Feeds

Police may have had a duty to notify phone-hacking victims

Make sure no-one's listening in when you do, though

  • alert
  • submit to reddit

Security for virtualized datacentres

The Metropolitan Police knew that numerous mobile phones had been illegally hacked by private investigators but failed to alert the phones' owners, according to The Guardian newspaper. If so, the victims should have been told, a privacy expert has said.

The Guardian alleged this week that Rupert Murdoch's News Group newspapers paid out more than £1 million to settle legal cases that threatened to expose evidence of journalists using private investigators to hack into the private mobile phone messages of numerous public figures.

"The suppressed legal cases are linked to the jailing in January 2007 of News of the World reporter Clive Goodman for hacking into the mobile phones of three royal staff," it reports. It also adds that at that time, News Group newspapers' parent, News International, claimed that it knew of no other journalist involved in hacking phones.

It cites two unnamed sources in the Met, one of whom claims that officers found evidence of "two or three thousand" mobile phones having been hacked. The Guardian says that the Met failed to notify the owners of those phones and says that the evidence calls that failure into question.

Rosemary Jay, a data protection expert at Pinsent Masons, the law firm behind OUT-LAW.COM, said that if police knew the details of numerous hacked phones, they would have had a duty to notify the phones' owners.

The hacking of phones is a crime under the Regulation of Investigatory Powers Act 2000. According to Jay, police would have a duty under the Data Protection Act to notify the victims.

"If a crime has been committed in the way that is suggested and police knew the people affected, I think police would have a duty themselves under the Data Protection Act to notify the victims," she said. "That would have given them an opportunity at least to change their mobile phone numbers."

The Data Protection Act says that personal data must be processed fairly and lawfully. It also says that when personal data is obtained from someone other than the subject, the controller of that data must ensure that the subject is given some basic information about the circumstances of the data being obtained.

"This would not apply if telling individuals would entail a disproportionate effort, or in cases where the disclosure would prejudice the prevention or detection of crime," said Jay. "But I struggle to see how the police could rely on either of these justifications. Calling these people is neither laborious nor likely to hamper any investigation."

The Guardian also alleges unauthorised access to confidential databases, such as telephone accounts, bank records and the DVLA's vehicle database. That is an offence under section 55 of the Data Protection Act, but not one that can be punished by a custodial sentence.

In 2006, Information Commissioner Richard Thomas called for that to change, arguing that the 'blagging' of personal data had to be deterred. He said that the illegal buying and selling of personal information should carry a maximum penalty of two years' imprisonment.

The Criminal Justice and Immigration Act of 2008 provides for that custodial sentence, but the provision has never been brought into force.

"I expect that the new Commissioner, Christopher Graham, will call for that change on the back of today's allegations," said Jay.

"There is a defence to section 55 and the new amendment where the circumstances of the blagging can be justified as being in the public interest – but that will not justify fishing expeditions," she said. "Amid today's allegations that blagging was systematic, affecting thousands of individuals, there are unlikely to be more than a handful of cases that can be justified as being in the public interest."

A spokesman for the Information Commissioner's Office told OUT-LAW today: "Any changes to the law are of course a matter for the Ministry of Justice but the ICO continues to believe that custodial sentences are needed as an effective deterrent to those who might be tempted to take part in the unlawful trade in personal information."

"We will be watching the blagging market closely, will prosecute any case supported by evidence and will highlight future breaches of section 55 of the Data Protection Act to Ministers and to Parliament," the spokesman said.

Under RIPA, both the hacker of a mobile phone and those who commissioned the hacking would face the risk of prosecution. There is no public interest defence in that law.

The Met police declined to comment on the accuracy of the Guardian's allegations.

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.