PMs and the law

[ZiderHead]

The PM function on Templot Club is provided as part of the forum software. If it were not, I doubt that I would have bothered to install or provide such a service. Since anyone on the planet can send a private message to anyone else via email, texting, phone call, social networks, skype, written letter, fax, telex, etc., the need for me to provide an additional service is just not there. And I would think the same applies to many web forums, where the prime purpose is shared communication in public, not private.

 

The problem with removing the PM feature is that in order to communicate using one of the private methods you listed, someone has to post their personal contact details to the entire community on a forum post, rather than just to the intended recipient via PM.

 

I have used PMs in this way on almost every forum Ive been a member of to collaborate in some way with people Ive met through those forums. If I'd had to post personal contact details to the entire forum I would not have done it.

[Clive Mortimore]

Listening to Radio 4 this afternoon the new proposed law would require telecom and internet providers to keep a 2 year record of who contacted who, but not the content.

 

As I write this there are 2 anonymous users watching this thread, is it GCHQ and NSA :scratchhead: :scratchhead:

[martin_wynne]

The problem with removing the PM feature is that in order to communicate using one of the private methods you listed, someone has to post their personal contact details to the entire community on a forum post.

 

Not necessarily. The forum software allows you to send an email to any member via the forum mail server, without needing to know their email address. This travels via the usual email channels in the same way as the topic notifications, so falls within the ISPs legal responsibilities to record the metadata.

 

I have used this function to contact RMweb members in the past.

 

regards,

 

Martin.

[ZiderHead]

OK that would work

[Kenton]

 

I know it doesn't change the existing law, but it has still prompted me to consider the implications.

 

If you know it does not propose anything new - then it doesn't make sense to imply that it does. Individual websites and their owners were not covered by previous legislation. As the only "emergency" is to fix the EU judgement and not to expand (in fact quite the reverse) the existing legislation.

 

Once again - and illustrated here, the media has blown this out of all proportion with the typical "spy under the bed", "Big brother" and "invasion of privacy" scaremongering.

 

Mind you a brilliant bit of politic'ing to make the announcement coincide with the public sector terrorism. (terrorising old ladies into thinking they may burn in their homes as the fire brigade will not be there to rescue them; terrorising young mums as they have to choose between going in to work or staying at home to look after their kids; ...)

[beast66606]

<off topic> <mostly>

 

When WE alter our way of lives the terrorist win - let's get this in proportion guys and gals, this strikes me in the same league as those who imagine that the word "nuclear" on eLists means they will be closed down overnight and the owner shot at dawn.

 

<end of head shaking>

[muddys-blues]

 I log in anonymously most times, so they won't catch me up to no good on here because they won't know who I am !!! 

[martin_wynne]

 I log in anonymously most times, so they won't catch me up to no good on here because they won't know who I am !!! 

 

Unless your real name is muddys-blues we still don't know who you are even when you do log in.

[muddys-blues]

Unless your real name is muddys-blues we still don't know who you are even when you do log in.

See that's how clever I am ... it's a home made double security measure!!!

[Kenton]

 

 I log in anonymously most times, so they won't catch me up to no good on here because they won't know who I am !!! 

but when you registered as a member you gave your name - or was that an alias too?

[martin_wynne]

If you know it does not propose anything new - then it doesn't make sense to imply that it does. Individual websites and their owners were not covered by previous legislation.

 

The vast majority of web sites do not provide a private messaging service for anyone who visits them. Until we actually see the new legislation it would seem wise to keep an open mind on what it might contain. Social networking sites were at least mentioned in the statements today.

 

Martin.

[Miss Prism]

Here's the draft bill.

It looks like it patches what was in the (now void) 2006 Directive with what is in RIPA 2000, so it's not evident there is anything 'new'.

 

In other words, if Martin's worries are such that he wants to close his PM system, he probably should have done it eight years ago.

 

 

 

 

 

[martin_wynne]

Here's the draft bill.

 

In other words, if Martin's worries are such that he wants to close his PM system, he probably should have done it eight years ago.

 

Maybe I should. I have thought about it a few times over the years, and it was listening to the news conference this morning which made me think about it seriously again.

 

Martin.

[raymw]

Hi Martin,

 

My advice would be for you to scrap the pm system on your site - one thing less to worry about. A public forum is meant to be public, no need for individuals to be sneaking around the back.

 

Best wishes,

 

Ray

[martin_wynne]

Thanks Ray. One thing less to worry about sums up my position exactly.

 

Martin.

[Clive Mortimore]

Hi Martin,

 

My advice would be for you to scrap the pm system on your site - one thing less to worry about. A public forum is meant to be public, no need for individuals to be sneaking around the back.

 

Best wishes,

 

Ray

Hi Ray

 

PMs are useful to keep in contact with fellow modellers about issues that do not need to be in public, not everyone needs or wants to know what time and where I am meeting someone at an exhibition. An e-mail, telephone call, text, letter, smoke or semaphore  signals could also be used, it is an alternative means of communication. I do miss telegrams.

[jjb1970]

I must admit I became slightly less cynical about stuff like this when one of my colleagues was arrested for being a Chinese spy, bit embarrassing all around that!

[ZiderHead]

My advice would be for you to scrap the pm system on your site - one thing less to worry about.

 

Or just scrap the entire site - lots less to worry about!

 

 

edit: just in case anyone takes that the wrong way I am not really suggesting that would be a good idea - the templot site is of course a wonderful resource.

[raymw]

Hi Clive,

 

Martin mentioned in post No. 29 that normal emails are available. Personally I have never liked pm's - often folk's mailboxes get full, and they know not how to empty them, and I prefer to keep my stuff myself, so to speak.

 

A bit offtopic - but I thought folk may be interested in maybe how one aspect of monitoring of emails, etc. will be happening - it is not necessarily individuals reading, but automated pattern recognition. http://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare

 

Best wishes,

 

Ray

[Ian Smeeton]

Whatever you do, do not scrap the site.

 

I need to lay out the plans for my invasion of China/India/Russia/Brazil via Iraq/Iran/Somalia with the correctly 'shoved' timbers, and accurate crossing vees somewhere!

 

(Delete as appropriate)

 

And, without your Templot PM system, how am I supposed to keep this under the (RMWeb) authorities'radar

 

Regards

 

 (the Renegade) Ian

[Mythocentric]

What we know about it all is just skimming the surface .We are only told about the stuff that makes the courts .Its far more than that .I can only surmise but I suspect that many a potential terrorist has hopped back to where his tribe originally came from after getting a rather obvious feeling he was being watched .Its not convictions or publicity  that is in the frame ,its STOPPING  suicide bombers .We havnt come across this kind of threat before .Bin laden killed as many Americans as the Japanese at Pearl Harbor .A few email intercepts may well have stopped it all .Freedom to live is more important than a scan of our trivial messaging .

 

Sad to say, no email intercept or any other form of privacy surveillance has ever resulted in a prosecution or detection of terrorist activities. The people responsible for the 9-11 and Omaha bombings carried out their actions right under the noses of the organisations who use these programs to detect them. They failed! The programs in use in the UK are supplied by US Government secret services and part of the agreement in supplying them is an open access exchange of information between those governments. When was the last time you heard a member of parliament mention that. Even more frightening is that GCHQ use such methods despite (albeit feeble) attempts to oversee them with impunity. Indeed GCHQ retain a large team of lawyers whose job it is to find loopholes in the relevant laws to enable them to continue this type of surveillance. The current 'emergency legislation' is a response to legal action being taken against the government by https://www.openrightsgroup.org.

 

MP Tom Watson says: 'None of your MPs have even read this (emergency) legislation, let alone been able to scrutinise it....nobody has had the chance to debate and question.'

 

They know that there is no legal basis for making Internet Service Providers and phone networks retain our data. It goes against the ruling by the Court of Justice of the EU in April, which stated that this kind of data retention is fundamentally incompatible with our right to privacy and protection of personal data.

 

Regards

 

Bill

[Gwiwer]

Rule 1.  What goes on the net stays on the net.  All our PMs can be, if the need arises, viewed and read by a board admin and therefore presumably if under the direction of an officer of law enforcement be released to the agency in question.  I doubt that would ever happen here.

 

How am I aware of this?  Firstly I once regarded it as common knowledge that PMs were only "off-screen" conversations between two people but are not invisible to authorised others; it seems many people are unaware of this.  

 

I previously enjoyed a short-lived "career" as a chat-room host when such things were fairly new and offered by the likes of Microsoft.   We had sight of every "whisper" (the name then used for what amounted to a PM between users not visible on screen to others) in order to monitor content and manage any inappropriate behaviour.  That functionality has been carried over to todays forum software and the many commercially-offered messaging services whether via your phone provider or through the likes of Facebook.  Someone in authority can always take a look at what's been said.

 

The question is for how long after the event and whose responsibility it is to retain the data.  That is what I understand the previous and proposed legislation to address.  It appears to be incumbent upon the service provider to retain such data as the relevant legislation requires.  Then we enter the arena of defining "service provider".

 

I have every confidence Andy and his team are fully aware of the situation and have acted appropriately.  Martin is of course free to act as he sees fit for his own site as are all owners.  An "owner" is not automatically a "service provider".

 

The internet is global.  Legislation applied in one country does not necessarily apply in another.  It is a legislative minefield and I doubt it could ever be made fully watertight.  

 

To borrow a well-used expression "Keep calm and carry on."  But in doing so bear in mind nothing is private on the internet.

[Alister_G]

Martin, you are worrying yourself needlessly. You are not affected by this legislation in any way. The legislation is aimed at service providers only, and as the site owner you are not a service provider under the terms of the legislation. The same applies to RMWeb, neither Warners or Andy Y are obligated to do anything to comply with this legislation, only their hosting provider is affected.

 

Your hosting company is the entity affected by the legislation, and even then, the content of messages, be they PMs or public forum posts does not need to be saved, and in fact should not be retained for longer than 12 months. The legislation is all about "metadata" which translates to dates, times, and IP addresses in the case of internet access.

 

For email, it is an offence for an ISP to store the content of messages, only transaction logs may be stored, and this does not change under the new legislation.For forum posts, this is slightly different, as the content of the messages posted on the forum are part of the content of the site, and will be held in the database, whether they are public posts or PMs.

 

In America, there have been a number of test cases which have set the precedent that if a forum is moderated (i.e the posts to the forum are checked and edited by someone), then the moderator becomes liable for the content of those messages. However, this body of law is concerned with abusive or illegal content, and has no bearing in the UK, nor does it have anything to do with the proposed legislation.

 

To be clear, as site owner, you have no obligation under the proposed legislation.

 

Hope this clears things up.

 

Al.

[martin_wynne]

Martin, you are worrying yourself needlessly. You are not affected by this legislation in any way ....Your hosting company is the entity affected by the legislation, and even then, the content of messages, be they PMs or public forum posts does not need to be saved, and in fact should not be retained for longer than 12 months. The legislation is all about "metadata" which translates to dates, times, and IP addresses in the case of internet access.

 

Hi Al,

 

Thanks for your reply but it really isn't that simple. An email once sent cannot be easily retrieved or deleted by the sender. PM messages are different, they can be posted, read, and deleted in the space of 30 seconds. Having examined my code and discussed the logs from the database engine with the hosting provider it is clear that the PM metadata details are not retained in any meaningful way.

 

We know which IP accessed the site when, but not what changes in my database tables resulted from each specific visit. The site is running my PHP code, so I am the only one who knows how it works, and I am the only one who decides the meaning of each table entry in the database. If I want to keep PM metadata it is my responsibility as database owner to write the required SQL functions. The hosting provider is not necessarily aware of what I'm doing with my database or which entry in which table relates to PM data, or even that I am providing a PM service at all. To keep a permanent record of every change to the relevant tables would consume significant amounts of my web space over time at some cost. And should it be necessary to access such data, I would be the only one with the means to decode it. In practice of course I originally purchased the forum software, but having made significant changes to it over the years, by so doing I have now assumed full liability for it and the vendor would decline any responsibility for the current database design and contents.

 

So although as a web site owner I may not have any obligations under current legislation, should future legislation require PM metadata to be retained, the obligation would fall on me, not the hosting provider.

 

Since it was never my primary intention to provide a private messaging service, it seems daft to provide one in the current climate of uncertainty and I have decided not to continue doing so. I will write a new function for my members to send emails to each other without knowing email addresses, with no means to recall or delete, and keep a limited record of the metadata in a new table.

 

regards,

 

Martin.

[Clive Mortimore]

I give up using simple English. OK the minister when interviewed on Radio 4 did say providers to keep records for 2 years where the proposed bill says 12 months, which I realised when I read the proposed bill (Thanks Miss Prism).

Listening to Radio 4 this afternoon the new proposed law would require telecom and internet providers to keep a 2 year record of who contacted who, but not the content.

 

Martin, you are worrying yourself needlessly. You are not affected by this legislation in any way. The legislation is aimed at service providers only, and as the site owner you are not a service provider under the terms of the legislation. The same applies to RMWeb, neither Warners or Andy Y are obligated to do anything to comply with this legislation, only their hosting provider is affected.

 

Your hosting company is the entity affected by the legislation, and even then, the content of messages, be they PMs or public forum posts does not need to be saved, and in fact should not be retained for longer than 12 months. The legislation is all about "metadata" which translates to dates, times, and IP addresses in the case of internet access.

 

For email, it is an offence for an ISP to store the content of messages, only transaction logs may be stored, and this does not change under the new legislation.For forum posts, this is slightly different, as the content of the messages posted on the forum are part of the content of the site, and will be held in the database, whether they are public posts or PMs.

 

In America, there have been a number of test cases which have set the precedent that if a forum is moderated (i.e the posts to the forum are checked and edited by someone), then the moderator becomes liable for the content of those messages. However, this body of law is concerned with abusive or illegal content, and has no bearing in the UK, nor does it have anything to do with the proposed legislation.

 

To be clear, as site owner, you have no obligation under the proposed legislation.

 

Hope this clears things up.

 

Al.