Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Portly_Giraffe · 21-04-2008, 17:57

Florence and I have now completed our exchange with Simon Watkin and Andrew Knight at the Home Office and this is what we have concluded from that. Please note that we have focussed solely on the application of The Regulation of Investigatory Powers Act (RIPA) to targeted online advertising.

Overall, what is, and always has been, the primary issue is for ISPs and their partners to assure themselves that they are complying with relevant legislation in providing and offering a targeted online advertising service and to be clear to the users what is being offered, the basis of the offer and how the service operates.

1. RIPA provides a statutory framework for regulating the conduct of public authorities which may interfere with individualsÃ¢â‚¬â„¢ right to respect for their private and family life under Article 8 of the European Convention of Human Rights.

2. RIPA provides for an offence of unlawful interception which any person, absolutely anyone, is able to commit. It also provides for lawful interception of communications.

3. The Home Office (outside of its immigration functions) is not an investigatory body. It is the role of the police to investigate allegations of unlawful interception. The Home Office cannot make the police investigate peopleÃ¢â‚¬â„¢s allegations.

4. It is the unlawful interception of data which is the offence under RIPA (unless that interception has lawful authority), not how the interceptor uses or intends to use that data.

5. To the extent that deep packet inspection amounts to interception of communications (as defined in RIPA), deep packet inspection can be lawful by virtue of section 3(3) of RIPA, for example to identify and give priority to packets of voice data, or to packets of streaming media and other legitimate traffic management issues.

6. For a prosecution against BT over the 2006 and 2007 trails to have a chance of success, then at least all of the following would have to be proved:
(a) That there had been conduct which amounted to interception of communications as defined in RIPA.
(b) That the data intercepted was not simply traffic data whose interception would be lawful by virtue of section 2(5) of RIPA.
(c) That there was no lawful authority to intercept the data as defined in section 3(3) of RIPA or any other lawful authority.

7. The Home OfficeÃ¢â‚¬â„¢s note dated January 2008 considered the application of targeted online advertising services in relation only to open browsing, not to anything using HTTPS or requiring authentication.

8. Even where an ISPÃ¢â‚¬â„¢s end user has opted-in to an advertising service, depending on how that service is offered a question may also arise as to whether the ISP and the targeted online advertising provider has reasonable grounds for believing the host or publisher of a web page consents to the interception for the purposes of section 3(1)(a) or 3(1)(b). It may be argued that section 3(1)(a) or 3(1) (b) is satisfied in such a case because the host or publisher who makes a web page readily available for download (that is, not using SSL or https) from a server impliedly consents to those pages being downloaded.

9. Targeted online advertising undertaken with the highest regard to the respect for the privacy of ISPsÃ¢â‚¬â„¢ users and the protection of their personal data, and with the ISPsÃ¢â‚¬â„¢ users consent, expressed appropriately, is a legitimate business activity.

10. An individual cannot consent to something they donÃ¢â‚¬â„¢t know about and havenÃ¢â‚¬â„¢t been told about or had the opportunity to know about.

21-04-2008, 17:57	#4308
Portly_Giraffe Inactive Join Date: Apr 2008 Posts: 114	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] Florence and I have now completed our exchange with Simon Watkin and Andrew Knight at the Home Office and this is what we have concluded from that. Please note that we have focussed solely on the application of The Regulation of Investigatory Powers Act (RIPA) to targeted online advertising. Overall, what is, and always has been, the primary issue is for ISPs and their partners to assure themselves that they are complying with relevant legislation in providing and offering a targeted online advertising service and to be clear to the users what is being offered, the basis of the offer and how the service operates. 1. RIPA provides a statutory framework for regulating the conduct of public authorities which may interfere with individualsÃ¢â‚¬â„¢ right to respect for their private and family life under Article 8 of the European Convention of Human Rights. 2. RIPA provides for an offence of unlawful interception which any person, absolutely anyone, is able to commit. It also provides for lawful interception of communications. 3. The Home Office (outside of its immigration functions) is not an investigatory body. It is the role of the police to investigate allegations of unlawful interception. The Home Office cannot make the police investigate peopleÃ¢â‚¬â„¢s allegations. 4. It is the unlawful interception of data which is the offence under RIPA (unless that interception has lawful authority), not how the interceptor uses or intends to use that data. 5. To the extent that deep packet inspection amounts to interception of communications (as defined in RIPA), deep packet inspection can be lawful by virtue of section 3(3) of RIPA, for example to identify and give priority to packets of voice data, or to packets of streaming media and other legitimate traffic management issues. 6. For a prosecution against BT over the 2006 and 2007 trails to have a chance of success, then at least all of the following would have to be proved: (a) That there had been conduct which amounted to interception of communications as defined in RIPA. (b) That the data intercepted was not simply traffic data whose interception would be lawful by virtue of section 2(5) of RIPA. (c) That there was no lawful authority to intercept the data as defined in section 3(3) of RIPA or any other lawful authority. 7. The Home OfficeÃ¢â‚¬â„¢s note dated January 2008 considered the application of targeted online advertising services in relation only to open browsing, not to anything using HTTPS or requiring authentication. 8. Even where an ISPÃ¢â‚¬â„¢s end user has opted-in to an advertising service, depending on how that service is offered a question may also arise as to whether the ISP and the targeted online advertising provider has reasonable grounds for believing the host or publisher of a web page consents to the interception for the purposes of section 3(1)(a) or 3(1)(b). It may be argued that section 3(1)(a) or 3(1) (b) is satisfied in such a case because the host or publisher who makes a web page readily available for download (that is, not using SSL or https) from a server impliedly consents to those pages being downloaded. 9. Targeted online advertising undertaken with the highest regard to the respect for the privacy of ISPsÃ¢â‚¬â„¢ users and the protection of their personal data, and with the ISPsÃ¢â‚¬â„¢ users consent, expressed appropriately, is a legitimate business activity. 10. An individual cannot consent to something they donÃ¢â‚¬â„¢t know about and havenÃ¢â‚¬â„¢t been told about or had the opportunity to know about.