Consultation on change to RIP interception definition
Peter Tomlinson
pwt at iosis.co.uk
Thu Nov 11 14:06:03 GMT 2010
Roland Perry wrote:
> In article <4CDBBF17.3070209 at iosis.co.uk>, Peter Tomlinson
> <pwt at iosis.co.uk> writes
>> It seems to me that the assumption will be that the owner of the
>> account will have given consent on behalf of all users of the account
>> (typically of that keyboard). So consent ought to be given in some
>> secure manner (a) that is logged in a way that can be verified and,
>> if the user wishes, changed,
>
> If the CSP was a PAYG (or free) wifi point, that would add a whole
> extra layer to the sign-up process. Plus all CSPs having to add some
> sort of permanently accessible account parameters. I now that the
> transparency is desirable, but worry about the implementation.
>
>> and (b) that, if consent has been given, ensures that an informative
>> logo is always displayed in each browser window.
>
> How would that work - the CSP intercepting every web page and adding
> something that he fondly believes every browser in the world would
> display?
>
> ps HTTP is not the only protocol on the Internet.
My suggestion was slightly tongue in cheek, intended to lead to exactly
the sort of analysis that Roland has done - in other words, the response
to this consultation should be that obtaining consent from the end users
simply isn't a practical solution, so the law needs to be framed to
completely block those who want to snoop in this manner.
However, there are global moves to create a common method to be far more
secure online (an eID method) so long as you have your internet
transactions secured with a user ID [1] digital certificate that is
invoked by some specific action by the end user (e.g. with a password or
by plugging in a physical token) at the start of such a session. Once we
get that operating, authorising selective phorm-like 'enhancement' of
the browsing experience could be possible (but the resulting advertising
- sic - delivered would have to come from sources that have also signed
up for the safe browsing technology).
Peter
[1] The ID doesn't have to be your official ID as known to government -
you can have any handle that you want, and therefore be effectively
anonymous (but of course the IP address of the terminal node will be
available to the service used).
More information about the ukcrypto
mailing list