What Is "Internet Use"?


A former advisor to the Prime Minister was recently convicted on charges of downloading indecent images of underage girls.

I don't want to go into detail about whether or not his punishment is adequate, but I would like to talk about this curious remark made by the Judge during his sentencing:

beginning today and lasting for two years, you are prohibited from using any device capable of accessing the internet unless it has the capacity to retain and display the history of internet use and you make the device available on request for inspection by a police officer. You are also prohibited from deleting such history.

R v Patrick Rock. Sentencing Remarks of HHJ McCreath - Southwark Crown Court - 2nd June 2016

On the face of it, this seems quite sensible - but what exactly is "accessing the Internet" and what do we mean by retaining "the history of Internet use"?

History

By "Internet history", I suspect most people think of a web-browser's "history" function. Silently recording every page that you've visited.

There are two flaws in this thinking.

  1. All web browsers have an "incognito" mode which prevents a history being created.
  2. History usually covers pages - not embedded media.

I don't know of any way - short of persistent monitoring of a connection - that you could tell if Incognito mode had been used. That's the whole point in it existing. It doesn't delete the history - it never records it in the first place.

Is it enough for the offender to say "just because Firefox has an incognito mode, that doesn't mean I've used it."? Or are they prohibited from using any browser with such a feature?

Secondly, your browser is recording a visit to this specific page in its history. But it is not recording a visit to the page hosting this image:

Persian sand cat

It would be possible to craft a page full of forbidden content, yet have the browser only record a visit to a seemingly innocuous site.

Similarly, a history may record that you visited a specific page on YouTube - but if the video is subsequently deleted, there's no way to know what its contents were.

The Internet is not the Web

It is a common misconception that the Internet is the same thing as the Web. It isn't.

There are many different ways to access the Internet on a device. For example, switching on your Internet connected lightbulbs doesn't use the Web.

  • Suppose this person has an Internet connected thermostat. Does his smarthome have to retain every time he adjusts the temperature?
  • What about email? Can he delete unsolicited spam messages? How about discarding drafts of emails?
  • A games console can access the Internet. But generally doesn't record its Internet use. So can he play on an Xbox if it isn't connected to his WiFi?
  • Most devices will not have access to the encrypted streams that an app requests. So are all apps out of the question unless they also retain a hstory?
  • Consider a Skype video call. Is it enough to preserve the metadata (when was the call placed, who were the participants)? Or does the video and audio need to be preserved?

Thoughts

Is it impractical to completely ban someone from using the Internet given how much of modern life relies on it? If it is, how do you adequately craft an unambiguous order which allows an offender to be monitored without overwhelming complexity?

I'm (obviously) not a legal scholar. The spirit of this ruling seems to be "you can access the Internet only if we're allowed to inspect everything you do" - but the wording seems (deliberately?) vague and technologically naïve.

Does that embolden the guilty party to look for loopholes? Does it give the police too much power to arrest on a whim? Given that it is rarely the "device" which records Internet history, is there any way of practically complying with the order?

What are the alternatives?

  • Directly monitor the offender's Internet connection? Wouldn't be able to see encrypted traffic. Doesn't stop someone buying a SIM card.
  • Install surveillance software on all Internet connected devices? Impossible for Smart TVs, games consoles, eBooks, smart watches, etc.
  • Only use approved apps on approved devices, and ensure that the phone/laptop/games console/etc can't install anything else? Complex and expensive.
  • Ban the offender from buying a burner phone / SIM or using Incognito Mode? This seems to be what the Judge wants - but it is almost impossible to detect.

At this point, we're back where we started. The offender has to be trusted to comply with an order which is easy to unexpectedly break, and those supervising him have an almost impossible job detecting unauthorised use.

I'd welcome thoughts from people better informed than I am.

One thought on “What Is "Internet Use"?

  1. I do not pretend to be any better informed, and I am certainly not familiar with how orders of this nature tend to be drafted, but I do share a number of the same misgivings as you here. None of the reports which I have seen have set out the manner in which the indecent images were downloaded — whether it was saving them from a website, or through BitTorrent or similar, or from a Tor-based server, for example — to be able to see whether the context of the case might shed some light.

    On reading the sentencing remarks, my feeling was much the same as yours: that this will be a very difficult order for someone to comply with, or for others to enforce. Indeed, even if he were able to deploy some kind of gateway-based logging / retention functionality (challenges associated with encrypted / encoded streams aside, along with what constitutes "history" in this context), since the requirement as written is that it is the device which is accessing the internet which must do the retention, even this would seem to be insufficient.

    As such, I do wonder whether the net result, if the order is interpreted as broadly as one might think wise when considering the consequences of breaching it, is that it is an effective ban on using any device which could be connected to the Internet for two years.

    If this is the "correct" interpretation, it gives rise to interesting human rights-based arguments, given the increased reliance on the Internet-based communications and services, including public sector services: is an absolute ban on using any device which is capable of connecting to the Internet, or using the Internet in any form, a proportionate interference with human rights? As I understand it, this order is not a punishment, but is designed to enable assessment of whether reoffending is happening, and it may well be that the answer is "yes, this is the only way of achieving that outcome and, given the gravity of the offences, it is entirely proportionate", but I wonder whether the judge did indeed intend for the order to have such a potential effect, to have triggered consideration of this? (Again, the answer may well be yes to both of those.)

Leave a Reply

Your email address will not be published. Required fields are marked *