Police drop BT-Phorm probe
Nicholas Bohm
ukcrypto at chiark.greenend.org.uk
Wed, 24 Sep 2008 16:19:34 +0100
Peter Fairbrother wrote:
> Nicholas Bohm wrote:
>> Peter Fairbrother wrote:
>>> Nicholas Bohm wrote:
>>>> Peter Fairbrother wrote:
>>>>> El Reg
>>>>> http://www.theregister.co.uk/2008/09/22/bt_phorm_police_drop/
>>>>>
>>>>> "One of the main reasons for this decision is the lack of Criminal
>>>>> Intent on behalf of BT and Phorm Inc in relation to the tests."
>>>>>
>>>>> Would interception be an offence of strict liability? Shouldn't it be?
>>>>
>>>> No, I think it needs the ordinary mens rea of intending to do the
>>>> acts that constitute the relevant parts of the offence. Very few
>>>> offences (if any) require an intent that a crime be committed, and
>>>> this certainly isn't one of them. So this "no intent" point reveals
>>>> the very dimmest possible failure to engage brain before operating
>>>> wordprocessor.
>>>>
>>>>> If so, is a lack of criminal intent irrelevant? And once it has
>>>>> been pointed out that an act is an offence - as is implicit in
>>>>> basing the decision not to proceed on a lack of criminal intent -
>>>>> can they go ahead and do it again?
>>>>>
>>>>>
>>>>> "It is also believed that there would have been a level of implied
>>>>> consent from BT's customers in relation to the tests, as the aim
>>>>> was to enhance their products."
>>>>>
>>>>>
>>>>> That sounds very thin indeed - and ignores the requirement for
>>>>> consent from the web page owners.
>>>>
>>>> "Implied consent" requires some circumstance which implies something
>>>> about the customer's state of mind, and clearly cannot be present
>>>> where the customer knew nothing about what BT was doing and cannot
>>>> therefore (e.g. by not objecting) be supposed to have consented or
>>>> given even a hint of any attitude at all. This is a very bad point,
>>>> even if you ignore the dual consent requirement.
>>>>
>>>> This police response is just cretinous. I would have a lot more
>>>> time for them if they said, "Yes, well, there do seem to have been
>>>> offences, at least arguably; but there's some tricky law in there
>>>> (namely RIPA s3(3)) which would mean expensive lawyers and might
>>>> mean appeals, and almost no real harm was done (though we can see a
>>>> few people were messed about a bit); and BT almost certainly won't
>>>> do the same thing again if they deploy with customer consent. So
>>>> it's not really right for us to spend public money on it, it's a
>>>> matter for regulators rather than the police, or for private parties
>>>> to spend their own money on." I wouldn't agree with this, but it
>>>> would at least be honest and to the point.
>>>>
>>>> Nick
>>>
>>> Would this then be a suitable case for judicial review?
>>
>> I would have thought so, at least on the basis that the decision not
>> to prosecute was flawed by errors of law about criminal intent and
>> implied consent. The "not worth the expense" point remains, though,
>> so this doesn't sound a fruitful avenue.
>
> I'd dispute that point, as the Police also ignored the dual consent
> issue completely - and BT have said that they plan to do a (perhaps)
> single consent version at some time in the future.
>
> What we want isn't so much to prosecute BT, but to stop them doing it
> again - if the Police offered a caution, and BT accepted it, that would
> be okay by me. It would have to be public though.
>
> I much prefer to wind up the website
>> owners to assert themselves a little - it's their financial interests
>> they would be defending.
>
> Yes. I have mentioned this to Google, but no reply - but I have
> websites, and "hidden" (non-publicised) HTTP traffic as well. BT/Phorm
> would be intercepting traffic to and from my website server without my
> consent.
>
>
> The first real problem is getting the money to seek a permanent
> injunction against BT intercepting traffic to and from my website and
> hidden pages. Would it be possible to get legal aid?
There's not a lot of that about these days.
> The second problem is getting a "class action"-type injunction which
> applies to every website which hasn't actively consented - though this
> might not matter, as they would have to intercept traffic to and from my
> website in order to exclude traffic to and from my website from their
> spying.
Class actions don't work usefully under UK rules because they don't
confer benefits on those who don't join in.
What is needed is for a few of the majors to get together once they
recognise the threat to their business model.
Nick
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF