Friday, 22 April 2016

Who would want to work for an ISP? #IPBill

Working for an ISP you could find yourself between complying with IP Bill, or Data Protection Act, or your employer contract, and no way out. One way or another you are in the shit!?

Who would want to work for an ISP?

And those that do - will government compensate ISPs for the extra cost?

5 comments:

  1. Well, they've said they will provide funding, but not *how much*. So it'll probably be about 1p.

    Will that do?

    ReplyDelete
    Replies
    1. I wonder whether the government's ambiguity on funding would explain something that I’ve never managed to make sense of about the IP Bill. Given that the government patently wants to be in a position to have instant access to the last 12 months internet logs of every user in the country, why would they go about it using such a cumbersome method as Retention Orders? Unless every ISP is issued with one as soon as the bill is passed (and is in a position to comply technically) they are never going to have access at their fingertips to the complete 12 month record of everybody. It’s not as if anyone can say “well we know all the criminals and terrorists use those two ISPs so no need to issue Retention Orders to the rest” and you can’t predict 12 months ahead whose logs you might need access to.

      It would have made more sense, from their point of view, to have simply legislated that every CP must retain logs for 12 months with effect from, say, 6 or 12 months after the Bill is passed. The one reason I can think of to explain why they did not do this is that they have no clue whatsoever as to the extent of costs. This way they give themselves the theoretical right to gain access to what they want but can evaluate over time whether the costs would be prohibitive. Hopefully, if it came to it, A&A could creatively make the costs of new equipment and messing with systems appear unaffordable. I don’t think they could get away with forcing CPs to fund any significant costs involved as that would inflate broadband retail prices, losing public support (among the bovine brained majority) for the Bill.

      Delete
  2. If a disclosure is mandated by law (e.g. the IP Bill), that trumps the Data Protection Act (s35(1) DPA), and statute will (nearly always, if not actually always) trump a contract. Same with equipment interference: if the obligation under an EI warrant would mean a provider seemingly breaches the requirement under the DPA of ensuring appropriate security of personal data (or under the Communications Act as a telco), there is, in fact, no breach, since conduct carried out in accordance with an EI warrant is lawful for all purposes (s88(11) IPB). So nothing to get stuck in between here legally, really.

    If a statute is not compatible with an absolute fundamental right, or interferes disproportionately with a qualified fundamental right, then that is perhaps a bit harder (especially for those without deep pockets), but in that case the "out" would be to challenge the statute, and remove the problematic element of it — if struck down, not stuck, and if not struck down by the CJEU or ECHR, not incompatible legally.

    The greater likelihood of getting stuck is not, in my opinion, between conflicting laws, but between one's legal duties and one's moral compass.

    ReplyDelete
  3. I think complying with a lawful quasi-legal order under the IP Bill would be more than an adequate defence to a DPA breach, or to a breach of your duty to your employer.

    ReplyDelete
    Replies
    1. It would, as long as you're allowed to disclose the order - the gagging provisions could, in theory, be deployed such that you are not permitted to use the order as a defence.

      ECHR would deem that illegal, but if we do leave...

      Delete