Consultation on change to RIP interception definition
igb at batten.eu.org
Wed Nov 10 13:54:18 GMT 2010
On 10 Nov 2010, at 09:58, Richard Clayton wrote:
> In article <GGmSXGWvbV2MFA7N at highwayman.com>, Richard Clayton
> <richard at highwayman.com> writes
>> There is a brand new consultation from the Home Office which aims to fix
>> the deficiencies in UK interception law that were identified as a result
>> of the Phorm debacle...
>> The consultation isn't yet on any of the myriad Home Office websites...
>> doubtless cuts in webmasters are to blame for that, and it will turn up
>> real soon now! (hello Simon!)
> Now visible:
Given that potential value of an interception-based advertising proposition, and the investment that would be involved in setting it up, £10K (page 5 (*)) is neither here nor there. The rest of the document describes a complex system of appeals and submissions to make sure that a CSP will realistically not even have to pay this piece of loose change if they don't want to.
If the document made it clear that the penalty was £10000 per customer (ie: install an illicit DPI capability on your million-customer ISP network, write a cheque for ten billion) then it would be one thing, but that's clearly not the intent. Another free pass for CSPs from the Home Office: pay at most ten grand, get a license to intercept. The reasons for not making it a criminal penalty are laughable, too: crimes that take place in multiple jurisdictions are hardly new or unique to RIPA, and if the response is to make them non-crimes then criminals just need to make sure they drive across a county boundary in the course of any fraud. There's no mechanism to stop CSPs from performing "illegal" interception so long as they continue to pay £10K once in a while: there's no provision for injunctive relief, for example.
The document makes it clear that the changes are being wrung at gunpoint by the EU, but has been written with the intent of giving the CSPs a soft ride. £10K simply isn't a plausible penalty to modify their behaviour in any way, and because the penalities will be imposed without a public process there isn't even the PR shame of being convicted.
It's also a load of regulator capture bollocks. For example,
> If the IoCC decided not to impose a penalty he would have to inform the provider of his decision.
He wouldn't have to tell the person who brought the complaint, though, or anyone else. So it's a secret tribunal which either "fines" the CSP in private, or doesn't fine them, also in private.
> Having served the monetary penalty notice, the IoCC would be able to vary or cancel a monetary penalty, but he could not vary the notice in a way that would be detrimental to the provider, for example by increasing the penalty.
How nice that the interests of the poor CSP are so protected.
> It would be open to a CSP to ask the IoCC to vary or cancel any civil monetary penalty notice that is served.
Again: regulator capture. Does the Home Office have the slightest interest in any party to this discussion other than making life easy for CSPs?
(*) I would cite more accurately, but the new low-cost Home Office is saving electrons by not putting page or paragraph numbers in their documents, but it's the fifth page of the document.
More information about the ukcrypto