Consultation on change to RIP interception definition

Nicholas Bohm nbohm at
Fri Nov 12 11:37:52 GMT 2010

On 11/11/2010 20:47, Ian Batten wrote:
> On 11 Nov 2010, at 20:24, Mary Hawking wrote:
>> Does the owner of the account have the legal authority to give consent on
>> behalf of all users of that account,
> No.   That was the line BT tried to take with Phorm, and there's not the beginning of a legal basis for it.    If CSPs want to try this, they should put wording into contracts with their customers to attempt to impose obligations between their customers and unspecified third parties who are not signatories to the contract, and see how far it gets them.

Quite right, of course.  All the ISP can do is get the subscriber to
promise to get (or that he has already got) authority from all other
users to give their consent.  Then if a user denies having given
consent, the ISP has a claim against the subscriber for breach of the
term, and might seek an indemnity against losses flowing from the lack
of authority.  But indemnities against criminal penalties are generally
unenforceable as being against public policy, so it won't be much help. 
I'm not sure the law has tested whether that principle applies to civil
penalties for criminal offences - quite possibly not.  Maybe that's why
a civil penalties regime is attractive!

None of this helps with the case where a non-subscriber user actually
does consent to something, and the consent gets treated as binding all
other users.  That would need some even more convoluted small print, of
very doubtful efficacy if challenged under the unfair contract terms

Contact and PGP key here <>

More information about the ukcrypto mailing list