Consultation on change to RIP interception definition
maryhawking at tigers.demon.co.uk
Thu Nov 11 20:24:42 GMT 2010
Does the owner of the account have the legal authority to give consent on
behalf of all users of that account, and if so, are there any requirements
for the users to be informed of the consent ant what that consent implies
for the users?
From: Peter Tomlinson [mailto:pwt at iosis.co.uk]
Sent: 11 November 2010 10:02
To: UK Cryptography Policy Discussion Group
Subject: Re: Consultation on change to RIP interception definition
Andrew Cormack wrote:
> Hmmm. It's tempting to reply to the HO's consultation question of "how
will this affect CSPs?" by saying that it'll make 3(1) useless since, as
discussed on the list last time around, the CSP will never know whether the
"person" who indicated consent (however that's implemented) is still the
"person" sitting at the keyboard. Not just the question of whether the
"subscriber" has consented on behalf of all users of the account, but
whether one user has handed the keyboard to another since clicking "I agree"
> Actually I'm struggling to think how a 3(1) that was dependent on the
*fact* of whether that person had consented (which I think would be the
effect of deleting the "reasonable belief" clause: Francis?) could ever be
safely relied on by anyone. So maybe the net effect of the proposed change
will actually be to delete the whole of 3(1)???
It seems to me that the assumption will be that the owner of the account
will have given consent on behalf of all users of the account (typically
of that keyboard). So consent ought to be given in some secure manner
(a) that is logged in a way that can be verified and, if the user
wishes, changed, and (b) that, if consent has been given, ensures that
an informative logo is always displayed in each browser window.
More information about the ukcrypto