Police drop BT-Phorm probe

Tom Thomson ukcrypto at chiark.greenend.org.uk
Mon, 22 Sep 2008 20:25:37 +0100 

> "One of the main reasons for this decision is the lack of Criminal
> Intent on behalf of BT and Phorm Inc in relation to the tests."

What I don't understand is how the CLP could claim that there was a lack 
of criminal intent.  There are many criminal acts here but let's pick a 
few of them:

Processing sensitive personal data without informed consent:  they surely 
can't claim that they didn't intend the data to be processed?  But unless 
they could claim that and make a court or jury believe it they would be 
found to have criminal intent.

Interception without appropriate authority or consent:  they can't claim 
that they intended to obtain consent because it's quite clear that they 
did nothing to obtain it and their own statement was that they didn't 
intend to inform customers because their customers weren't clever enough 
to understand.  But unless they can convince a court or a jury either that 
they didn't intend to intercept anything or that they did intend to obtain 
consent they would be found to have criminal intent.

I'm not sure if disclosing sensitive data to third parties is a criminal 
offense as opposed to a civil issue, but if it is an offense then they 
would have to convince a court or a jury that they were not reckless as to 
whether such data would be disclosed - and since they clearly know how to 
use cookies, they would have a hard job doing that - or they would be 
found to have had criminal intent (or mens rea on grounds of recklessness 
as to probable consequences, which satisfies the requirement that would 
alternatively be satisfied by criminal intent).

Did they register this processing of data with the data protection 
registrar, and explain what processing they intended to undertake?  Did 
they intend to register and explain - I would say clearly not, which (if 
the offence of not doing so is a crime) is once again criminal intent.

> That sounds very thin indeed - and ignores the requirement for consent
> from the web page owners.

It's not just very thin, it is utter claptrap, I think.  Unless they claim 
that by using their service we implicitly consent to all our 
communications being intercepted, which is so far-fetched as to stagger 
belief.

M.

-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk 
[mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of Peter 
Fairbrother
Sent: 22 September 2008 18:51
To: ukcrypto@chiark.greenend.org.uk
Subject: Police drop BT-Phorm probe

El Reg
http://www.theregister.co.uk/2008/09/22/bt_phorm_police_drop/


Would interception be an offence of strict liability? Shouldn't it be?

If so, is a lack of criminal intent irrelevant? And once it has been
pointed out that an act is an offence - as is implicit in basing the
decision not to proceed on a lack of criminal intent - can they go ahead
and do it again?



"It is also believed that there would have been a level of implied
consent from BT's customers in relation to the tests, as the aim was to
enhance their products."



-- Peter Fairbrother