PI warns that new ISP interception plans will be illegal
privacyinternational.org
26/11/2009
Privacy watchdog warns that new ISP interception plans will be illegal
For immediate release
The global watchdog organisation Privacy International today expressed its deep concern at the revelation that Virgin Media is about to commence a trial of Deep Packet Inspection technology by Detica, known as CView.
It has been reported in the press that Virgin Media is planning to deploy the trials across 40% of its customer base without either obtaining a warrant or seeking the consent of all parties involved in the communications.
http://www.theregister.co.uk/2009/11/26/virgin_media_detica/
http://www.computerweekly.com/Articles/2009/11/26/239469/virgin-media-to-trial-piracy-detector.htm
http://www.detica.com/index.php?option=com_articlemanager&Itemid=266&task=display&artid=317&year=2009
http://www.ispreview.co.uk/story/2009/11/26/virgin-media-uk-trial-deep-packet-inspection-to-track-illegal-file-sharing.html
Under the Privacy and Electronic Communications (EC Directive) Regulations (PECR) and the Regulation of Investigatory Powers Act (RIPA) as well as the European ePrivacy Directive, that interception and processing of communications requires either explicit informed consent from all parties or a warrant.
We would also remind the UK Government that it is already subject to Stage 2 of Infringement Proceedings by the European Commission for failing to address the issue of interception of communications data when Phorm Inc. trialled similar Deep Packet Inspection technology with BT Group PLC. In 2006/2007 for the purpose of behavioural advertising.
It should be noted that there is no exemption in the regulations for the purpose of detecting illicit copyright infringement – and indeed in such cases where interception is being used for law enforcement, a warrant is required.
We are further concerned that such a system generates a paradigm shift with regards to the balance of justice. Virgin Media’s plans assume that all consumers are guilty of copyright infringement until their communications data proves otherwise – whereas the onus should be on the injured parties to provide their own evidence that an infringement has occurred.
Mr. Nicholas Bohm (General Counsel to the Foundation for Information Policy Research) echoes our concerns:
"If the Detica system checks the files passing through the network against a database provided by rights holders (or does this via checksums or hashes), then it seems to run into exactly the same objections as the Phorm system, namely infringements of RIPA and PECR unless the necessary consents or authorisations are obtained. I do not see how even the Phorm RIPA argument (that interception was permitted for the purpose of a service provided to the user) could apply here, since no service is being provided and no consent obtained on any basis."
Another concern is that such technology will only lead prolific infringers to move to Dark Nets, Open WiFi networks and Encryption. This will result in a catastrophic number of false positives.
Mr. Alexander Hanff (Head of Ethical Networks, Privacy International) responds:
"I am deeply concerned that Detica’s CView used in this way will infringe on consumer’s fundamental rights to privacy as afforded to them under UK and EU Law. I am dismayed that despite the Commission’s Infringement Action, the private sector still believe they can conduct such activity lawfully. The Commission have made themselves completely clear that informed consent is required under existing EU Directives. Due to the chaotic enforcement by relevant public authorities, that the UK has become a hotbed for surveillance."
Privacy International is currently drafting complaints to the Information Commissioner’s Office and the European Commission on this matter. We would ideally file a complaint to the Interception Commissioner, but as has been highlighted by the European Commission’s Infringement Action, the UK has failed to meet the requirements of the EU Directive in appointing one for private sector RIPA violations.
Privacy International will pursue all avenues available to ensure that such privacy infringements will not be permitted to continue.
Alexander Hanff
Privacy International
Nicholas Bohm
Foundation for Information Policy Research
