Carl Johnson on Friday, January 28, 2005 at 9:20 PM said:-

> and that RIPA Is (as thought by 
> many) to be a bad act aimed at revoking the fundamental right 
> of privacy.

Surely those viewpoints and perspectives merely provide an indication of any
stance taken by the person making the observation regarding the privacy or
personal data of any data subject in relation to any personal data in
question. As such any regulation to either protect or breach privacy/data
protection rights could appear to validly have the same comments made.

e.g. In respect of RIPA, one could equally say that the act provides some
privacy protections within investigative practices, irrespective of who is
conducting them.

Surely, as piggy backing is merely one method of social engineering used by
investigators from the various sectors to obtain personal data which they
otherwise failed to collect at the time, privacy can seem to be the
utilisation of a multitude of methods to maintain the dignity of the
subjects and allow them to determine their own path in life over time.

Privacy as organisational security/maintenance of culture appears to
function in a very similar way, but seems to be one area where data
protection often gets confused, sometimes to the detriment of both the
security of the social group and the wider personal privacy experience. Take
the QMC baby snatch and ensuing court case some years ago as an example, if
that had remained a private matter only known within the hospital, the
subsequent appeals for wider privacy and security enhancements of maternity
wards may never have occurred.

Ian W


> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Carl Johnson
> Sent: Friday, January 28, 2005 9:20 PM
> To: [log in to unmask]
> Subject: Did he really hack the DEC website?
> 
> 
> You may remember a week or two ago, there were reports that 
> someone had attempted to hack the DEC website.
> 
> We were told that BT had noticed this unusual activity and 
> that the information was passed to the Police.
> 
> The person was arrested and is due in court next week.
> 
> I've just been reading an article 
> (http://www.nbr.co.nz/home/column_article.asp?id=11189&cid=3&c
> name=Technolog
> y)
> 
> Which claims that the unusual activity was the person 
> accessing the site through a 'non standard browser' (i.e. 
> Lynx as opposed to Internet Explorer, Firefox or one of the 
> multitude of other browsers out there).
> 
> Given that the reports I've read state that BT are providing 
> the payment services for the DEC site, one would assume that 
> this unusual activity would have appeared in their server 
> logs. As many of us know, server logs contain various data 
> including the browser, ip and activity carried out by the 
> user on the site.
> 
> However, that doesn't directly relate to a telephone number 
> or address (unless the user has their own hostname which is 
> registered with nominet). An IP can only be 'translated' (for 
> want of a better word) by the ISP looking at CLI (for 
> PSTN/GSM services) or on the various authentication servers 
> used in broadband (be it wifi, 3g, cable or DSL).
> 
> I would expect the process to be:
> 
> 1). The owner of the site/logs detects this 'unusual 
> activity' and reports this to the police (supplying the IP 
> and other details).
> 
> 2). The police then contact the ISP who owns the IP address 
> and makes a request under RIPA or the DPA for the CLI or 
> address of the subscriber.
> 
> 3). The raid is carried out and the 'suspect' is arrested.
> 
> Of course, the case has yet to be heard and if these claims 
> are accurate, I would expect the charges to be dropped before 
> it reaches court.  So lets assume that this report is wrong 
> but something of this nature occurs in the future.
> 
> I'm under the impression that CSP data is now only supplied 
> under RIPA - Can anyone verify this? If this is the case, 
> surely it shows that compelling a controller to release 
> information rather than making a S29 request which allows a 
> controller to refuse is wrong and that RIPA Is (as thought by 
> many) to be a bad act aimed at revoking the fundamental right 
> of privacy.
> 
> I still, for the life of me cant work out why RIPA is 
> necessary. At worst, the police would need a court order to 
> obtain data. That way, they have to give a justification for 
> the information (as with S29). I'm not familiar with RIPA and 
> wonder if such justification is needed (i.e. would the ISP, 
> for example have seen a copy of the logs in order to assist 
> with their enquiries or would there have just been a form 
> saying "We require the subscriber details or telephone number 
> using xxx.xxx.xxx.xx (ip) at xx;xx
> (time) on xx/xx/xxxx (date)?"
> 
> Would anyone care to answer these question or comment on this?
> 
> Regards,
> 
> Carl
> 
> 
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 28/01/2005
>  
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to 
> the list owner
>               [log in to unmask]
>   (all commands go to [log in to unmask] not the list please)
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^