https - hopefully not too stupid a question

Andrew Cormack Andrew.Cormack at
Mon Jun 18 11:03:48 BST 2012

> -----Original Message-----
> From: ukcrypto-bounces at [mailto:ukcrypto-
> bounces at] On Behalf Of Peter Fairbrother
> Sent: 17 June 2012 19:09
> To: UK Cryptography Policy Discussion Group
> Subject: Re: https - hopefully not too stupid a question
> Chris Edwards wrote:
> > I'm not sure what counted as "deep" either, but this new bill seems
> to be
> > changing things, such that you intercept content using DPI kit to
> extract
> > certain info, which is then deemed mere "traffic data".
> But if you are looking for "traffic data" then that's not "intercepting
> content".
> @cos it's defined that way.
> @cos that's how we defined it, MHYA -NYHA-NYHAAA!
> -- Peter F
> RIPA 2(5)

Hmmm. For example if I wrote a webmail server where sending a mail involved a packet whose content looked like
"<message>This is an e-mail message</message><to>Andrew at</to><subject>test message</subject>"
Then you have to read every byte of that message (most of which are content) in order to find the traffic data buried within it.

I'd been assuming that pulling traffic data out of the inside of a packet would be interception because it would inevitably "make available" the rest of the inside of packet, thus satisfying the requirement of "interception" in 2(2).

But you're suggesting that 2(5)(b) might trump that, so that "making available" *is* OK, if it is necessary to *find* the traffic data. From a privacy point of view, that sounds depressingly plausible.


Andrew Cormack
Chief Regulatory Adviser, Janet
t: +44 1235 822302
Janet, the UK's research and education network

More information about the ukcrypto mailing list