sorry, but ...

Roland Perry lists at internetpolicyagency.com
Wed Jul 25 09:50:36 BST 2012 

In article <500FA83C.2070209 at gmx.net>, "Caspar Bowden (travelling)" 
<tharg at gmx.net> writes
>>> stream, and it's looking for traffic data in traffic that's to let's say
>>> the Facebook or Twitter or googlemail or WoW or Habbo sites.
>
>(AFAIK Facebook say they fall under Irish jurisdiction for their EU 
>users w.r.t DP law at least)
>
>>> These are afaik all hosted in the US, but they have strong UK 
>>>connections.
>>>
>>> Let's suppose both Alice and Bob are in the UK. Now suppose Alice sends
>>> Bob a message through facebook, or another of the US social media sites.
>>>
>>> The black box sees and finds the traffic data concerned with Alice's
>>> message, quite lawfully under the new bill - and the traffic data it
>>> sees tells it it's an external communication, a message to a server 
>>>outside the UK.
>
>AFAIK the last word (but grateful for any later ref) we have on HMG's 
>understanding is from 4th July 2000 (this was in response to FIPR 
>probing amendments about the new "domestic trawling" warrant in 
>S.16(3), misleadingly placed in a section called "Safeguards").
>
>In theory, what defines internal/external is whether the communication 
>(at whatever protocol level) is "received" in the UK (rather than where 
>a server is located), but in practice this doesn't matter

One of the things that was never fully explored during RIPA (although I 
wrote several notes on the subject) is what the status of "one to many" 
communications is.

If I post something to a social networking site (for the sake of 
argument, unambiguously hosted in USA), who is the recipient of that 
message?

It might be the social networking site, or it might be all my friends/
followers who asked to be immediately and automatically copied, then 
there are the people who visit the site later.

I don't have an answer, just reminding us that it's a complex 
situation...

ps Am I right in saying that the proposed law voids one of the Data 
Retention Directive's alleged 'shortcomings' [although opinions vary] in 
that it only applies to classic POP3/SMTP/IMAP/etc email, and not to 
pages of HTML which happen to contain text from one person to another 
(eg webmail, but also the IM and 'status update' features of social 
networking are delivered both ways by HTML).
-- 
Roland Perry

More information about the ukcrypto mailing list