https - hopefully not too stupid a question

[Roland Perry]

In article <E1F5CE85-8C36-4788-B3D8-B0E47F0CFC65 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>> Are you sure the filter is being applied to "all data", and not just to "things which are mainly, but not entirely, traffic data". For
>>example urls, or email headers, where depending on the context more or less of them is traffic data (and the remainder, content).
>
>I can't decide, and I've read the section (and the explanatory notes) several times.

Having read it through again just now, there may be a clue in the way 
that 'excess' (my expression) input data to the filtering process has to 
be destroyed. Destroying part of what you've logged, especially after 
being told to retain it all, and when a different public authority might 
turn up later with a different filter, makes no sense.

Therefore I believe they are envisaging individual ISPs needing to boost 
their traditional sources of comms data (logs on servers ["Part 1 
data"]) with 'inspection' (and then filtering) of the data flow - 
creating "Part 2 data".

Only the ISPs will know the best places on their network to perform such 
an inspection, and because ISP networks are (as discussed in the past) 
generally more than a single node, the concept of 'all their traffic' 
[being sent offsite to a shadowy third party for them to filter] is 
pretty meaningless.

And thus obtaining "Part 2 data" being regulated by the Interception 
Commissioner makes perfect sense.
-- 
Roland Perry