non-interception (was RE: sorry, but ...)

[Andrew Cormack]

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 25 July 2012 12:24
> To: UK Cryptography Policy Discussion Group
> Subject: Re: sorry, but ...
> 
> 
> On 25 Jul 2012, at 09:50, Roland Perry wrote:
> 
> > ps Am I right in saying that the proposed law voids one of the Data
> Retention Directive's alleged 'shortcomings' [although opinions vary]
> in that it only applies to classic POP3/SMTP/IMAP/etc email, and not to
> pages of HTML which happen to contain text from one person to another
> (eg webmail, but also the IM and 'status update' features of social
> networking are delivered both ways by HTML).
> 
> My impression is that not only is that an effect of the draft
> legislation, it's one of the main intents.  You can look at an
> SMTP/POP3/IMAP exchange and easily distinguish between traffic data and
> content in a deterministic way (assuming envelope is traffic, body is
> content and headers are one or the other).  But for webmail, there's an
> HTTP session taking place which contains no useful data at all, and
> then the content of the HTTP session is envelope, header and body mixed
> together in arbitrary ways.  Being able to get at the traffic data
> aspects of a webmail service or other web-based communications system
> without requiring a home secretary warrant seems the main purpose of
> the legislation.
> 
> ian

I'm exploring the analogy that the new law would allow someone to sit in a pub, listen to all conversations, but only remember phrases similar to "I phoned Fred yesterday", "when did you phone Fred?"/"yesterday", etc. Does that work?

Andrew