back to article UK.gov closes wiretap loopholes after Phorm row

The Home Office is scrambling to close loopholes in wiretapping law, revealed by the Phorm affair, ahead of a potentially costly court case against the European Commission. It is proposing new powers that would punish even unintentional illegal interception by communications providers. Officials in Brussels are suing the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Flame

    What Loopholes!!11!

    Interception is covered by RIPA! It just needs to be enforced.

    Now go Fine BT, Phorm et al!

  2. Anonymous Coward
    WTF?

    £10,000... really?!

    Phorm was most definitely intentional, and 'implied consent' still riles me to my bones. What an absolute disgrace London Police really are if they actually try and pass that tripe off as a valid reason. They may as well have turned around and said 'oooh... yeah, we'd love to investigate but BT.... yeah... touchy subject'.

    1. Anonymous Coward
      Unhappy

      City of London Police...

      ...There to serve the interests of the City. 'Nuff said.

      1. Mark 65

        Re:City of London Police

        Are there to serve the interests of themselves and nobody else. To all intents and purposes they're just jumped up traffic wardens that wonder around (only on sunny days) hassling photographers.

    2. Anonymous Coward
      Anonymous Coward

      Never

      BT = Untouchable.

  3. Will Godfrey Silver badge

    Long overdue

    And also inadequate... unless of course... no, we can't get that lucky... but;

    How about £10,000 for every *individual* interception (even if it's two 10 min apart against the same account)

    1. dephormation.org.uk
      Thumb Down

      And notice...

      ... who gets the money.

      Its not the victims of the interception, but the Government.

      "Monetary penalties would be paid into HM Treasury’s Consolidated Fund"

  4. Eponymous Cowherd
    Thumb Up

    Side effects.

    ***"It is proposing new powers that would punish even unintentional illegal interception by communications providers."***

    This is good news indeed. The "unintentional" clause will prevent any defence along the lines of "We didn't realise........".

    The interesting thing is now in defining "interception". Strictly, a carrier doing anything other than merely routing a customer's data could be construed as "interception", so any form of logging or, in particular, traffic shaping, could be taken to be an illegal intercept *unless* the customer has *explicitly* agreed to it.

    The upshot of this could be that ISPs will have to explicitly declare their traffic shaping and logging policies in their contracts (along with any other activities that do anything other than routing data).

    I'm guessing that the actual amendment to RIPA will stipulate exactly what constitutes "interception" and will exclude filtering activities, which is a shame.

    1. Anonymous Coward
      Anonymous Coward

      Kind'a

      That may be the case if you traffic shape based on L4-L7 filtering and DPI. As this is UK nobody will really know until a test case has been argued in court.

      It is definitely not the case if you traffic shape based on customer set markings (even if you set the "default" for them on CPE you provide) and/or topology (source/destination addresses).

      So there is a way out for most providers even if the courts prove this to be the case. In fact it is a way out that scales better, costs less and allows the customer to tweak it if they feel like it. The sole reason it is not being done at the moment is that "the customer does not buy the product manager lunch and a Ferrari".

  5. Grease Monkey Silver badge

    Implied Consent?

    I'm with the AC from 13:13, the "implied consent" drives me mental. I just can't believe that the City of London plod thought that would wash. The reasoning that BT were trying to improve service justified their breaking the law is a complete nonsense. If it did not say in their contracts that BT were allowed to intercept their traffic then there was no implied consent.

    I don't know about the EU going after the UK government, they should go after the SIO on the case.

    1. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    "Proof? We don't need no stinkin' proof!"

    '...where "reasonable grounds for believing" consent is given'

    Or in other words: "We'll do it if we want to and cook-up a bullshit reason/excuse after the fact".

    How about NOOOO! ("ya crazy dutch bastard!" - Dr. Evil)

  7. Anonymous Coward
    Anonymous Coward

    Did someone in the Home Office wake up?

    This whole matter has been wobbling down the corridors of the Home Office for years yet no one there has done anything about it, leaving BT and TalkTalk to put in DPI kit that intercepted communications.

    How much 'innocent' DPI kit is sitting within all the UK based ISPs that will need to be removed before the revised law passes through parliament?

    (Anybody else having a problem staying logged in while trying to post? Neither with nor without javascript keeps me logged in.)

    1. Anonymous Coward
      Black Helicopters

      change at the top..

      no surely not? - maybe votes do count!

      DPI kit will probably stay, just a new T&C for customers... New T&C = breakout clause, so time to move on! New ISP Please!

      black heli for your connection.

  8. Loyal Commenter Silver badge
    WTF?

    Burden?

    "Officials considered making all unauthorised interception a criminal offence, but rejected this option on grounds it would place a burden on the criminal justice system."

    What they are essentially saying, then, is that they think unauthorised interception of our communications is so widespread, that were they to make it an offence, the courts would be immediately swamped? I'd say that this argument supports the need for such legislation; it's a bit like saying "So many people are being murdered that we'll decriminalise it rather than prosecute the murderers."

    1. Anonymous Coward
      Anonymous Coward

      Burden

      IANAL, but it seems to me that a clause which excludes any unauthorised interception would prevent any collection of information for online piracy investigations.

      Thats because the modus operandi for these cases tends to be to monitor for shared files and then get a court backed request for user information. The collection of the IP address at the intial stage would seem to be Unauthorised Interception and therefore ACS:Law et al would need to break one law before being in a position to get (a different) law to work for them.

      Bittorrent would seem to be a murkier area however, since you publically broadcasting your IP address so maybe that doesn't count as wiretapping???

      1. jonathanb Silver badge

        I don't think they "intercept" to do that

        They search the p2p networks for infringing videos, download them to check that they really do belong to their client and find out the IP address they downloaded it from. That's not intercepting a communication because they initiated it. It may be unauthorised access to a computer system under the Computer Misuse Act, but that's another matter, and there are claims from some quarters that they didn't actually follow all these steps to get the correct evidence, which is also another matter, and I don't know if these claims are true or not.

        Opening someone's unread email has been held to be interception, whereas opening a saved email that has been read is not, because it is no longer in the course of transmission. I guess it is the same situation for p2p files.

  9. Anonymous Coward
    Anonymous Coward

    This is all nice but will it make a blind bit of difference....?

    Money and power rule, they have for most of the last 2000 years and longer. Almost any rules will be water down to suit the suits by the time the legislators are through.

    The really painful solution would be to Nail the Directors and Board members. 9 months mandatory prison for each conviction rising directly to 5 years for multiple infringements. The cost of the defence must be borne by the individual charges with the offence. If paid by the company then they are treated as payment in kind for tax purposes. Fines go from profits - therefore prices - directly to Government to waste. Apply market principle. If you really want to stop/encourage the activity adjust the penalty/reward accordingly

    1. Steve Roper

      No it won't

      because the Board Members and Directors you refer to are in the same Old Boys' Club as the judges and chiefs of police, which is why the matter was dismissed out of hand. The ruling elite always look after each other as long as they don't rock the boat. Obviously they can't find a suitable scapegoat, rest assured that once they do find one he'll be prosecuted^H^H^H^H^H^H^H^H^H^Hrailroaded to the fullest exent of the law.

      And nothing short of a mass militant revolution will change this kind of corruption - and even then any leaders of the revolution will become just as corrupt as the regime they replaced, as history repeatedly shows, because human beings are greedy selfish pieces of shit.

  10. dephormation.org.uk
    Alert

    Until the Home Office staff

    ... who colluded with BT/Phorm (and TalkTalk/Huawei) are kicked out of the civil service... I can't see much to gain by contributing a response to a Home Office consultation now.

    Because he problem is not, and never has been, the legislation.

    The basic fault is the collusion of the Home Office RIPA Unit with BT/Phorm. And shady politicians. Not forgetting the Police, ICO, Ofcom, GCHQ, and the Security Services.

    Until that cancer is cut out, tinkering with the words of the legislation is meaningless.

    1. Anonymous Coward
      WTF?

      Twilight Zone

      A post from a guy whose FoI requests are now ignored due to him making 'vexatious' requests involving implying collusion with foreign intelligence services accusing basically the entire UK government and security apparatus of colluding with Phorm.

      Surprised the post escaped the Faraday cage to make its' way here and not a little regretful given it casts serious doubts on the poster's sanity.

      WTF had to be the only icon here, as required for anyone coming out with the above paranoia and expecting to be taken seriously in dealings with the agencies they just accused.

      1. Anonymous Coward
        Stop

        Who rattled your cage?

        At first glance I thought "what a well researched, rehearsed, regaled sideswipe at Mr/Ms dephormation.org.uk". Then I thought "Pray tell Mr. 'Twilight Zone', which of the aphorementioned acronyms do you work for?"

        Regardless, it's the European Commission on the case now. Ad hominems might not work in this instance. Anyway, you don't know who I am. Am I right?

  11. Andy Livingstone

    Excuse me!!!

    Why should the British Taxpayer be facing fines? New definition of Justice? Stuff the people, then fine them because an offence has been committed?

    Relevant Companies and Ministers of State surely cope the fines?

    It's a different "Government" now, so leave them alone.

  12. Queeg

    Possible future ISP EULA clause?

    The British Government requires us to store all of your internet activity under the Interception Modernisation Programme (IMP).

    Dues to new legislation (Regulation of Investigatory Powers Act (RIPA updated edition) )

    customer consent for interception of their communications must be "freely given, specific and informed"

    Do you at this time freely give your informed consent for us (your ISP) to store in perpetuity your every online activity?

    YES [ ] NO [ X ]

    1. The Original Ash
      FAIL

      Bwahahaha!

      You think they'll ask you, and not state that it's part of the Terms of Service! You can bet it'll be Hobson's Choice (as soon as / if) the amendments are passed.

  13. MinionZero
    Big Brother

    Superficially two faced meaningless changes

    These superficially two faced meaningless changes are not going to make any real difference. They just want us to think they are changing when the two faced bastards have no real intention of changing. For example:

    "unintentional unlawful interception" gives *up to* £10,000

    "Intentional unlawful interception will remain a criminal offence"

    For a start, Phorm were Intentional unlawful interception. Its their whole business plan to use Intentional interception! and they were not lawfully allowed to do it! So WTF! ... why are they not being charged!

    Plus this still leaves two other options, i.e.

    unintentional lawful interception

    & Intentional lawful interception

    So this wording leaves it wide open for the Government to continue to work with corporations to continue to build their ever more powerful Police State as the Government gets to choose who are lawfully allowed to carry out interception.

    Therefore there is very little here that is really changing.

    Plus (from a previous news article) the ... "CPS said (.doc) it anticipates it will have spent £5,250 investigating the case by the time it comes to a decision next month" ... so that really shows how little they are really trying to punish Phorm. £5,250 will just about pay for a barrister to get a coffee and take at least minutes looking at a few pages of paper! Meanwhile billions of our money is being thrown into building a police state, so its easy to see who will really win. i.e.

    http://www.theregister.co.uk/2010/10/27/cps_bt_phorm/

    I see Government after Government showing endless Passive–aggressive style apathy and obstruction of any real attempt to punish Phorm. Because they don't really want to punish Phorm, they want to spy like Phorm.

    Deep Packet Inspection spying on the whole population is utterly taking the piss. Its a 24/7 Police State taken to an unbelievably shocking level. It would have been utterly unthinkable even 10 years ago, so WTF more have they got in store for us all in the years to come!. :(

  14. Anonymous Coward
    Anonymous Coward

    The only loophole in the law..

    Is that the home secretary can tell the CPS to stop investigating.

    the Phorm affair is nothing less than governmental corruption.

    BT deliberately intercepted peoples web accesses and modified them without permission or judicial oversight. Criminal prosecution should have followed.

  15. Robert Carnegie Silver badge

    I suppose that "unintentional interception" applies to Google Street Sniff

    As they claim.

    1. Chris Williams (Written by Reg staff)

      Re: I suppose that "unintentional interception" applies to Google Street Sniff

      I don't think so. The consultation specifies the new law on unintentional interception will only apply to communications providers.

      Google wasn't acting as a communication provider when it intercepted that data.

      1. James Butler

        Not only that...

        ... everything Google gathered during its sweeps was not "private", as it was offered up freely for public consumption by those who supplied it. Just like shouting into your cellphone on the bus offers your conversation, sans privacy, to anyone within earshot, if those people within earshot happen to be recording the ambient sounds of the bus, the shouts get captured. No expectation of privacy is formed when the actions necessary to provide privacy are not taken. And, no, ignorance is not a "privacy" defense. ("I didn't know my shouting could be heard by others!")

        1. Gilbert Wham

          Not True...

          IIRC, that Google data included such things as emails, etc as well, did it not? Fair enough, SSIDs and so forth, but just because a system has unsecured data on it most certainly doesn't make it ok to scrape & retain that data *at all*.

        2. Anonymous Coward
          Anonymous Coward

          @James Butler

          Sorry, but the law does not work like that. Google collected data and they had not registered with the ICO regarding collection, storage and processing of that data. That data contained some personally identifiable information. They were, therefore, clearly in breach of the data protection act.

          Even if Google had registered with the ICO they would have needed the consent of every individual concerned before they could start their slurp. The best you could do is say that the fact that the data was unencrypted was "implied consent", but that of itself does not change the fact that Google did not register with the ICO in the first place.

      2. Anonymous Coward
        Anonymous Coward

        @Chris Williams

        Fair enough - Google aren't a communications provider (yet). Doesn't that mean that their actions were even less justifiable? So I wonder : what rules/laws should they be done under?

        1. jonathanb Silver badge

          yes they are

          Google are a communications provider when operating the GMail, Google Chat and Google Talk services, but not when operating their Streetview / Google Maps / Google Earth services.

  16. Anonymous Coward
    Anonymous Coward

    there still needs to be a prosecution

    If the planned deal is that we get a new law, and then we fail to prosecute BT/Phorm for illegal interception of communications, then no thanks. Let's have the prosecutions we should have had in 2008, AND a tighttening up of the law. But mostly - lets have fair rigorous enforcement, in favour of the citizen for a change. And what about STalkSTalk? That looks like slipping through the net too despite the requirements of DPA and RIPA and CMA.

  17. Dibbles
    Grenade

    The thing is...

    ...while I realise that these are on the surface two separate issues, won't this rewriting of the regulation to cover unlawful interception place the ISPs in a very sticky spot with regards to the proposed IMP? After all, it's really just the government's word at the point that goes live that it is 'lawful' - if all that's needed to decree it lawful is the government saying 'yes, we want you to track that usage right there' (and ISPs have to store all usage data), then really it's just semantics over lawful and unlawful interception.

    PLUS, if anyone decides to take the government to court over the IMP (which could happen - after all, it's not exactly on solid ground), and it were to be found illegal, what then?!

  18. Anonymous Coward
    Grenade

    The other side...

    Until recently I used to run a very small (50 subscriber) village ISP (pre-ADSL). Now quite often, the whole thing would go belly up, and with a quick application of wireshark, I could tell exactly which of the PCs had got the virus which was tying up the whole village bandwidth (or at least the router's NAT capacity), and I could go and offer to clean it up for them. No-one ever objected, but this could be interpretted as unlawful interception - even intentional - so whilst I fully support hitting Phorm et al. as hard as possible for their abusive interception for commercial purposes, we do need to remember that just sometimes, it might be needed for the genuine benefit of the interceptees!

    1. Anonymous Coward
      Anonymous Coward

      No need to worry

      Three points:

      1) It's the virus that's communicating, not your customer. So long as you don't look at the customer's data you should be OK.

      2) Looking at address information (as opposed to content) is fine, especially if it's a necessary part of providing the service.

      3) If the customers really appreciate you tracking down their viruses, you can always ask them to let you do it. That's only polite, after all.

  19. Anonymous Coward
    Paris Hilton

    Whoah baby whoah?

    Erm "the British taxpayer would face fines of millions of pounds per day until the legal loopholes are closed"

    Can we start a court case against those individuals in government whether in the elected part or the civil servant part along with those organisations committing acts contrary to European Law?

    Basis: the British people should not have to pay fines or levies imposed by court on actions that the British public were not consulted on. However, individuals in government whether elected or in (un)civil servantry as well as the organisations committing illegal acts should pay the fine. Where individuals are concerned it has to be personal income rather than tax payer funds that pay for the fines.

    Basis part 2: Hey Joe. Did you want Phorm on the taxpayer? What? Nobody asked you? Well I never tsk imagine that?

  20. SilverWave
    Go

    About Time.

    Jail Time for BT? Oh, Oh pick that one! Pick that one!

  21. Mystic Megabyte
    Thumb Down

    BT

    BT have the most convoluted T&Cs that I know of.

    At the end of every piece of junk that they send me, after all the escape clauses it states "Other Terms and Conditions apply - see www.bt.com"

    Yes! Like "we have the right to change any conditions and bury that fact deep in the bowels of BT"

    So BT, if you are listening...f**k off!. I do not want to give you any money, ever!

    1. David 105

      IANAL...

      ...But I wouldn't be surprised if "additional" T's & C's on BT's website would be held to be non binding, as you need to have accepted their service before you could look at them (there's an arguement that you could've gone to an internet cafe and looked at them before signing up, but if I remember my contract law lectures (and I have been drunk since then) this isn't an acceptable defence.)

  22. Anonymous Coward
    WTF?

    New Approach to Law Enforcement?

    "Officials considered making all unauthorised interception a criminal offence, but rejected this option on grounds it would place a burden on the criminal justice system."

    So taking this approach there will be no more speeding tickets issued by the police then.

    I was not intentionally breaking the speed limit officer!

    You are either driving inside the the speed limit or not,

    You are either lawfully intercepting the comunications or not.

    If not, go to jail, do not pass go, do not collect your bonus!

  23. Anonymous Coward
    Thumb Up

    if the BT/Phorm Board Of dictator's have Nothing to hide then they have nothing to fear

    "The Interception of Communications Commissioner (IoCC), a former High Court judge who currently only regulates wiretapping by the intelligence agencies, would get new powers to act against ISPs and telephone operators.

    Under the proposed regime, the IoCC would be able to fine firms guilty of unintentional wiretapping up to £10,000 and serve enforcement notices on them to stop.

    Officials considered making all unauthorised interception a criminal offence, but rejected this option on grounds it would place a burden on the criminal justice system."

    that's bullshit, if the BT/Phorm Board Of dictator's have Nothing to hide then they have nothing to fear especially that 2 years detention for clear "Interception for Profit" for ANY BOD that signed off on any of this Deep Packet Interception use etc.

    are they serious, £10,000 would NOT even cover taxi fairs between departments and lunch for the many DAYS (how many now Dephormation ? ) that this BT/Phorm Interception for Profit criminal case has been under legal review.

    simple , give this Former High Court judge the Real Power to take each and every companies Board Of Directors that agree to, and sign off on ANY Interception For Profit that is clearly unlawful , to the Dock.

    THEN and ONLY Then will You see the UK PLC Companies actually Take and think twice Before thinking up scams for Stealing end users *personal data streams For their Profit.

    *the web site owners content is their personal property too to give to end users on a one to one basis for free ONLY , not 3rd party's snooping for profit, DPI For Profit DO NOT TOUCH or both end users And the web sites data they ask for Need Compensation per page interception offence at the Going Highest commercial Rate, index linked Daily OC ;)

  24. Anonymous Coward
    Go

    It's a different "Government" now, so leave them alone.

    "It's a different "Government" now, so leave them alone."

    well you're conventionally forgetting that it was in fact a conservative Govt. that allowed BT a Govt./UK resident owned business to become an IPO in the first place, and that these same people in Govt right now look up to that PM and what she did, so it's only fair they stop pissing around and slap these executive board members that sign off on this on in the dock.

    OC you're also forgetting that if these EU fines only really involved end users/consumers paying a few penny's more then there would NOT be such a mad rush to push some arse covering legislation through the system.

    they have had YEARS to do something in the mean time, only now that it will cost UKPLC real cash flow are they doing anything at all.

  25. Anonymous Coward
    Stop

    i run a very small village ISP

    "Anonymous Coward

    The other side... #

    Posted Wednesday 10th November 2010 19:27 GMT

    Until recently I used to run a very small (50 subscriber) village ISP (pre-ADSL). Now quite often, the whole thing would go belly up, and with a quick application of wireshark, I could tell exactly which of the PCs had got the virus which was tying up the whole village bandwidth (or at least the router's NAT capacity), and I could go and offer to clean it up for them. No-one ever objected, but this could be interpretted as unlawful interception - even intentional - so whilst I fully support hitting Phorm et al. as hard as possible for their abusive interception for commercial purposes, we do need to remember that just sometimes, it might be needed for the genuine benefit of the interceptees!"

    your forgetting one simple thing, you as a service to YOUR Users you can offer ANY service you like, So you could actually ASK these users if its OK that you manually wireshark their IP with the express , Clear and Informed Consent for this one single purpose and Be Fine IF they agree to it.

    if your a Co-operative non profit org this still apply's but obviously payment in kind instead of cash.

    and clearly such a small Co-op would do the simple thing, have a reasonable personal word at the next hall meeting, we are getting lots of virus lately so can i check your PC and give you a simple bootable liveCD to boot your PC with to use in the mean time, while we arrange a time to trace this massive bandwidth problem down please etc ,etc...

    dont make it more difficult that it needs to be , simples.

  26. Anonymous Coward
    Thumb Up

    one sided T&C's are unenforceable Remember

    for the people that are confused and keep referring to changed T&C's to cover this need to remember that one sided T&C clauses ARE Unenforceable in UK law.

  27. John Smith 19 Gold badge
    Thumb Up

    A £10 000 fine. SFW

    BT and Stalk Stalk would file it under petty (or inthe case of BT *very* petty cash)

    Now £10k for *each* incidence of *each* subscriber affected.

    Still not necessarily *enough* of a disincentive.

    It's got to be jail time for Board members.

    Suits *hate* the idea of mixing with sordid, common criminals (well benefit frausdsters and sub standard roofing and paving contractors actually).

    The *very* beginning of a *long* road.

    Grudging thumbs up.

This topic is closed for new posts.

Other stories you might like