Quote:
Originally Posted by TheNorm
Exactly my point. If you considered your data to be sensitive, you would use https (or another form of encryption). By not doing so, isn't the implication the data aren't private? I agree, eavesdropping is impolite - but is it illegal?
|
Yes. The Home Office advice mentioned a few pages back in the thread makes it very clear that intercepting these communications
is illegal under the RIPA without explicit consent, unless the interception is essential to provide the contracted service. Having targeted adverts or some pathetic "anti-phishing" fig leaf is in no way essential to the service any of us pay our money for, which is for the ISP to transfer our communications to the recipient and theirs to us. Reading any more of the communication than is necessary to get it there is illegal, unless they have the explicit consent of BOTH parties, i.e. you _and_ the website.
The Home Office advice suggests that the website is giving implied consent to the interception simply by being a publicly-available website, but I can't see that standing up to a decent lawyer if they're profiling e.g. password-protected, but not https websites, which are reasonably common.
They also say that the users' consent can be contained within the Ts & Cs, but this would require us to give that consent as the interception would involve a massive change to the Ts & Cs given the privacy statements some people listed earlier.
You appear to be suggesting that if the Post Office were to open our letters, read them and sell the contents to a commercial mailing company, then that would be okay because we didn't bother to encrypt what we were writing about with a replica Enigma machine, or that it would be okay for BT to listen in to what we were saying on the phone because we hadn't made it private by using some kind of voice scrambling technology. Just because the message is plaintext doesn't mean we don't have the right to expect it to remain private from those we have contracted to get it from us to the recipient.