ISP spying

Rainmaker said:
Your terms are one thing, but what about the law? Genuine question, I'm curious! Wouldn't that be classed as interception under RIPA, i.e. a criminal offence? What about related legislation like the Wireless Telegraphy Act or the Computer Misuse Act? Surely intercepting communications between parties without a court order, whether they're sent plain text or not, is unlawful?

All this fuss with Phorm, and the ICO is still twitchy even though they've said the data collected is anonymous... I wonder what the reaction would be if they started reading emails?! :eek:

EDIT - Forgot to add, I'm with UK Online and they (Easynet/Sky/UK Online) have a massive fibre backhaul, plenty enough bandwidth for everyone. I download at 2.2MB/sec and transfer (up/down) well over 500GB a month. They said that's fine and they don't cap/throttle. Out of interest what ISP do you work for?
Click to expand...

Thats a good question, my understanding is that our terms should cover it, similarly to how a business can monitor emails it's staff sends. Don't get me wrong, I'm not a legal expert in this area so I'm not sure. I've been told what we are doing is legal and we're not reading emails, my point was merely that it's a few clicks away if somebody chose to.

Given that traffic is traversing our network and people are warned, it isn't strictly interception either...

Backhaul for LLU providers is different obviously, however they may have a very high bandwidth core but I'd be surprised if they have truly high bandwidth connections to each exchange. As I said previously the problem isn't the ISP core, it's the BT central part for ISPs who aren't using LLU, for LLU providers it's the redundant connections to each exchange.

I work for a business ISP you'll never have heard off I suspect, our customers are generally banks and such in london, ADSL is just a sideline so we can offer them homeworker solutions...
 
I certainly read the Ts & Cs provided by mine, there's nothing about interception of communications! I'm always bemused when companies quote "policy" and seem to believe it provides a get-out clause from statutory law. A company policy could state they reserve the right to rape and pillage, but it doesn't mean that makes it legal LOL

Bigredshark, thanks for the reply; it made interesting reading :)
 
You are telling me you can inspect the payload of SSL encypted packets? Apart from knowing were it comes from and were it is going to?

Breaking the encryption you are breaking the law.
 
Last edited:
drak3 said:
You are telling me you can inspect the payload of SSL encypted packets? Apart from knowing were it comes from and were it is going to?

Breaking the encryption you are breaking the law.
Click to expand...

destination and source IP are outside the encryption, how else would we know where to route it to?
 
SSL runs at the application layer, so the destination and source are by definition outside of the equation. I asked if you inspect the payload, or if you are just "guessing" from the source what it might be.
 
drak3 said:
SSL runs at the application layer, so the destination and source are by definition outside of the equation. I asked if you inspect the payload, or if you are just "guessing" from the source what it might be.
Click to expand...

SSL is used for very few things (secure web pages and SSL VPN, legitimately thats about all). If you're putting through 6mbps of SSL traffic then it's difficult to justify as legitimate, we'll listen because we deal with business but if it was consumer ADSL we wouldn't be so accomodating.

So no payload inspection, however if we wanted to try we have copies of all the capture files going back a few months.
 
bigredshark said:
SSL is used for very few things (secure web pages and SSL VPN, legitimately thats about all). If you're putting through 6mbps of SSL traffic then it's difficult to justify as legitimate, we'll listen because we deal with business but if it was consumer ADSL we wouldn't be so accomodating.

So no payload inspection, however if we wanted to try we have copies of all the capture files going back a few months.
Click to expand...

If you cant prove what a person on *** ADSl connection is doing is illegal, would you still do something about it? Like what if they simply said they was downloading legal files from usenet, and simply use SSL because their news service provides it, so why shouldnt they use it.
 
I've always wondered about Torrents. ISPs I get the impression feel that people on download stuff they shouldn't i.e. movies, songs, software etc., but would they be able to prove or not that somebody might just be permanently distributing e.g. open source software?
 
bigredshark said:
SSL is used for very few things (secure web pages and SSL VPN, legitimately thats about all). If you're putting through 6mbps of SSL traffic then it's difficult to justify as legitimate, we'll listen because we deal with business but if it was consumer ADSL we wouldn't be so accomodating.

So no payload inspection, however if we wanted to try we have copies of all the capture files going back a few months.
Click to expand...

Fair enough. Of course you keep copies since it is required by law (UK at least).

A well encrypted payload will keep a cluster fully loaded for a few weeks, so I guess is up to the "importance" of the payload.
 
Last edited:
Dist said:
If you cant prove what a person on *** ADSl connection is doing is illegal, would you still do something about it? Like what if they simply said they was downloading legal files from usenet, and simply use SSL because their news service provides it, so why shouldnt they use it.
Click to expand...

Yes is the quick answer, my concern isn't legality in the end (as I said we're not the copyright police) it's impact on our network. If somebody is transferring at 6mbit+ for days on end then that's something that broadly isn't acceptable.

We'd contact the customer and say we've seen it, explain that it degrades the network and ask what they're doing. If it's a business and they explain they're doing an online backup then we'll allow that, if it's a homeworker with no good explanation thats different.

Our point of view is that how much legal content is there on usenet (I mean, beyond 20GB a month or so...). I feel we're pretty reasonable and we'll generally always speak to users before taking any action (the benefits of being business orientated you could say), we don't shape traffic normally and it's fairly rare we apply it to individual users but we retain the ability.
 
drak3 said:
Fair enough. Of course you keep copies since it is required by law (UK at least).

A well encrypted payload will keep a cluster fully loaded for a few weeks, so I guess is up to the "importance" of the payload.
Click to expand...

It's not required by law at all, we don't keep a copy of all data transfered (if the government wants us to do that they can pay for the storage) just the regular captures we take. What we do retain is email and radius logs since the beginning of time...
 
bigredshark said:
my concern isn't legality in the end...it's impact on our network. If somebody is transferring at 6mbit+ for days on end then that's something that broadly isn't acceptable...

...If it's a business and they explain they're doing an online backup then we'll allow that, if it's a homeworker with no good explanation thats different.
Click to expand...

So a good excuse reduces the impact on your network? Sweet - must be some new technology I missed ;)

With the advent of iPLayer and other ondemand sources I think you guys are going to struggle to peddle the 'fair usage' cop-out for much longer - there are other models available and I suspect you will have to select one over the next few years.

I do understand why the pricing model has been set up as it has, but I do still take umbridge at the 'deceptive' nature of the advertising that goes with it. Throttling, capping, and 'playground policing' as you described need to go - I will happily pay for my usage habits (hardly any TBH <10Gb per month) but I'm sick of ISPs trying to pull the wool!
 
In fact, excuse the rant, but:

Who the hell are you to decide the relative value of my browsing/web usage? Just give me the service I damn well paid for! :mad:
 
cavemanoc said:
In fact, excuse the rant, but:

Who the hell are you to decide the relative value of my browsing/web usage? Just give me the service I damn well paid for! :mad:
Click to expand...

He's already said his ISP is a business/home-worker provider so its quite different to a standard consumer adsl connection.

You seem to be missing the point - he's only interested in stopping customers messing up the network. Hardly anything shocking/out of order about that.
 
From my previous:

So a good excuse reduces the impact on your network? Sweet - must be some new technology I missed
Click to expand...

Essentially it is OK to use the full bandwidth for which you pay, provided you have a good reason/note from your mum/term paper due. But not if you don't feel like explaining why you have chosen to use it :(
 
It's hardly 'evil' of a company to contact high bandwidth users personally and ask them why they're doing it, rather than just randomly enforcing bandwidth limits, STMs or FUPs.
 
You must log in or register to reply here.
Back
Top Bottom