Friday, 30 July 2010

Opening the envelope

Chris Williams from The Register was making some interesting points in his recent article on the extent to which internet service providers can protect its users from innocently accessing a website that contains code, or malware, that might later cause some damage to that user.

Is it right that internet service providers should engage in this activity in the first place? After all, the purpose appears pretty benign – which is to safeguard users from attacks which may be caused by third parties with wholly malicious intent.

But is it right that internet service providers should engage in this activity in a manner that does not immediately appear transparent? If all users were aware of the work that the internet service provider was doing, then would it still be appropriate for these protective measures to be applied, even in circumstances when the user was not able to object to such (protective) activity?

And what should happen to internet service providers who were not so transparent?

This got me wondering whether there were other circumstances in which an internet service provider might be able to “monitor” a user’s communications in an opaque manner.

For me, the problem lies in coming to terms with what internet service providers are allowed to monitor, in terms of the traffic records that a user creates, and when a line must be drawn which separates the traffic element of the record from the content element – which is obviously much more sensitive, or “personal” to the individual user.

Parliament has historically applied the rough and ready definition of IP “traffic” information as being information which comes before the first "/" of an IP address. Accordingly, by a process of deduction, IP “content” information has to be any - and all - information which comes after that first “/”. So, if I were to access Chris Williams’s article, Parliament would presumably hold that the ISP is allowed to retain logs relating to the traffic information (in this case , but the ISP would need to try a lot harder to explain why it should retain logs relating to the content information (in this case

When is it appropriate for an internet service provider to retain the content logs?

And for how long is it appropriate for the provider to retain these logs?

And what use should they be permitted to make of them?

And how might we, as a community, develop a consensus on such a divisive issue?

These questions are not new. Over half a century ago, Dylan Thomas wrote vividly about this issue in his seminal radio play “Under Milk Wood”, which covers the events of a day in Llarregub, a fictional Welsh village. One of the characters Mr. Willy Nilly, the postman, dreams of delivering the post in his sleep, and physically knocks upon his wife as if knocking upon a door. In the morning they open the post together and read the town's news, so he can relay it around the village.

Is it really appropriate for an internet service provider to open the post and read all of the private correspondence, just like Mr Willy Nilly did? Or have our standards moved on from when that play was first broadcast in 1953?

Answers on a post card, please, to the usual address.