Here we go again - ISP DPI, but is it interception?

Peter Fairbrother zenadsl6186 at
Wed Jul 28 18:40:18 BST 2010

Peter Fairbrother wrote:
> Charles Lindsey wrote:
>> On Tue, 27 Jul 2010 02:07:26 +0100, Peter Fairbrother 
>> <zenadsl6186 at> wrote:
>>> Sorry. missed a bit here.
>>> It would be lawful interception under 3(3) if it was being done "for 
>>> purposes connected with the .. operation of that (telecommunications) 
>>> service" - but I don't think it is.
>> It seems that they are monitoring their outbound servers to compile 
>> lists of IP addresses to which stuff is being sent. 
> No they aren't. They are collecting full URLs as sent by their customers.
> Then they request the same pages, and check them for malware etc, or at 
> least that's what they claim to be doing.
>> That would be perfectly legal if used, for example, to fine-tune their 
>> routeing tables.
> Collecting IPs, perhaps - but not full URLs.
>> But they go further by examining the port number and only including 
>> packets addressed to port 80 in their lists. That is trickier, but if 
>> they claim that part of the "telecommunications service" that they 
>> offer is blocking sites that dispense malware, spams, phishes, etc, 
>> then they might claim that this particular interception was for the 
>> purpose of providing that feature of their service.
> They might, and probably will - but they could claim the same for 
> filtering on political grounds, or any grounds they want to,
> RIPA says that they can intercept if it's for purposes connected with 
> the provision or operation of their telecommunications service, which is 
> defined as a service

ooops, missed out a bit here.

“telecommunications service” means any service that consists in the 
provision of access to, and of facilities for making use of, any 
telecommunication system (whether or not one provided by the person 
providing the service); and

“telecommunication system” means any system (including the apparatus 
comprised in it) which exists (whether wholly or partly in the United 
Kingdom or elsewhere) for the purpose of facilitating the transmission 
of communications by any means involving the use of electrical or 
electro-magnetic energy.

Now I could go into detail about this, yet again, but I've done it 
before - so I'll just say that I read that to mean they can only 
intercept  for purposes connected to their ability to pass messages.

TalkTalk's actions do not fall under 3(3) because they do not facilitate 
the transmission of communications. If it didn't happen then people 
would still be able to get web service as normal.

Email spam and virus filtering arguably does fall under 3(3), because if 
it didn't happen then email would be unuseable.

>> What they MUST NOT do is to record the sending address of those 
>> packets, or to correlate that sending address with anything else. But 
>> they explicitly deny that they are doing that.
> That may be in the DPA somewhere, which I'm not too familiar with - but 
> there's nothing like that in RIPA. Sounds a bit more like wishing than 
> legal reality though.
>> So basically, I think what they are doing is potentially a Good Thing, 
>> and most likely lawful.
> It's neither a Good Thing, nor lawful.
> Technically it's not going to work, at all. It's a stupid idea, and 
> malware sites can easily get around it. It cannot be a good thing, 
> because it cannot work.
> And they are looking at full URLs, which is interception, and the reason 
> doesn't fall under 3(3), so it's illegal too.
>> Once they have a list of addresses of sites, they they are perfectly 
>> entitled to visit those sites (as is anybody else) 
> No, they aren't. The internet is not all accessible to the public, 
> people frequently use secrets in their URLs for access control.
> They are entitled to do the same as anybody and access a publicly known 
> site -  but not to access secret URLs. There's more, but that enough by 
> itself.
> It's plain evil - in fact it's probably theft or abstraction of data as 
> well. Customer traffic data belongs to the customers, not the ISP. They 
> should keep their greedy fingers off it.
> -- Peter Fairbrother
> and to probe them for
>> malware. If the site declines their probes, or demands some password 
>> that they don't know, then the site is perfectly entitled to do that.
>> --Charles H. Lindsey ---------At Home, doing my own 
>> thing------------------------
>> Tel: +44 161 436 6131                         Web: 
>> Email: chl at      Snail: 5 Clerewood Ave, CHEADLE, SK8 
>> 3JU, U.K.
>> PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 
>> A4 AB A5

More information about the ukcrypto mailing list