Feeds

Police legal advice gives spam RIPA protection

None for your read messages though

Internet Security Threat Report 2014

The voicemail hacking incident is still exercising MPs – especially the Labour ones who did little to protect individual privacy during the party's decade in power (see last week’s blog).

So when Assistant Commissioner John Yates of the Metropolitan Police Service (MPS) gave evidence on “Specialist Operations” to the Home Affairs Select Committee (last week), MPs on the Committee took the opportunity to ask a range of questions about the lack of prosecutions re such hacking.

Yates’ answers reveal that the MPS has obtained legal advice from a leading QC which, if applied in practice, means that unread spam messages receive a high level of privacy protection under the Regulation of Investigatory Powers Act (RIPA) whereas read private email messages of immense confidentiality do not receive any privacy protection from RIPA. Don’t believe me? Then read on.

In relation to the incidence of “voice mail hacking”, Yates said the following (at Q5):

Hacking is defined in a very prescriptive way by the Regulation of Investigatory Powers Act and it’s very, very prescriptive and it’s very difficult to prove.... There are very few offences that we are able to actually prove that have been hacked. That is, intercepting the voicemail prior to the owner of that voicemail intercepting it him or herself.

Note my emphasis on “prior to the owner of that voicemail intercepting it him or herself”? What does that imply?

Consider the relevant provisions of RIPA and its definition of interception. Section 2(2) of RIPA states that “a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if [he makes] some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication”. Section 2(4) states that an “interception of a communication” has also to be “in the course of its transmission” by any public or private telecommunications system.

I had not appreciated the significance of “in the course of its transmission” or “while being transmitted” until now – but John Yates’ testimony has put an end to that. What Yates appears to be telling the Home Affairs Committee is that the MPS legal advice states that once the lawful recipients have read or listened to their Inbox messages, there can be no interception in connection with those messages. The RIPA offence falls away because each read message “has been transmitted” rather than “is being transmitted”.

So consider your email (or telephone) inbox. According to the MPS legal advice, if someone gains unauthorised access your unaccessed voicemail or inbox messages, there is an interception of communications under RIPA, and the risk of a custodial sentence. If you have read your messages, there is unlikely to be an interception and no RIPA offence. Of course Section 55 offence under the Data Protection Act could be engaged, but that is not going to frighten anyone (see last week’s blog).

Now consider what you did today. In your email inbox will be all sorts of messages, some of which you will no doubt leave unread (eg spam in your deleted items folder), and some of which you will undoubtedly read and subsequently cherish (eg mailings from me or Amberhawk). The unread deleted messages gain the full protection of RIPA, whereas those messages that you have read do not. In other words, the MPS legal advice appears to imply that RIPA provides a very a topsy-turvy world of privacy protection.

However, there is a more serious side to the MPS legal advice. If it is correct, then any claim that RIPA provides a high level of protection against the misuse of RIPA powers by law enforcement agencies could easily be misplaced. For instance, suppose the law enforcement agencies wanted to gain access to the content of your email inbox: in relation to the content of your read messages, there would be no interference, and there would be no need to obtain a warrant, because RIPA is not even engaged. RIPA’s warrant provisions only cover unread messages.

However, access to the content of your read inbox items would be protected by the Data Protection Act. As this legislation provides for very minor offences and a weak, underfunded, regulatory regime, that is why the MPS legal advice has far more worrying consequences.

It is for this reason that the arguments underpinning the MPS legal advice have to be published in full - Mr Yates' comments on RIPA cannot be left to gather dust. If they are seen to be correct, then Parliament needs to call for a complete review of all RIPA powers, as when it provided public authorities with intercepting powers in 1999, Parliament had in mind the content of all messages – not just the unread ones.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Beginner's guide to SSL certificates

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.