back to article RIPA to be changed to demand full consent to monitoring

It will no longer be enough to have "reasonable grounds" to believe that someone had consented to monitoring of their communications under changes to the Regulation of Investigatory Powers Act (RIPA) proposed by the Government. Putting notice of monitoring in terms and conditions will not be enough to count as consent to that …


This topic is closed for new posts.
  1. Vic

    Won't make any difference

    The CPS still won't bother prosecuting any Phorm-like entities.

    The twats.


    1. Nigel 11
      Thumb Up

      They will have to in future

      If the law is changed so that explicit consent by both sender and recipient is required, that removes Phorm from a grey zone and puts it well and truly on the illegal side of the line.

      Note also that either sender or recipient (depending on where you view it from) is not necessarily a customer of the ISP doing the interception. Note further that it may very well be a big company with deep pockets, and very unhappy that its customers communications are being made available to its competitors, even if only in the form of targeted advertisements.

      (I'm aware that many readers including myself regarded Phorm's past activities as already on the wrong side of that line, but they're moving the line much further in our direction! )

      Goodbye Phorm, at least from the UK. And good riddance.

      1. Vic

        No the won't.

        > that removes Phorm from a grey zone

        Phorm weren't in a grey area.

        What BT did was illegal. But the CPS decided they weren't going to prosecute, and wouldn't let anyone else bring a private prosecution.

        It doesn't matter what laws you've got - if they're not upheld, they might as well be removed.


  2. Anonymous Coward
    Anonymous Coward

    What's the point?

    Why bother when changing the law when the ICO, CPS, police and others refuse to enforce the laws that already exist?

  3. hplasm Silver badge
    Thumb Up


    Where am I? What have you done with The System- it's.... working!

    1. Colin Millar
      Big Brother

      yeah - right

      We have laws against credit card fraud, data protection breaches, phone hacking etc and what gets enforced?

      Non-existent laws against taking photos in public

  4. Anonymous Coward
    Thumb Up

    About time too!

    Time will tell whether this does the trick or not - or even if it gets to the statute book unscathed - but there is still NO excuse for the failure of several police forces up and down the land to prosecute ISPs for interception of communications without consent, as well as criminal copyright abuse carried out by their robot scrapers on small websites - I have in mind the complaints made to local police forces following the "value added" programmes initiated by BT/Phorm, TalkTalk/Huawei and Vodafone/Blue Coat. They have been given good evidence, there has been clear evidence of harm, and the offences were entirely deliberate and knowingly committed. But apparently that's not enough. I can't see the police changing their tune even with the new law - they will still say it isn't in the public interest and they have to consider the best allocation of their limited resources. So the ISPs will still get away with it.

    1. Sir Runcible Spoon Silver badge


      from the article..

      "Earlier this month the Crown Prosecution Service said that it would not launch a case against BT and Phorm as there was not enough evidence to convict."

      I thought that they refused to prosecute because they decided it wasn't in the public* interest.

      *Whoever that is.

      1. Christoph Silver badge

        Public interest

        Public interest was defined in the Clive Ponting case. It's the personal interests of whichever bunch of politicians is currently in power.

  5. David Haworth

    What about DLP?

    How does this impinge on corporate DLP systems? where a company scans the content of emails for data loss. You could get consent from your staff but not the other side. admittedly I've not had time to read the text yet, but it sounds like it could potentially make DLP difficult.

    1. Tom 38 Silver badge

      DLP is irrelevant

      Any company with DLP will also have instructed their employees that computers and networks are a company resource to be used solely for company communications, even if there is no enforcement or penalties for breaching that policy.

      At that point, everything is fair game, from the contents of a PC's hard drive, to the bits sent out through the router. No privacy concerns whatsoever.

      1. David Haworth

        no it's not

        I disagree.

        Many companies, even ones with DLP, allow their staff limited personal use. That aside, the personal use is irrelevant to this discussion. DLP is inspecting the email traffic, whether business or personal. you can get the permission of your staff but how do you get the permission of third parties outside the company? without that permission, how do you scan email things? AV/spam might be easier as it tends to be automated scanning, but DLP stuff tends to be backed up by human eyeballs to confirm that something isn't a false positive.

  6. Loyal Commenter Silver badge

    Cue changes to ISP small-print

    "By using this service, you agree to having all of your communications monitored and to the sacrifice of your first-born on the altar of Mammon."

    1. Anonymous Coward

      You did read the article right?

      "Putting notice of monitoring in terms and conditions will not be enough to count as consent "

      1. Tom 35 Silver badge

        So they add a check box

        Like the way Apple force you to check "I Agree" to the 50 pages of crap before you can use the app store.

  7. Anonymous Coward
    Anonymous Coward

    Sent to CPS yesterday (hopefully will get to right person)

    Awaiting reply.


    Dear Sir/Madam,

    you have put out the following press release: 'CPS decides no prosecution of BT and Phorm for alleged interception of browsing data'.

    Reading it I can find no good reason why you are doing this, and some of the terms are peculiar:

    "alleged interception"

    -- since you're not willing to prosecute, I understand that any interception can only be 'alleged'. This is hardly a defence. I want to know whether it has happened or not, not whether it was 'alleged'.

    "would not be in the public interest to proceed any further"

    -- I am a member of the public and I don't feel this is so, especially as I may have been one whose data was intercepted.

    "it may become clear prior to the collection and consideration of all the likely evidence that a prosecution would not be in the public interest."

    -- if you have not collected and weighed the data I cannot see how you can possibly come to a conclusion about whether a prosecution cannot continue. [*]

    "We obtained expert evidence to enable us to understand how the technology worked, how many people were affected and how they were affected. Those are the key elements of the alleged offending"

    -- I would have said that the key elements of alleged offending was whether the law had been broken. Only after that are mitigating circumstances (such as how the alleged victims were affected) taken into account.

    "Even if further evidence were available and collected, we are satisfied that it could not change our assessment"

    -- this is unbelievable. You are claiming that you would not continue even if incriminating evidence was discovered?

    I don't know why you are trying hard not to prosecute but something is completely strange here. Please explain to me why you will not consider any further evidence even before you have found any, why you will not prosecute when there is clear suspicion of a crime having been committed.

    I believe that if I had to perform such an interception I would expect to go to prison. Why is the law different for large companies? I'm a member of the public, I trust you to uphold the law, I do not believe you are doing so and I don't know why but it makes me uneasy and distrustful of you.


    [*] Realised something interesting about this. I believe there are certain bodies that can't be sued e.g. the UK govt (is this right?) which suggests that a prosecution of phorm might incriminate in some way the gov, which... you see where I'm going.


    The Problem was Never the Law

    If corrupt regulators won't enforce the law, the words of the law don't matter.

    What BT/Phorm (and TalkTalk/Huawei, Vodafone/Bluecoat) did is illegal and criminal under RIPA, Copyright Designs and Patents, Computer Misuse, Data Protection Act, PECR, and Fraud etc etc

    But the Police, ICO, Ofcom, all refused to enforce the law. Apparently enforcing the law isn't in the public or national interest.

    So changing the law won't make any difference until the problem of corrupt police and regulators is solved.

  9. MonkeyBot

    £50k is that all?

    Unless that's £50k per intercepted communication, I can't see this being much more of a deterrent.

    If there are 50k+ people with information that's worth £1 to you, it could be a good deal.

    1. Sir Runcible Spoon Silver badge


      It certainly sounds like you could get fined more as an individual downloading music than a giant corporate scraping thousands of customers* communications.

      *By customer I mean cash cow.

  10. The Fuzzy Wotnot

    "it will only be legal to intrude on private communications if"...'re in the Police, GCHQ and anyone even remotely connected with government offices collecting meaningless stats on anything we do!

  11. asdf Silver badge

    Euro national telekoms

    Woohoo for state sanction monopolies that have spent decades building massive political power. Must be nice to not have to worry about the law affecting your business models.

  12. Anonymous Coward


    ".. RIPA requires the consent of both the sender and the intended recipient of the intercepted communication,"

    So as someone who runs a server I count as the Sender don't I? So things like the Talk Talk stalking bot (which intercepts user urls for later inspection) accessing my server would fall under this and if I don't consent then Talk Talk are violating RIPA?

  13. John Smith 19 Gold badge
    Thumb Up

    Useless for the past, but *possible* use for the future.

    *If* I'm reading this right then

    1) You can't bury a monitoring clause in a 50 page T&C

    2) It has to be a *specific* opt in where you *request* to have your internet access monitored.

    This should stuff Phorm in *future* but the view of the CPS and ICO remains they were gutless.

    *Grudging* thumbs up because that is what the response of the CPS and ICO has been.


  14. Anonymous Coward
    Anonymous Coward

    How does it define monitoring?

    My load balancer is one end of an SSL connection, and that data is decoded inside the load balancer so that my rules (where it's supposed to go) can do what they'er supposed to do. My interpretation of this is that this is no longer allowed, unless you have a non-load balanced page that allows users to choose/not choose to use your service.

    To take it one step further, if I stick WireShark (or whatever) onto a server to try to figure out why things aren't working, will I be breaking this law.

    On a more twisted note, If i add an HTML header to my outbound traffic that contains the text "You do not have permission to monitor this transmission" followed by a unique-to-my-pc 64byte hash, can I traceroute to and then bring suit against each of the carriers in between if a discovery turns up my line of text in any of thier logs????

  15. Anonymous Coward

    How about wireless communication?

    So it would be punishable to receive on a legal (or home made) radio / receiver to receive whatever someone transmit, unless I have a written consent from the sender and every party is intended to receive it.

    Possible examples:

    - A tourist with a radio, who does not pay a UK TV license, so should not listen to the BBC

    in the UK (its ok to listen to the BBC outside the UK).

    - HAM radio amateurs,

    - Plane spotters, listen to cockpit and air traffic control

    etc, etc, etc

    I would think that it is the sender's responsibility to protect theyr communication if they don't want eavesdropping.

    i.e. close the gate if you don't want people to wander onto your yard.

  16. Shanghai Tom

    What is a "a public telecommunications system"

    "any communication in the course of its transmission by means of a public telecommunications system and was not" .. .. ..

    So, is there ANY public system ?

    BT owns BT, O2 is owned by telefonica, and anyone else will no doubt be owned by someone.

    Has anyone seen T&C's of a system that specifically states it's NOT privately owned or "the property of" ??

    I'm no legal beagle, but the phrase clipped above specifically states you only pay a fine if you are caught sniffing on a PUBLIC system .

    Maybe bush telegraph can be considered public, but I do not know of any others :)

  17. Harry

    Re "A tourist with a radio, who does not pay a UK TV licence"

    There is not, and has not been for a very long time, any requirement for a person (whether visiting or UK resident) to have a licence to receive BBC *radio* transmissions.

    Radios needed a licence circa 1960 but it has long since been abolished.

  18. Harry
    Thumb Down

    The law shouldn't ...

    shouldn't be changed to require consent to spyware.

    Instead, it should be changed to PROHIBIT spyware altogether.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020