In message
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAArG0cCt8rukWVvhmVO2aCwMKAA
[log in to unmask]>, at
11:55:32 on Sat, 29 Jan 2005, Carl Johnson
<[log in to unmask]> writes
>
>>I hope that ISPs are sufficiently well trained to reject *all* DPA requests
>for such data. Only RIPA should be used, and I'm confident that the NHTCU
>would only use RIPA.
>
>Whilst I would have hoped this would be reported to the NHTCU, I suspect it
>would have been sent to S011 instead (but yes, I know they will be up to
>speed with RIPA too!) I would point out though that there are a great deal
>of vISP's now operating who might not be aware of the acts and their
>implications (I'm aware of at least one company which will setup a vISP for
>anyone).
vISPs won't typically have the data available to them, and the IP will
tend to show up as that of the provider, I'd have thought. Nevertheless,
ignorance is no excuse, and the trade has put a lot of effort into
making sure the message has got through.
>>Huh? The debate over RIPA (in Parliament and elsewhere) was four years ago.
>Not only has the horse bolted, but the stable door has rotted off its
>hinges!
>
>Quite. I wasn’t around during the debate about RIPA but this kind of event
>does indicate (to me, at least) that RIPA should be revoked and requests
>should be made through S29 again - I guess what I was trying to say was: "as
>s29 covers almost any kind of disclosure to the relevant authorities, I
>don’t see the need for RIPA" I do know that a lot of Data Controllers like
>it because it takes the decision making process (and therefore, any
>liability) away from them.
The number of requests has fallen, under RIPA
>>They have to justify a RIPA request, albeit internally to the person who
>authorises the request (who is then answerable to a Commissioner).
>
>If I remember correctly, an inspector can authorise a RIPA request. Its
>going to be hit and miss whether they will have the knowledge to make an
>informed decision as to whether such a request would be appropriate. I would
>assume there are support routes available for them to obtain technical
>advice?
Yes, and the forms will almost always be prepared by a specially trained
person.
>>If CSPs get what they feel to be unreasonable requests there are several
>well developed channels through which they can raise concerns.
>
>Reading your further response as to the format of the RIPA requests, I
>wonder If an ISP would even know if a request is reasonable or not.
It's quite easy to see from the data that's being collected, whether or
not it's reasonable. There's a big difference between one isolated
lookup, and a request for every url every customer has surfed, for
example.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|