Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Nicholas Bohm nbohm at
Tue Aug 3 18:53:31 BST 2010

Roland Perry wrote:
> In article <4C5835C0.9020803 at>, Nicholas Bohm
> <nbohm at> writes
>> If the CMA makes it an offence to do the unauthorised (knowingly),
>> and we now know that the only things that give us authority is the
>> use of links provided by the webhost, then the CMA is producing a
>> most unsatisfactory result.  The problem is its inbuilt assumption
>> that there is some easily ascertained distinction between what is
>> authorised and what is not, whereas in many cases it is hard to be sure
> My common sense says that if I am unauthorised to view a web page,
> then it will return some kind of error which demonstrates that I have
> not presented valid credentials.

That occurred to me too, after I wrote previously.  It happens from time
to time that I'm told I'm not authorised to see a page.  Although I
don't know the procedure for protecting a page or folder in this way, I
imagine it's trivial to find out and apply it when wanted.

It seems arguable that it isn't unauthorised to access a page unless an
attempt at access is met with a notice to that effect.

> Although I am aware that this falls foul of the Law Enforcement model
> that if you stumble over an unlocked door, that doesn't mean you are
> allowed to open it and go inside. Although I might characterise it
> more as looking through a window where someone has failed to draw the
> curtains.

This does rather illustrate the limitations of analogies.  But it's at
least worth noting that entering a house through an unlocked door isn't
"breaking and entering", precisely because no breaking was involved.

> I'm sure that risk (passers-by seeing what is on a computer screen) is
> one of those which businesses are advised to pay attention to, by the
> ICO, in their advice about complying with the seventh Data Protection
> principle.
> I'm also reminded of those council snoopers who are sent round to peer
> inside a house to see if it's really unoccupied (when the owner claims
> an exemption). Or are such expeditions authorised as RIPA surveillance
> these days?

I suspect they're "directed surveillance" and an appropriate
authorisation is required.

(Where Poole messed up was that no surveillance to find out where
someone was currently living could be proportionate where the issue was
where they had been living at some earlier qualifying date.  Against
stupidity the gods themselves etc.)

Contact and PGP key here <>

More information about the ukcrypto mailing list