Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Peter Tomlinson pwt at
Mon Aug 2 10:09:56 BST 2010

James Firth wrote:
> Ian Batten wrote:
>> A more likely proposition would be that BT are in a position to frame
>> actions as crimes,
> I don't accept your analogies to imitation firearms or even thefts from
> cars, locked or unlocked.  As you succinctly put it "BT are in a position
> to *frame* actions as crimes".
> It is this which I object to.  A Tesco employee is (was at least) given
> comprehensive training on how to deal with shoplifters.
> Merely acting suspiciously, even taking products and hiding them under
> coats, nests of bags or even ones hat should not be acted upon - even
> thought I suspect this could be shown as conspiracy to commit theft.  The
> employee is trained to gather any available evidence and wait until the
> point which a crime is committed - the items are removed from the shop.
> It is my view that BT are a large organisation and should therefore be in
> a position to understand the CMA and take proportionate action, only
> involving the police where necessary.
> Unless the actions a.) did cause harm (cf. goods have been taken from the
> shop) or b.) there is clear and overwhelming evidence of a substantial
> attack which if left unchecked could cause damage (cf. clear evidence of a
> conspiracy to commit theft) large operators should know full well that
> sending correctly-formed protocol requests is not sufficient evidence to
> bother wasting the police or court time.
> This is the gist of my clearly elitist argument.
And my argument is that protective measures for the user should be 
ubiquitous, free of charge for the core protection service, routinely 
installed and automatic in operation [1]. Thus not elitist. This is 
because the physical world analogies don't really have force in cyberspace.

Whether, in the light of the current Blackberry fuss about encrypted 
email (UAE, Abu Dhabi, India - according to R4 Today), one's email 
service should routinely turn you on to encrypted email, is a discussion 


[1] I wish that Firefox would get its act together on certificate 
checking (either fix it or tell me clearly if I can configure it 
differently) - after getting a strong warning that the IAAC web site's 
https certificate provider was not known, I contacted the organisation 
and was told that they have a bona fide certificate from a bona fide CA 
(was given the basic details).

More information about the ukcrypto mailing list