Posts by Alexander Hanff 1 226 publicly visible posts • joined 1 Jul 2009
I stepped down from the running of NoDPI in November 2009 as my work at Privacy International meant I no longer had time to run the site. But the NoDPI group still exists and they are doing some great work exposing other companies on these issues.
Any money donated to NoDPI will be well received for their ongoing work and i encourage people to support them, but i should make it clear that it would not be going to me for my ongoing work.
Thanks to everyone for their support on this issue. I am going to try and get this issue raised in the House of Commons in the near future and i am considering several other options such as:
1. Complaint to the SRA against the solicitors who advised Phorm/BT this was legal (ondue dilligence grounds)
2. Court Action against the CPS under the Human Rights Act
3. Judicial Review of the CPS process on the grounds that DS Barry Murray managed the investigation (the same officer who refused to investigate when i handed the complaiunt to the City of London Police).
So I m not done with this yet. The CPS decision today is an incredibly dangerous one as it clears the way for big business to break the law so long as they first obtain a legal opinion which supports their goals
Aain, my thanks for all the support over the past 3 years and I hope it continues for as long as there are options available.
Regards,
Alexander Hanff
Re-offending rates for violent crime are far higher than 40% as you suggest. Last time I checked with the National Statistics Office re-offending rate of people convicted for violent crime was over 60%.
I will concede that the number of violent "re-offences" was a little lower but not significantly so - however, violent offenders rarely go on to lead a crime free life according to the official statistics.
I suggest you go an look at the statistics on how many people convicted of assault, murder, affray and other violent crimes go on to repeat offend before making blanket unqualified statements.
Furhermore, you state categorically that paedophilia is a "mental illness" more completely unqualified nonsense.
Try researching the issue you are commenting on instead of just typing utter tripe.
People need to remember that some of the things which can have you placed on the sex offenders register are completely inappropriate.
For example, it is my understanding that if you are convicted for indecent exposure it is required that you be added to the sex offenders register.
What many people don't realise is that you can be charged with indecent exposure just for taking a leak up an alley - even if no-one actually sees your wedding tackle. If the police pass and see you up the alley or anywhere else taking a piss in public you are basically screwed.
It used to be that the police would give you a talking to and send you on your way, but with such an emphasis on performance statistics nowadays it is becoming more frequent that pissing in the street/up an alley results in being arrested and charges being filed (I have witnessed this myself several times in the past couple of years).
Then of course there are the multiple "false positive" convictions every year and of course the issue of strict liability offences.
I am not one to support paedophiles and spent many years working with abused kids and tracking down paedophiles online for law enforcement - so it is an area I have a great deal of experience in - but our current legal framework for criminal sexual acts is a complete mess.
Until such time as we can be sure our primary legislation is actually working properly (which it currently isn't) condemning people to the sex offenders registers for non sexual "crimes" or potentially innocent people, is clearly unacceptable.
People accused of sexual acts with minors for example, are pretty much guaranteed not to have a fair trial which means there are likely many miscarriages of justice in this particular area of law - it is a big issue and Theresa May needs to stop talking out of her arse and actually start looking at the problems we face instead of trying to build support for the Government kicking Human Rights into touch.
There is case law in California (literally just this summer) which extends interception to cover communications in storage as well as in transit; if those communications have not yet been accessed by the intended recipient they are still legally defined as in transit even if they are being stored on a server.
So technically, using the US precedent system, this guy could have a chance with this.
I forget the name of the case, but I am pretty sure El Reg reported on it.
This has already followed that path. The original criminal complaint I made to the City of London Police was, as you know, concluded with an assessment of "No criminal intent". As a result I wrote to the Director of Public Prosecutions asking for permission to bring a private prosecution. The DPP agreed to this but RIPA is different to most other laws, all breaches are required to be prosecuted by the CPS - so even though consent for a private prosecution was granted it still went to the CPS.
This had a number of benefits:
1. I was not liable for the costs of the prosecution should the CPS decide to go forward with a prosecution.
2. It effectively allowed me to bypass the police completely and go straight to the CPS.
There were also some consequences too of course:
1. CPS commenced with an investigation instead of going directly to prosecution in order to determine if a conviction would be likely and whether or not it would be in the public interest.
2. CPS passed the case to DS Barry Murray to investigate - this is exactly the same DS Barry Murray who investigated the original criminal complaint - the same DS who claimed RIPA was only relevant to public authorities (despite the legislation explicitly stating otherwise) and admitted to being a technophobe - the same DS who concluded in the original investigation that there had been no criminal intent.
It has been very frustrating too - the CPS have taken an incredibly long time to carry out their "investigation" - 744 days at the time of writing this comment. In that 744 days they have only spent 74 hours working on this case. When you put that into context, the average time it takes the CPS to reach a decision on whether or not to prosecute is 9 days - it would seem that the CPS haven't taken the case very seriously.
That said, I am still not sure what their decision will be. A big part of me believes that they will decide not to prosecute - citing not in the public interest as their reason. If this happens I will be forced to apply for a judicial review, which is expensive.
Then there is the optimist in me that thinks they will decide to prosecute and with the ongoing action by the EU Commission against the UK on this issue in the EU Court of Justice - this could be a real possibility.
Andrew Hadik (from the CPS) has told me they hope to reach a decision by the end of November with the caveat that that is not a definite date - so we might know in the next couple of weeks.
Needless to say, if the CPS don't push forward with a prosecution there will be outrage and I will start the fund raiser for the Judicial Review and of course file yet another complaint with the European Commission.
So I guess we just have to wait and see.
Lots of people are harping on about Google not deleting the data for some sinister reason. They are not deleting the data because we threatened them with legal action if they do - because it would be destruction of evidence and there are multiple ongoing investigations in multiple countries - including the UK.
So whereas, I am usually very critical of Google - on this occassion these ridiculous claims of governments wanting to use the data for spying or Google wanting to keep it - are quite simply wrong. The people making these comments would do well to actually read the prior articles on this matter instead of jumping in and speaking bollocks.
Companies could behave in an ethical and lawful fashion. How do you suggest users educate themselves on how to avoid browser exploits such as the p3p exploit in IE? How do you suggest users prevent 3rd parties from respawning http cookies using local stored objects such as Flash? How do you suggest people defend themselves from the new threats posed by HTML5 browser databases (yet more local stored objects).
The fact remains that even those of us who are tech savvy are unable to prevent much of this behaviour fro occurring.
As for your obvious contempt for children doing things they shouldn't - perhaps if they were supervised more appropriately or appropriate technical measures were put in place to lock the sysem down, the "little bastards" you are referring to would not be able to behave in such a dangerous manner. YOU (as someone who seems to illustrate they are in a controlling position on this issue regarding childrens' access) are responsible for that NOT the kids.
So I am voting you down because your comment is worthless and doesn't consider the issues at all, it is merely a rant at non tech savvy users.
The whole point of the changes to the Directive were to do exactly that - give the users a choice. The reason the changes occurred is because previously there was no choice, this tracking and profiling is currently carried out surrepticiously, the vast majority of people are not aware it is going on, ergo they have not had a choice, their right to choose has not existed - it has been forced onto them.
Once the Directive is transposed into UK law they will then have the opportunity to make an informed choice on whether or not they want to be tracked and served behavioural ads.
As to the comment about ad blockers; ad blockers do NOT prevent behavioural profiling and tracking, they merely prevent you from seeing the results of that profiling and tracking by blocking the ads. These companies still track all your online movements and store it in a database irrespective of whether or not you see the ads. But further to that - the vast majority of users are NOT tech savvy, they wouldn't know a plugin or addon from a primary key - this makes them vulnerable to exploitation.
This is why browser settings, adblockers etc etc etc are not the solution because they still leave the vast majority of the population vulnerable.
Next time you write a comment try to think outside your tiny little box.
New York Times piece on some of the world biggest online companies exploiting a flaw in IE's p3p implementation to override users' cookie preferences and place cookies even when the user has specified not to.
http://nyti.ms/9B2mNh
Or how about this one?
Childrens' sites plant more tracking cookies/beacons than sites targetted at adults - part of WSJ's "What do they know?" series:
http://online.wsj.com/article/SB10001424052748703904304575497903523187146.html?mod=e2tw
Self regulate? We can't trust these guys as far as we can throw them and you expect me to sympathise with them? Please, give me a break!
John, were industry's intent to help the little guys then I might be a little more interested in listening to them but you and I both know that is not the case - they have their own agenda and that agenda is focused on behavioural profiling and the ability to do it without oversight on as many people as they can - opt-in means that this utterly reprehensible practise is less likely to be given consent and as such is going to impact their bottom lines. The "little guys" are not the ones paying lobbyists to push for looser regulations - so I find it particularly insulting to my intelligence when all of a sudden big business doesn't get its own way that suddenly it is about the "little guys".
You know as well as I that industry have been given free reign to self regulate on these issues for decades and have completely failed to do so. Companies were making money on the web a long time before behavioural profiling or even 3rd party cookies existed and they did just fine - The Register included.
I hear this free content argument all the time and it simply doesn't wash - if you can't run a business ethically and legally irrespective of what perceived value you may think there is in your offerings, then you shouldn't be in business period - don't blame fundamental rights for a failed business model.
However much of a long term reader I am of The Register, it doesn't mean I am about to forget my work and my principles because industry are crying that they won't be able to operate unethically. If you want to use behavioural advertising make it appealing to your visitors and get their consent - if you are unable to obtain that consent in an ethical fashion, don't do it - period.
I personally don't give a damn if this means companies revenues are a little constricted at the benefit to privacy - in fact it should be clear to anyone, yourself included, that my priorities are to safeguard those fundamental rights and that I place the value of those rights a lot higher than I place the value of a company being able to abuse those rights for profit - I lobby specifically for that purpose and have never pretended to do anything else.
So I stand by my criticisms of Struan - and I won't apologise for upsetting industry in the process.
And let me just clarify one more thing - if society decides (or any individuals within that society) that they do not want to be involved in behavioural profiling without prior informed consent - who the hell are big business to tell them they are wrong? The lobbying from industry on the Telecoms Reform Package was -incredibly aggressive- and I am not guessing at this, i have it from very reliable sources within the EU Commission and the EU Parliament that this was the case - not least our own bloody government under pressure from the IAB. They failed, which indicates that the pressure from the public was sufficiently overwhelming to counter that lobbying - get over it.
If you followed the debate and the various speeches after the changes were passed you would already know this. Session cookies would be classed as technical cookies required for a service the user has explicitly requested - for example, if you are using a web site's shopping cart you have made a conscious decision to do so and the session cookie which allows items to be placed into that cart and then purchased is essential for the service explicitly requested - you will note Struan doesn't use session cookies in an attempt to support his arguments - because he knows it is an invalid point.
I am not posting on here as PI, if I was I would make that clear. I am posting on here as me and I have as much right to my own opinion on these issues as everyone else.
However, I am sure if you want to ask PI for an official statement on the matter - whereas it may be a little more elegant in its wording, I am pretty sure the context will be the same which is why they took me on board in the first place.
In fact let me just quote an official PI statement on this matter to clarify:
"Privacy International believes that online behavioural targeting for online commercial advertising using the technology of Deep Packet Inspection (DPI) is a dangerous and potentially unlawful technique that is fraught with unethical practice. This industry extends across multiple models and strategies including the use of Deep Packet Inspection, Flash Cookies, Tracking Cookies and other emerging technologies.
We believe that, particularly in the long term, the threat arising from these technologies is of such gravity that commercial organisations must not be permitted to adopt Opt-Out solutions. Without care, industry will within three years adopt a default opt-out platform upon which can be built a limitless spectrum of intrusive technologies. Governments need to legislate in a way that protects the rights of the general public. From any ethical standpoint such interception of web traffic must be conditional on the basis of explicit and informed consent. "
You can read the entire press release here:
http://tinyurl.com/dlxr9n
It is incredibly inconvenient to me that I am not allowed to rob banks - but the reason I am not allowed to rob banks is because of the harm it causes. Should I be permitted to break that law simply because it is more convenient and increases my "revenues" or should I (as currently happens) be expected to abide by that law or face the consequences?
I could go on, but if people haven't got the point yet, it is unlikely they ever will.
You are wrongly assuming (and I blame you not because this is what industry have been trying to make people believe) that consent is going to be required everytime you visit a website. This is not the case at all.
Firstly, consent is only required for cookies that are not needed for providing the services the user has explicitly requested - this is the "technical cookies" exemption. Secondly the vast majority of adveritsing (where cookies will require consent) is managed by a very small subset of advertising companies - you need only opt in to their practices once - this is the point I have been trying to get across to industry for the past 2 years, a point they have completely ignored.
I could go into further detail but since the industry have refused at every level to take my advice, I am not about to give them the get out at this stage - they have earned my contempt and can now find their own solution unless they are prepared to pay me for my time and work. I have no obligation to provide solutions for the industry, my obligation lies in protecting privacy - I have attempted to do the former in order to try and engage industry but have been ignored - this gives me little incentive to continue banging my head against a lead wall.
A fine illustration of Struan's loyalties this piece - I have never read such utter rubbish in my life.
What Struan meant to say is:
Industry don't want these changes because it obligates them to behave ethically and seek consent to track and profile.
Industry don't give a shit about how this impacts users, they only care about how it impacts their ability to cast a wide net for profiling - which is what opt out has allowed them to do for far too long.
Industry have no interest in finding a solution to the Opt In problem - they have had years to find that solution, I have even offered them the solution and they refused to engage. Rather they have concentrated on aggressive lobbying to try and devolve privacy regulation to allow them to do whatever they want without restriction. They have failed to do that and I warned them publicly almost two years ago and on multiple occassions since, that if they continued that line they would fail and be faced with a situation they are unprepared for - Opt In.
All this rubbish about browser control and the nonsense in recital 66 (which was written by industry sympathists) - browsers are NOT suitable for determining consent. Browser have zero control over flash cookies, they have very poor control over 3rd party cookies and with the news that HTML5 browser databases are now also being abused by advertisers they have zero control over those too. Furthermore, -everyone- knows (especially industry) that people rarely change default settings which is exactly why they have been fighting for Opt Out - the same is true with regards to browsers default settings.
Industry want to prey on the fact that as a general rule users are naiive and passive when it comes to online activities - they rarely take active control over how their browsing is managed and as such those browser controls are completely ineffective in managing user privacy.
Now my predictions have come true and they are in mad panic mode, lashing out with scare tactics.
Well I have one thing to say to you all - tough shit, you made your bed have the bollox to lay in it.
About 2 years ago when switching email address I sent a notification to all my press contacts (including el reg) and did exactly the same thing - which is more than a little embarrassing for a privacy advocate.
Of course, now I am very careful to use BCC, but it is a common problem (I receive a lot of emails with other parties cc'd instead of bcc'd).
I can't recall a week in recent months where Adobe Acrobat has not been in the tech news for a zero day vulnerability, in fact I read an article just a couple of weeks ago which stated Acrobat is currently leading this year on the most security vulnerabilities if I remember correctly.
I have to be careful not to piss myself laughing here given I am currently in the 1st class carriage of a train (would be embarrassing) but I had to comment on this.
"The Scene" is NOT a network by any stretch of the imagination. It is the generic name given to the ad hoc release tier of movie/music and software piracy. To suggest it is some massive underground network is ridiculous and it is anything but organised. The scene is made up of all the "release groups" and there is little to zero cohesion between any of them.
About the only thing that was ever officially called The Scene was the short set of movies made by someone back around the 2005 era (probably "The Industry") as an attempt to scare file sharers with stories of FBI infiltration, turncoats etc.
A news article referring to The Scene as some sort of file sharing entity is laughable and has made my day.
Sometimes I am truly staggered by the complete lack of understanding by media and "The Industry" about how file sharing works. Furthermore, "The Scene" ultimately begins with "The Industry" itself in most cases (although granted not with cams).
Please please please write more articles like this, we could all do with a good laugh every now and again.
When did IM Global buy the rights to Judge Dredd? Last I checked they were owned by Rebellion exclusively and a discussion I had with their CEO back in around 2001ish made it clear that they would not permit another "hollywood" Judge Dredd unless it was true to the comic.
No news on Rebellion's web site about the movie either...
Hmmm wonder if John Wagner or Alan Grant know anyting about this new movie...time to send a few emails I think.
if that is really the same guy - kudos for commenting a response, gave me a chuckle.
One thing Mike - why don't those in the porn industry who are opposed to this move simply start a campaign to boycott the extension if it gets approved? Or perhaps another option would be to sponsor the same extension (xxx) yourselves as a different group, with the cost being inline with .com - then when ICANN try and tell you that you can't because someone is already sponsoring it, go to the DoJ and ask them to file anti-trust proceedings against ICANN for supporting monopolistic practices?
There has to be something you guys can do.
WE should be making thw world a better place; every single last one of us should make a genuine effort to fulfill this obligation. Hanging that responsiblity over to a handful of people is both folly and of course incredibly lazy.
Each and every one of us can do our part in making OUR world a better place, the first hurdle we need to overcome is apathy.
You are making assumptions here that everyone uses NAT which simply isn't the case - there are plenty of people out there using static routing without NAT which means those IP addresses for those people would be routable.
The other BIG issue you are missing here is that Google cookies are -everywhere- so the chance of Google slurping up their own cookies with this WiFi grab are pretty high which means they can now in some cases directly link geographical location with a Google ID (which they have never been able to do before apart from people using location services on mobile handsets).
Try to think outside the box please.
ICO are not only responsible for the DPA they are also responsible for PECR (Privacy and Electronic Communications (EC Directive) Regulations) and Google's activity were certainly in breach of PECR. Furthermore, evidence from the French investigation has already shown that Google slurped up sensitive personal data.
You really haven't read anything have you? Google were not just collecting network IDs they were collecting payload content of communications sent over those wireless networks and further they discarded all the encrypted stuff and only kept the stuff that wasn't encrypted.
Do keep up old chap.
At most ICO could have fined Google 500k (which I am sure everyone will agree is pocket change to the search giant?) there is really nothing else they could do and we never expected any action from ICO because they are rumoured to "Not want to get into a fight with Google".
However, the Met have a criminal investigation currently underway at a very high level - we will have to wait and see if that goes forward to the CPS and then whether the CPS decide to take action under RIPA and Wireless Telegraphy Act. I have to say given the history on these issues it is also unlikely we will see any meaningful result from the police but we will deal with that at the appropriate time.
Alexander Hanff
I was discussing this in a meeting with ICO just Thursday (I contacted ICO and the FTC regarding Blizzard's plans - and Blizzard's executive office) and really there was very little ICO could do. Yes the data was being used for a purpose other than that which it was collected for which is indeed a breach - but the enforcement powers of ICO are still incredibly limited, so the chances are that Blizzard would only have received a slap on the wrist anyway.
This is down to our Government refusing to give ICO the powers they need. Until Christopher Graham is given the ability to prosecute for a custodial sentence there is really no incentive for companies to follow the rules. ICO can of course fine upto 500k now but such a fine is a drop in the ocean to large international companies like Activision/Blizzard.
The Tories just last week have made it abundantly clear that they have no desire to give ICO the powers they are asking for and certainly have no plans to legislate for custodial sentences.
I say interesting because I was asking exactly the same questions about the UK Gov systems which are being shut down as a result of the great repeal. For example, what is going to happen to the data currently stored in the Contact Point or NIR databases?
I haven't had a chance to read any recent info on these issues so it may have already been addressed but if it hasn't there needs to be clarification on how and when this data will be destroyed.
If you have a problem with Skyhook then report it to us, we can't act on things if people aren't complaining to us. We are very busy but I promise to have a look at it if you get in touch. I won't be able to do anything until after 2nd July as I am away until then on other business, but I -will- give it some serious time when I get back.
As for all the other comments (of which there are a lot) I haven't been able to reply because I was out of the country when the article was published and just got back tonight. I will try and respond to some of them tomorrow if nothing else pops up.
Just one general response though to the "agile development" herd.
First - when I worked in this sector I worked on some of the biggest public and private sector projects in the world, for 15 years - so frankly all these people saying I have no experience or have got it wrong, please don't insult my intelligence. If corporations are not following what have always been standard principles of development and deployment then frankly it is no wonder we are seeing crap like this occurring. The model exists for a reason, because it works (well as well as any IT project does).
Secondly - to all those people who are still saying "they changed channel 5 times a second, the data is worthless" - according to the French authorities, they have just finished an analysis of some of the data Google collected and it included email passwords, email content and other sensitive information - so please try doing some research before spouting your nonsense.
Finally, those who want to attack me for joining PI - you obviously have an axe to grind and I am not going to waste my time justifying -my- decisions on how to live -my- life, but I will say this; I have a great deal of respect for PI and the thankless work they have done for 20+ years and it is an honour for me to work with such experienced and sincere colleagues. Over the past 12 months I have started working on issues equally and far more important than Phorm - issues which will help reshape the privacy environment across the whole of Europe. The team at NoDPI are doing a wonderful job without me and my work at NoDPI was never a sole effort - it was the entire community that made the NoDPI campaign successful. I cannot and will not take the credit for the work of so many people and I remain very proud to have been involved in such a vibrant campaign.
I wish you all a pleasant weekend.
Alexander Hanff
The Telecoms Reform Package clearly states that the use of cookies for things such as behavioural profiling/advertising require explicit -prior- informed consent (that means Opt-In) and these laws come into effect no later than May 2011.
So how then do the OFT expect their current "ruling" to work given it clearly goes against regional and soon to be national law?
Let's see what the EU Commission think about that one eh?
"The Court also highlighted the extensive jurisdiction of the IPT to examine any complaint of unlawful interception of communications. Unlike in many other countries, any person could apply to the IPT, which was an independent and impartial body."
This is a serious error on the part of The Court or at the very least bad reporting by Out-Law because it simply is not true. The IPT have explicitly stated they are only responsible for complaints against public authorities with regards to RIPA so:
"of the IPT to examine any complaint of unlawful interception of communications"
is not true.
I have extensive experience of trying to get the IPT to accept complaints on corporate breaches of RIPA and they have refused based on the statement I made above.
Please clarify the -exact- wording from The Court on this matter including any context which may have been missed in this article.
I can't see how Roger's have a leg to stand on here - I expect they will settle out of court because they were in the wrong irrespective of how people may try to use the moral argument of the afair to try and justify their mistake.
I am presuming Canadian Data Protection Law is very similar to the UK (given it is a commonwealth state) and in the UK one only needs to prove damage resulting from the defendent's negligence - it would seem that this woman will be able to prove damage without any problems and therefore it should be an open and shut case.
And for the record, under UK DP law damage does not have to be monetary, it can be emotional/mental such as depression or stress, although in this case she also lost her job which would likely satisfy financial damage as well.
It is not uncommon for companies to send documents to the wrong person - in fact it happens all too frequently. So to suggest there must have been a link is a little naive - it is likely they were bundled simply because they both lived at the same address.
Affair aside (which I don't condone) her personal account statements should not have been bundled with her husband's, period - so yes Rogers are liable in my mind.
Let us look at this from a slightly different angle. Say she had been using the phone to get counselling for domestic/spousal abuse and her husband found out and killed her in a fit of rage - would that not be Roger's liability either?
My point is, what she was doing with this private phone is completely irrelevant - it was registered under her name and therefore should not have been sent to her husband - period.
And just a quick reply to the first comment - learn to read you idiot, the title of the article clearly states "CANADIAN" so your american comment just made you look stupid.
I am working on a paper with some colleagues in the US in response to the Boucher Bill. It is a terrible bill in its current form and does nothing to wrestle control of privacy back from the corporate sector to the individual.
One of the most dangerous areas of the bill is that it permits non-consentual collection/processing of so called "anonymised" data - Boucher seems to have based the Bill entirely on the Future of Privacy Forum "Icon" study from earlier this year which is so horribly flawed for a piece of research it beggars belief.
I will be vehemently fighting this Bill - and you will note that other privacy advocates/groups are equally appalled by it.
Alexander Hanff
Privacy International.
This is already a "private prosecution". I wrote to the Director of Public Prosecutions asking for permission to commence with a private prosecution after the City of London Police refused to presecute the complaint I made to them in the summer of 2008. That complaint included a copy of the internal BT Report on the 2006/2007 trials along with a detailed complaint highlighting and referencing all the different sections of the report which I believed were in breach of the law. As well as referencing the report I also referenced the relevant sections of UK law that the trials failed to comply with.
The thing with RIPA is, in order to commence with a private prosecution you have to get the permission of the Director of Public Prosecutions (DPP) - it is a special condition of RIPA - it is also a requirement that any prosecution under RIPA must be carried out by the CPS (at least that is what I was told by the DPP).
The DPP agreed to my request but because it has to be prosecuted by the CPS they got the case. So it is a private prosecution that is not really a private prosecution.
The irony here is yet to come.
The CPS explained to me that the City of London Police had to investigate the case for them. So the case went back to the same police officer who "investigated" my original police complaint back in summer 2008. This is the same police officer who thought that RIPA only applies to public authorities -not- companies and also confessed to being a technophope with no technical knowledge. The very same officer who refused to pass the case to the CPS in the first place.
So it is a jolly old merry-go-round.
However, the CPS assure me that the officer in charge is doing a stand up job and has this time consulted with experts and obtained expert evidence (as was highlighted again in the article).
I will be sure to let you all know the second I get a conclusive answer from the CPS on this debacle - hopefully that will be soon, but I was told that a month ago. The only sensible thing to do is to apply the law, it sets a very bad example if they don't and just makes the public believe that there is no justice when it comes to big companies.
Of course if they refuse to prosecute, I will have to consider a judicial review and then perhaps even push it to the European Court of Human Rights. I can't take BT to the ECHR but I can certainly take a public authority to the ECHR.
Even if they refuse to prosecute there are plenty of option to pursue yet.
Alexander Hanff
First of all the article seems to suggest they will only be monitoring p2p communication - this isn't actually true. They intercept -all- the comms data from that 40% of the network and then use the DPI to determine whether or not it is peer to peer then they mirror that portion of the traffic for further analysis (or at least that is how I have been told it is going to work).
Secondly, I have seen a lot of press releases from VM saying they have been in discussions with the EC about this - not according to the Commission they haven't. In my discussions with the Commission they told me neither Virgin nor Detica had been in touch with them and I know they have stated the same to at least one journalist as well.
Now to the most important point - under RIPA 2000 it doesn't matter what they do with that data once they have intercepted it - the whole "We anonymise it" argument is simply misdirection - the law states that it is a criminal offence to intercept communications irrespective of how they are then processed, without first having obtained consent from all parties involved in that communication or a court issued warrant.
If I have said it once I have said it 20 times - if Virgin Media deploy this technology Privacy International will make a criminal complaint to the Metropolitan Police - we are not bluffing, we are incredibly serious. For those who think this is an idle threat I should remind you I already have a criminal case filed against Phorm and BT which is currently with the CPS by instruction of the Director of Public Prosecutions.
Cookie misdirection my arse. Anyone who has even the slightest idea of how cookies and networks work can see this to be a complete pile of crock.
The ONLY way that cookie could have been redirected is from AT&T messing around with data flow - this stinks of DPI - absolutely festering with it.
I will be very interested to see what the techsperts say about this once they have had more time to investigate the situation - but it is pretty obvious from where I am sitting that AT&T are talking our of their misdirected arses.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
