Here we go again - ISP DPI, but is it interception?

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed Jul 28 18:23:09 BST 2010 

Charles Lindsey wrote:
> On Tue, 27 Jul 2010 02:07:26 +0100, Peter Fairbrother 
> <zenadsl6186 at zen.co.uk> wrote:
> 
>> Sorry. missed a bit here.
>>
>> It would be lawful interception under 3(3) if it was being done "for 
>> purposes connected with the .. operation of that (telecommunications) 
>> service" - but I don't think it is.
> 
> It seems that they are monitoring their outbound servers to compile 
> lists of IP addresses to which stuff is being sent. 

No they aren't. They are collecting full URLs as sent by their customers.

Then they request the same pages, and check them for malware etc, or at 
least that's what they claim to be doing.

> That would be 
> perfectly legal if used, for example, to fine-tune their routeing tables.

Collecting IPs, perhaps - but not full URLs.
> 
> But they go further by examining the port number and only including 
> packets addressed to port 80 in their lists. That is trickier, but if 
> they claim that part of the "telecommunications service" that they offer 
> is blocking sites that dispense malware, spams, phishes, etc, then they 
> might claim that this particular interception was for the purpose of 
> providing that feature of their service.

They might, and probably will - but they could claim the same for 
filtering on political grounds, or any grounds they want to,

RIPA says that they can intercept if it's for purposes connected with 
the provision or operation of their telecommunications service, which is 
defined as a service
> 
> What they MUST NOT do is to record the sending address of those packets, 
> or to correlate that sending address with anything else. But they 
> explicitly deny that they are doing that.

That may be in the DPA somewhere, which I'm not too familiar with - but 
there's nothing like that in RIPA. Sounds a bit more like wishing than 
legal reality though.

> So basically, I think what they are doing is potentially a Good Thing, 
> and most likely lawful.

It's neither a Good Thing, nor lawful.

Technically it's not going to work, at all. It's a stupid idea, and 
malware sites can easily get around it. It cannot be a good thing, 
because it cannot work.

And they are looking at full URLs, which is interception, and the reason 
doesn't fall under 3(3), so it's illegal too.
> 
> Once they have a list of addresses of sites, they they are perfectly 
> entitled to visit those sites (as is anybody else) 

No, they aren't. The internet is not all accessible to the public, 
people frequently use secrets in their URLs for access control.

They are entitled to do the same as anybody and access a publicly known 
site -  but not to access secret URLs. There's more, but that enough by 
itself.


It's plain evil - in fact it's probably theft or abstraction of data as 
well. Customer traffic data belongs to the customers, not the ISP. They 
should keep their greedy fingers off it.

-- Peter Fairbrother


and to probe them for
> malware. If the site declines their probes, or demands some password 
> that they don't know, then the site is perfectly entitled to do that.
> 
> --Charles H. Lindsey ---------At Home, doing my own thing------------------------ 
> 
> Tel: +44 161 436 6131                      
>    Web: http://www.cs.man.ac.uk/~chl
> Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. 
> 
> PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 
> 
> 
>

More information about the ukcrypto mailing list