Consultation on change to RIP interception definition

Peter Tomlinson pwt at iosis.co.uk
Thu Nov 11 14:06:03 GMT 2010 

Roland Perry wrote:
> In article <4CDBBF17.3070209 at iosis.co.uk>, Peter Tomlinson 
> <pwt at iosis.co.uk> writes
>> It seems to me that the assumption will be that the owner of the 
>> account will have given consent on behalf of all users of the account 
>> (typically of that keyboard). So consent ought to be given in some 
>> secure manner (a) that is logged in a way that can be verified and, 
>> if the user wishes, changed,
>
> If the CSP was a PAYG (or free) wifi point, that would add a whole 
> extra layer to the sign-up process. Plus all CSPs having to add some 
> sort of permanently accessible account parameters. I now that the 
> transparency is desirable, but worry about the implementation.
>
>> and (b) that, if consent has been given, ensures that an informative 
>> logo is always displayed in each browser window.
>
> How would that work - the CSP intercepting every web page and adding 
> something that he fondly believes every browser in the world would 
> display?
>
> ps HTTP is not the only protocol on the Internet.
My suggestion was slightly tongue in cheek, intended to lead to exactly 
the sort of analysis that Roland has done - in other words, the response 
to this consultation should be that obtaining consent from the end users 
simply isn't a practical solution, so the law needs to be framed to 
completely block those who want to snoop in this manner.

However, there are global moves to create a common method to be far more 
secure online (an eID method) so long as you have your internet 
transactions secured with a user ID [1] digital certificate that is 
invoked by some specific action by the end user (e.g. with a password or 
by plugging in a physical token) at the start of such a session. Once we 
get that operating, authorising selective phorm-like 'enhancement' of 
the browsing experience could be possible (but the resulting advertising 
- sic - delivered would have to come from sources that have also signed 
up for the safe browsing technology).

Peter

[1] The ID doesn't have to be your official ID as known to government - 
you can have any handle that you want, and therefore be effectively 
anonymous (but of course the IP address of the terminal node will be 
available to the service used).

More information about the ukcrypto mailing list