Consultation on change to RIP interception definition

[Mary Hawking]

Does the owner of the account have the legal authority to give consent on
behalf of all users of that account, and if so, are there any requirements
for the users to be informed of the consent ant what that consent implies
for the users?

Mary Hawking
 

-----Original Message-----
From: Peter Tomlinson [mailto:pwt at iosis.co.uk] 
Sent: 11 November 2010 10:02
To: UK Cryptography Policy Discussion Group
Subject: Re: Consultation on change to RIP interception definition

Andrew Cormack wrote:
> Hmmm. It's tempting to reply to the HO's consultation question of "how
will this affect CSPs?" by saying that it'll make 3(1) useless since, as
discussed on the list last time around, the CSP will never know whether the
"person" who indicated consent (however that's implemented) is still the
"person" sitting at the keyboard. Not just the question of whether the
"subscriber" has consented on behalf of all users of the account, but
whether one user has handed the keyboard to another since clicking "I agree"
:(
>
> Actually I'm struggling to think how a 3(1) that was dependent on the
*fact* of whether that person had consented (which I think would be the
effect of deleting the "reasonable belief" clause: Francis?) could ever be
safely relied on by anyone. So maybe the net effect of the proposed change
will actually be to delete the whole of 3(1)???
It seems to me that the assumption will be that the owner of the account 
will have given consent on behalf of all users of the account (typically 
of that keyboard). So consent ought to be given in some secure manner 
(a) that is logged in a way that can be verified and, if the user 
wishes, changed, and (b) that, if consent has been given, ensures that 
an informative logo is always displayed in each browser window.

Peter