Round & round in circles but VM why oh why do you consider Wiretapping your Customers for commercial reasons is not illegal? 

On friday the 28th November I first came to this forum to ask questions of my Internet Service Provider Virgin Media. Following from that on Monday 30th November I sent those questions by recorded delivery to Neil Berkett CEO of Virgin Media. They received the letter on Tuesday December 1st.

Today I received a response from Virgin Media (I wont say a reply as that would be stretching the true meaning of the word.) For those who may have just stumbled upon this thread I shall once more put the questions I asked here in this post.

"Do VM have prior informed consent from your customers to intercept their internet communications for the Detica trial?

Do VM intend to seek such consent from their customers and those with whom your customers communicate using their VM internet connection?

Precisely what legal authority do VM and Detica plan to carry out this interception, processing and inspection, under? What law, statutory instrument or warrant are you going to be  utilising to carry this out?

What communications have VM had with the Home Office, DBIS, Ministry of Justice and Information Commissioner's Office or OFCOM in connection with the proposed Detica trials?

Have VM trialed, or are they considering trialing, any other product or service supplied by Detica involving the use of Deep Packet Inspection?

What communications have VM had with the Home Office, DBIS, Ministry of Justice and Information Commissioner's Office in connection with the proposed Detica trials?

Have VM trialed, or are they considering trialing, any other product or service supplied by Detica involving the use of Deep Packet Inspection?

Is Virgin Media in receipt of a legal opinion regarding the legality of the use of DPI on their customers communications? If so, from whom was it obtained, and where and when will it be available to view by customers?"

Those were the questions I asked of Virgin Media and the CEO Neil Berkett. The following response I received this morning:

[IMG] http://i742.photobucket.com/albums/xx69/ASonberg/VMDeticaResponse.jpg [/IMG]

You may notice a complete lack of any actual answers to the questions I posed. No reference to what legal authority they are doing this under just a vague assurance that CView "meets stringer consumer security design principles." Note computer security design principles not legislation.

Considering Virgin Media have refused to actually deal with the issues I raised, ignored my questions its time for a follow up letter to Mr Berkett and to contact EU Commissioners Reding and Kuneva. Virgin Media obviously are ignoring the lessons from the Phorm issue.

---

ASo wrote:

snip..

 

[IMG] http://i742.photobucket.com/albums/xx69/ASonberg/VMDeticaResponse.jpg [/IMG]

 

You may notice a complete lack of any actual answers to the questions I posed. No reference to what legal authority they are doing this under just a vague assurance that CView "meets stringer consumer security design principles." Note computer security design principles not legislation.

 

---

the lack of reference to legislation and only the reference to "principle" says to me they are not confident of their position and / or the do not have the relevant legal advice to back it up

if they were confident thay would say it was legal

the old weasel words and wriggle room "we did not say it was legal, we said it complied to omputer security design principles" type things if ever challanged

just confirms to me they are trying to wing it and pray

peter

---

BenMcr wrote:
Another article http://www.christopher-parsons.com/blog/privacy/aggregating-information-about-cview/#more-1489

---

Firstly, that article is very interesting but its not an official announcement from Virgin Media. Do Virgin Media intend to inform their customers officially of the trial or are they going to continue with the trial without giving any official information?

Secondly, and very much related to my concerns regarding possible future function creep, the following quote from the article is interesting:

"The other, fairly major, element that isn’t clear is just how easy it is to ‘tweak’ the CView system as Richard suggests is possible. If we’re talking about a firmware update, that’s a fairly low cost with potentially very major functionality changes to the device, and would run counter to the assurances provided by Detica to Richard, the Williams, and myself that the system is designed to provide anonymity." (my bold.)

Again, when can we expect;

1) An official announcement from Virgin Media to their customers regarding this trial

2) Answers to the questions I, sololobo, bluecar1, silentwitness and others have asked of Virgin Media.

Virgin Media have promised at the bottom of their letter to me to "continue to be open and transparent in our communications with our customers." Surely to "continue" something it must be begun in the first place? We are still waiting for answers Virgin Media. The clock is ticking.

---

ASo wrote:

 

Secondly, and very much related to my concerns regarding possible future function creep, the following quote from the article is interesting:

 

"The other, fairly major, element that isn’t clear is just how easy it is to ‘tweak’ the CView system as Richard suggests is possible. If we’re talking about a firmware update, that’s a fairly low cost with potentially very major functionality changes to the device, and would run counter to the assurances provided by Detica to Richard, the Williams, and myself that the system is designed to provide anonymity." (my bold.)

 

---

Of course the rest of that paragraph says:

On the other hand, if it would take a hardware modification, then the infrastructure, manpower and capital expenditure costs to ‘upgrade’ the device might alleviate the drive for ISPs to implement a genuinely granular user-identification system. Function creep with these devices, of course, is a real worry – it would be great for Detica to clarify how these ‘tweaks’ are technically possible as part of their ongoing efforts to be transparent.

---

BenMcr wrote:

 

---

ASo wrote:

 

Secondly, and very much related to my concerns regarding possible future function creep, the following quote from the article is interesting:

 

"The other, fairly major, element that isn’t clear is just how easy it is to ‘tweak’ the CView system as Richard suggests is possible. If we’re talking about a firmware update, that’s a fairly low cost with potentially very major functionality changes to the device, and would run counter to the assurances provided by Detica to Richard, the Williams, and myself that the system is designed to provide anonymity." (my bold.)

 

---

Of course the rest of that paragraph says:

On the other hand, if it would take a hardware modification, then the infrastructure, manpower and capital expenditure costs to ‘upgrade’ the device might alleviate the drive for ISPs to implement a genuinely granular user-identification system. Function creep with these devices, of course, is a real worry – it would be great for Detica to clarify how these ‘tweaks’ are technically possible as part of their ongoing efforts to be transparent.

 

---

Very true but as Virgin Media refuse  neglect to answer questions on the matter we are left to ponder which it is. Can it be modified/updated with just a firmware update or does the system require hardware changes to add functionality?

As with so many of the questions and issues this could be cleared upif VM would actually answer the questions but up to now Virgin Media are refusing neglecting to do so.

Again, when can we have answers to the questions we have asked and when can we have an official statement from Virgin Media? Your employers are being rather unfair to you BenMcr leaving you to deal with the flack here. Its time they acted the part of the responsible internet service provider that Virgin Media claims to be. Delay and obfuscation tactics will not work.

This is one of the reasons for all the objections!

http://www.out-law.com/page-10613

Quote:-

"At the network level the law has to comply with the E-Commerce Directive."

The Directive, which became UK law as the E-Commerce Regulations, absolves ISPs of liability for illegal material on their networks as long as they do not know that it is illegal. It also absolves them of the duty to monitor networks for illegal activity.

"The Directive says that we can't draft legislation that imposes a general obligation to monitor networks," said the spokesman. "And this network level activity would require ISPs to monitor websites on their systems."

Davey said, though, that while the E-Commerce Regulations and Directive do prohibit the passing of laws that require ISPs to monitor activity, this is different to what concerns him.

____________

In my Opinion

That leaves Virgin Media "wiretapping & intercepting the communication of their Customers & those connected to them"  for purely commercial reasons!

---------------------

This is also related because VM via Detica would be copying/translating copyright material without explicit permission without it being part of normal "Network Management!

http://news.bbc.co.uk/1/hi/technology/8420876.stm

---

BenMcr wrote:

 

Of course the rest of that paragraph says:

On the other hand, if it would take a hardware modification, then the infrastructure, manpower and capital expenditure costs to ‘upgrade’ the device might alleviate the drive for ISPs to implement a genuinely granular user-identification system. Function creep with these devices, of course, is a real worry – it would be great for Detica to clarify how these ‘tweaks’ are technically possible as part of their ongoing efforts to be transparent.

but benmcr,

you and i both now, the ASIC's will do the basic traffic separation for speed and effiecency but the there will be a firmware element that will do the clever stuff of processing the data obtained by the ASIC's

and that being firmware it will probably be a simple upgrade to enable new functionality as with any other network kit, and the fact it was not made clear to richard clayton that it is all done in hardware i suspect there is a fair bit of firmware involved

so function creap is a real possibility if required

peter