non-interception (was RE: sorry, but ...)
Andrew Cormack
Andrew.Cormack at ja.net
Wed Jul 25 17:13:57 BST 2012
> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 25 July 2012 12:24
> To: UK Cryptography Policy Discussion Group
> Subject: Re: sorry, but ...
>
>
> On 25 Jul 2012, at 09:50, Roland Perry wrote:
>
> > ps Am I right in saying that the proposed law voids one of the Data
> Retention Directive's alleged 'shortcomings' [although opinions vary]
> in that it only applies to classic POP3/SMTP/IMAP/etc email, and not to
> pages of HTML which happen to contain text from one person to another
> (eg webmail, but also the IM and 'status update' features of social
> networking are delivered both ways by HTML).
>
> My impression is that not only is that an effect of the draft
> legislation, it's one of the main intents. You can look at an
> SMTP/POP3/IMAP exchange and easily distinguish between traffic data and
> content in a deterministic way (assuming envelope is traffic, body is
> content and headers are one or the other). But for webmail, there's an
> HTTP session taking place which contains no useful data at all, and
> then the content of the HTTP session is envelope, header and body mixed
> together in arbitrary ways. Being able to get at the traffic data
> aspects of a webmail service or other web-based communications system
> without requiring a home secretary warrant seems the main purpose of
> the legislation.
>
> ian
I'm exploring the analogy that the new law would allow someone to sit in a pub, listen to all conversations, but only remember phrases similar to "I phoned Fred yesterday", "when did you phone Fred?"/"yesterday", etc. Does that work?
Andrew
More information about the ukcrypto
mailing list