [1], isn't (not made 
available "in the course of transmission" - the "making available" is 
subsequent to that, and involves historical data not collected for that 
purpose), and nor is giving out other usage data, or subscriber details, 
or whatever 21(4)(b)..(c) data might be.


But suppose Tom Nasty gets access to traffic data, in real time? 
Shouldn't his subsequently giving that information out be interception 
(as it was collected, and thereby made available, during it's 
transmission, and the collection and making available weren't covered by 
S.2(5), under the "conduct" interpretation?).

For ISPs the situation is different - when they collected, and perhaps 
stored [2], the traffic data, that wasn't interception (under the 
"conduct" interpretation).


The "conduct" interpretation seems entirely reasonable, and even 
sensible, to me.

Whether it was what Parliament intended is another question, but I don't 
think the notes give much guidance - the number of MPs who read them, 
well you might need toes as well as fingers to count them, but as a 
proportion of voting MPs they almost certainly don't make half a quorum.


-- Peter Fairbrother



[1] ISPs might be required to store comms data collected in the course 
of transmission, by a law requiring them to do so - but while that 
collection and storage is interception, it's allowed under s.3(3).

Giving the data out subsequently isn't interception, as it doesn't make 
it available to a third (fourth?) party while in the course of it's 
transmission.


[2] They might also be allowed to collect and store traffic data for 
their own purposes (to facilitate the transmission of communications), 
which would not be interception.

Subsequently giving out that traffic data wouldn't be interception in 
the course of transmission - the "making available" part of interception 
would have already happened.