https - hopefully not too stupid a question

Francis Davey fjmd1a at gmail.com
Mon Jun 18 12:59:30 BST 2012 

2012/6/18 Andrew Cormack <Andrew.Cormack at ja.net>:
>
> Hmmm. For example if I wrote a webmail server where sending a mail involved a packet whose content looked like
> "<message>This is an e-mail message</message><to>Andrew at ja.net</to><subject>test message</subject>"
> Then you have to read every byte of that message (most of which are content) in order to find the traffic data buried within it.
>

It is not "traffic data comprised in or attached to a communication
(whether by the sender or otherwise) for the purposes of any postal
service or telecommunication system by means of which it is being or
may be transmitted" (RIPA s2(5)). That is, although it might give
information about who is the intended addressee, it is not there for
the purposes of the telecommunication system that is transmitting it.

Obviously if you set up an internal mail system that read email
messages and extracted that sort of information from inside and then
re-routed them, then s2(5) would exclude from the definition of
"interception" on your network conduct on your network which looked
inside the emails.

In other words, the 2(5) use of "traffic data" is relative to the
system where interception might otherwise be taking place.

Remark;  The bill re-uses RIPA's definition of "interception".

> I'd been assuming that pulling traffic data out of the inside of a packet would be interception because it would inevitably "make available" the rest of the inside of packet, thus satisfying the requirement of "interception" in 2(2).
>
> But you're suggesting that 2(5)(b) might trump that, so that "making available" *is* OK, if it is necessary to *find* the traffic data. From a privacy point of view, that sounds depressingly plausible.
>

Only if its traffic data for the purposes of 2(5)(a) which will only
be the case if the telecommunications system is using that data. That
is a bit circular I realise, but it means that it won't be permissible
to try to obtain everything that is traffic data but only traffic data
used by the system.

-- 
Francis Davey

More information about the ukcrypto mailing list