Under the Privacy and Electronic Communications (EC Directive) Regulations (PECR) and the Regulation of Investigatory Powers Act (RIPA) as well as the European ePrivacy Directive, that interception and processing of communications requires either explicit informed consent from all parties or a warrant.
It should be noted that there is no exemption in the regulations for the purpose of detecting illicit copyright infringement – and indeed in such cases where interception is being used for law enforcement, a warrant is required.
Virgin Media’s plans assume that all consumers are guilty of copyright infringement until their communications data proves otherwise – whereas the onus should be on the injured parties to provide their own evidence that an infringement has occurred.
Mr. Nicholas Bohm (General Counsel to the Foundation for Information Policy Research) has said
“If the Detica system checks the files passing through the network against a database provided by rights holders (or does this via checksums or hashes), then it seems to run into exactly the same objections as the Phorm system, namely infringements of RIPA and PECR unless the necessary consents or authorisations are obtained. I do not see how even the Phorm RIPA argument (that interception was permitted for the purpose of a service provided to the user) could apply here, since no service is being provided and no consent obtained on any basis.”
I see a FOI request has also been raised regarding this issue http://www.whatdotheyknow.com/request/deticacview_and_virgin_media
From ZDNET: http://news.zdnet.co.uk/security/0,1000000189,39906062,00.htm
"In CView, web traffic first enters a network device, or 'black box', where IP address information is discarded, Detica media accounts director Dan Klein told ZDNet UK on Thursday. The data packet is then scanned to see if it follows one of the three main file-sharing protocols — BitTorrent, Gnutella and eDonkey — said Klein.
"We don't look at anything else, because we don't have the processing power," said Klein.
If the packet does follow one of those protocols, it is opened to check whether the data inside is licensed. Detica is currently testing different music-fingerprinting products, including Shazam, Gracenote, Digimark and Audible Magic, to gauge whether the file contains licensed or unlicensed data.
Klein added that encryption of data would cause major problems for CView. "Encryption of the data packet would defeat us," he said. "We're not going to put the processing power into defeating it.""
So, only a portion of the possible problem is considered due to processing power, encryption will defeat the system entirely and anything that is spotted is going to be identified by something akin to the ever reliable Gracenote? For me that's the clearest indication yet that the piracy angle is a trojan horse to get a more general monitoring / monetising system in place.
The above article was then followed with this: http://news.zdnet.co.uk/security/0,1000000189,39906065,00.htm
"One of the companies that supply intelligence technology to the government has criticised UK plans to monitor file-sharers.
Detica, told ZDNet UK on Thursday that government plans to force ISPs to identify unlawful file-sharers were not proportionate.
"If the government chose to go down that route, we would come out strongly against," said Detica media accounts director Dan Klein. "It's not necessary or proportionate.""
On the one hand Detica are providing the technology to intercept web traffic, and on the other hand they are saying the use of the same technology is not proportionate. Best of both wrlds there.
Finally, for now:-
RIPA makes it an offence to intercept the traffic, it does not matter whether the traffic has been "aggregated and anonymised" or not, the offence has already been committed.
Say Thanks.
