Police drop BT-Phorm probe
Peter Fairbrother
ukcrypto at chiark.greenend.org.uk
Wed, 24 Sep 2008 00:31:44 +0100
Nicholas Bohm wrote:
> Peter Fairbrother wrote:
>> Nicholas Bohm wrote:
>>> Peter Fairbrother wrote:
>>>> El Reg
>>>> http://www.theregister.co.uk/2008/09/22/bt_phorm_police_drop/
>>>>
>>>> "One of the main reasons for this decision is the lack of Criminal
>>>> Intent on behalf of BT and Phorm Inc in relation to the tests."
>>>>
>>>> Would interception be an offence of strict liability? Shouldn't it be?
>>>
>>> No, I think it needs the ordinary mens rea of intending to do the
>>> acts that constitute the relevant parts of the offence. Very few
>>> offences (if any) require an intent that a crime be committed, and
>>> this certainly isn't one of them. So this "no intent" point reveals
>>> the very dimmest possible failure to engage brain before operating
>>> wordprocessor.
>>>
>>>> If so, is a lack of criminal intent irrelevant? And once it has been
>>>> pointed out that an act is an offence - as is implicit in basing the
>>>> decision not to proceed on a lack of criminal intent - can they go
>>>> ahead and do it again?
>>>>
>>>>
>>>> "It is also believed that there would have been a level of implied
>>>> consent from BT's customers in relation to the tests, as the aim was
>>>> to enhance their products."
>>>>
>>>>
>>>> That sounds very thin indeed - and ignores the requirement for
>>>> consent from the web page owners.
>>>
>>> "Implied consent" requires some circumstance which implies something
>>> about the customer's state of mind, and clearly cannot be present
>>> where the customer knew nothing about what BT was doing and cannot
>>> therefore (e.g. by not objecting) be supposed to have consented or
>>> given even a hint of any attitude at all. This is a very bad point,
>>> even if you ignore the dual consent requirement.
>>>
>>> This police response is just cretinous. I would have a lot more time
>>> for them if they said, "Yes, well, there do seem to have been
>>> offences, at least arguably; but there's some tricky law in there
>>> (namely RIPA s3(3)) which would mean expensive lawyers and might mean
>>> appeals, and almost no real harm was done (though we can see a few
>>> people were messed about a bit); and BT almost certainly won't do the
>>> same thing again if they deploy with customer consent. So it's not
>>> really right for us to spend public money on it, it's a matter for
>>> regulators rather than the police, or for private parties to spend
>>> their own money on." I wouldn't agree with this, but it would at
>>> least be honest and to the point.
>>>
>>> Nick
>>
>> Would this then be a suitable case for judicial review?
>
> I would have thought so, at least on the basis that the decision not to
> prosecute was flawed by errors of law about criminal intent and implied
> consent. The "not worth the expense" point remains, though, so this
> doesn't sound a fruitful avenue.
I'd dispute that point, as the Police also ignored the dual consent
issue completely - and BT have said that they plan to do a (perhaps)
single consent version at some time in the future.
What we want isn't so much to prosecute BT, but to stop them doing it
again - if the Police offered a caution, and BT accepted it, that would
be okay by me. It would have to be public though.
I much prefer to wind up the website
> owners to assert themselves a little - it's their financial interests
> they would be defending.
Yes. I have mentioned this to Google, but no reply - but I have
websites, and "hidden" (non-publicised) HTTP traffic as well. BT/Phorm
would be intercepting traffic to and from my website server without my
consent.
The first real problem is getting the money to seek a permanent
injunction against BT intercepting traffic to and from my website and
hidden pages. Would it be possible to get legal aid?
The second problem is getting a "class action"-type injunction which
applies to every website which hasn't actively consented - though this
might not matter, as they would have to intercept traffic to and from my
website in order to exclude traffic to and from my website from their
spying.
-- Peter Fairbrother