Consultation on change to RIP interception definition
Peter Tomlinson
pwt at iosis.co.uk
Thu Nov 11 10:01:59 GMT 2010
Andrew Cormack wrote:
> Hmmm. It's tempting to reply to the HO's consultation question of "how will this affect CSPs?" by saying that it'll make 3(1) useless since, as discussed on the list last time around, the CSP will never know whether the "person" who indicated consent (however that's implemented) is still the "person" sitting at the keyboard. Not just the question of whether the "subscriber" has consented on behalf of all users of the account, but whether one user has handed the keyboard to another since clicking "I agree" :(
>
> Actually I'm struggling to think how a 3(1) that was dependent on the *fact* of whether that person had consented (which I think would be the effect of deleting the "reasonable belief" clause: Francis?) could ever be safely relied on by anyone. So maybe the net effect of the proposed change will actually be to delete the whole of 3(1)???
It seems to me that the assumption will be that the owner of the account
will have given consent on behalf of all users of the account (typically
of that keyboard). So consent ought to be given in some secure manner
(a) that is logged in a way that can be verified and, if the user
wishes, changed, and (b) that, if consent has been given, ensures that
an informative logo is always displayed in each browser window.
Peter
More information about the ukcrypto
mailing list