Phorm and PI
Nicholas Bohm
ukcrypto at chiark.greenend.org.uk
Sun, 09 Mar 2008 17:42:55 +0000
Simon Davies wrote:
> (with apologies if this also appears subsequent to my subscription to
> uk_crypto)
>
> There's been some commentary on this list - and much bile expelled -
> concerning Privacy International's alleged endorsement of Phorm.
I must have missed it, unless Simon is thinking of another list.
> I have made it absolutely clear in numerous news outlets that PI does not
> endorse Phorm. Any claim by the company or anyone else that PI has signed
> off on the technology, its legal compliance or the Phorm process, is
> absolutely incorrect. PI does not endorse products or services.
>
> The controversy arose because Gus Hosein and I (both from PI) created a
> privacy startup called 80/20 Thinking Ltd, which was asked by Phorm to
> review and assess the company's privacy claims. We were not tasked to
> investigate compliance aspects under RIPA.
>
> I haven't had chance to review the uk_crypto archive, but if you haven't
> done so already, perhaps you should be asking Simon Watkin for his take on
> the matter. He has been consulted by Phorm, and as you probably know, has
> produced an assessment of the compliance aspects.
Has this been published?
> My own view is that
> compliance is largely in the hands of the ISP's.
If compliance (i.e. not committing the offence of interception) depends
on the consents of the clients and the servers involved, Phorm can no
doubt delegate the task of getting the consents to ISPs. Was that what
you had in mind? It would of course leave Phorm as the party guilty of
the offence if the necessary consent wasn't obtained.
Nicholas
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF