Phorm and Fraud Act?

Nicholas Bohm ukcrypto at chiark.greenend.org.uk
Sun, 23 Mar 2008 18:22:11 +0000 

Charles Lindsey wrote:
> On Sun, 23 Mar 2008 06:35:08 -0000, Nicholas Bohm <nbohm@ernest.net> wrote:
> 
>> The problem will be understanding, explaining and convincing a jury 
>> that a cookie is a representation to anyone about anything.
> 
> A Cookie is a bit like a calling card. "Next time you are calling, just 
> mention my name [hands over card] and I will see you are attended to".
> 
> In cookie terminology, a cookie set by example.com will be returned next 
> time you contact example.com's website, causing example.com to take some 
> action different to what they would have taken without that cookie.
> 
> This action maye to your/their advantage/disadvantage. If the cookie was 
> in fact placed there by Phorm, then it is entirely possible that some 
> advantage/disadvantage may ensue. Whether it is you or whether it is 
> example.com that gets 'defrauded' would depend entirely on the 
> circumstances.
> 
> But for sure there are some scenarios where false setting of a cookie 
> could amount to fraud under the act.

This is a most elegant account of what cookies do.

But for all but a tiny fraction of Internet users, there is no 
representation going on at all.  The vast majority don't know when to 
expect a cookie to be set or by whom, or what it means and to whom it 
means it, or what difference any of this makes one way or another to 
their experience of the Internet or any particular part of it.

That is why I say it will be hard for prosecutors to believe juries will 
make anything of fraud by cookie.

It's important not to get carried away by the thought that, all of a 
sudden, deceiving machines counts as fraud when it didn't before. 
Lawyers are simpler creatures than they are sometimes imagined.  They 
let the law go up a fairly silly cul-de-sac when they said, "If you put 
a forged 50p coin in a machine to get a bar of chocolate, nobody is 
deceived because nobody is there when the machine releases the bar of 
chocolate."  Now they have fixed that problem with the Fraud Act. 
Clever chaps.

But it's easy to see that when you put a forged 50p piece in the 
machine, you are representing it to be a genuine one; all the Act 
deprives you of is the defence that you haven't made that representation 
to a person.  This is a far cry from convincing a jury that a machine 
placing a cookie on another machine is representing anything about the 
source or meaning of the cookie.  Common sense tells you what the 
representation is when you put a coin in a machine.  RFCs simply won't 
cut it when it comes to cookies.

Nicholas
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF