Consultation on change to RIP interception definition

Ian Batten igb at batten.eu.org
Wed Nov 10 19:48:32 GMT 2010 

On 10 Nov 2010, at 15:58, Peter Fairbrother wrote:

> Ian Batten wrote:
>> Richard Clayton wrote:
>>>> There is a brand new consultation from the Home Office which aims
>>>> to fix the deficiencies in UK interception law that were identified as a result of the Phorm debacle...
> 
>>> <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
>>> lawful-intercep/ripa-amend-effect-lawful-incep>
>> Given that potential value of an interception-based advertising proposition, and the investment that would be involved in setting it up, £10K (page 5 (*)) is neither here nor there.
> 
> I think you missed this bit: the £10k is for unintentional
> interceptions, a new additional civil offense. It only applies to CSPs. AFAICS the criminal offence of intentional interception will continue as-is.

But we've already seen that that legislation is regarded by the police as unenforceable: City of London Police originally said that as far as they're concerned RIPA only applies to the government, and all the arguments adduced by the consultation as to why it's not practical for the police to investigate "unintentional" interception apply equally to "intentional".   The investigation into the Phorm debacle hasn't produced an outcome, hasn't been resourced and is going to be longer running, and with a less convincing outcome, than the company themselves.  

Under the new situation, you can put up a hooky DPI solution, claim you didn't realise it constituted interception (the defence BT would use in court, were it to get to court, which it won't) and be at most £10K worse off.    Given actually doing due diligence would cost more than that (get in a lawyer, a network architect for a week and you've spent that already) it's a free pass.  Rather than finding out if something's actually going to transgress RIPA, you just close your eyes to the problem and plead ignorance if it goes wrong.   Why spend £20K when you're assured of only being fined £10K?

> 
> As soon as the ISP is fined, or perhaps even as soon as the issue is
> raised by the IoCC, the ISP has to stop what it was doing, as it is now
> aware that what it was doing was/is interception, and if it continues it
> will be intentionally intercepting, which is a different, criminal not
> civil, offense, with prison terms attached.

Yes, as we've seen in the BT/Phorm debacle, it's a crime that the police and the DPP are keen to investigate with all speed and diligence.  No, wait...

ian

More information about the ukcrypto mailing list