Police legal advice gives spam RIPA protection
None for your read messages though
Ensure Ease of Recovery with Asigra’s Agentless Software
The voicemail hacking incident is still exercising MPs – especially the Labour ones who did little to protect individual privacy during the party's decade in power (see last week’s blog).
So when Assistant Commissioner John Yates of the Metropolitan Police Service (MPS) gave evidence on “Specialist Operations” to the Home Affairs Select Committee (last week), MPs on the Committee took the opportunity to ask a range of questions about the lack of prosecutions re such hacking.
Yates’ answers reveal that the MPS has obtained legal advice from a leading QC which, if applied in practice, means that unread spam messages receive a high level of privacy protection under the Regulation of Investigatory Powers Act (RIPA) whereas read private email messages of immense confidentiality do not receive any privacy protection from RIPA. Don’t believe me? Then read on.
In relation to the incidence of “voice mail hacking”, Yates said the following (at Q5):
Hacking is defined in a very prescriptive way by the Regulation of Investigatory Powers Act and it’s very, very prescriptive and it’s very difficult to prove.... There are very few offences that we are able to actually prove that have been hacked. That is, intercepting the voicemail prior to the owner of that voicemail intercepting it him or herself.
Note my emphasis on “prior to the owner of that voicemail intercepting it him or herself”? What does that imply?
Consider the relevant provisions of RIPA and its definition of interception. Section 2(2) of RIPA states that “a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if [he makes] some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication”. Section 2(4) states that an “interception of a communication” has also to be “in the course of its transmission” by any public or private telecommunications system.
I had not appreciated the significance of “in the course of its transmission” or “while being transmitted” until now – but John Yates’ testimony has put an end to that. What Yates appears to be telling the Home Affairs Committee is that the MPS legal advice states that once the lawful recipients have read or listened to their Inbox messages, there can be no interception in connection with those messages. The RIPA offence falls away because each read message “has been transmitted” rather than “is being transmitted”.
So consider your email (or telephone) inbox. According to the MPS legal advice, if someone gains unauthorised access your unaccessed voicemail or inbox messages, there is an interception of communications under RIPA, and the risk of a custodial sentence. If you have read your messages, there is unlikely to be an interception and no RIPA offence. Of course Section 55 offence under the Data Protection Act could be engaged, but that is not going to frighten anyone (see last week’s blog).
Now consider what you did today. In your email inbox will be all sorts of messages, some of which you will no doubt leave unread (eg spam in your deleted items folder), and some of which you will undoubtedly read and subsequently cherish (eg mailings from me or Amberhawk). The unread deleted messages gain the full protection of RIPA, whereas those messages that you have read do not. In other words, the MPS legal advice appears to imply that RIPA provides a very a topsy-turvy world of privacy protection.
However, there is a more serious side to the MPS legal advice. If it is correct, then any claim that RIPA provides a high level of protection against the misuse of RIPA powers by law enforcement agencies could easily be misplaced. For instance, suppose the law enforcement agencies wanted to gain access to the content of your email inbox: in relation to the content of your read messages, there would be no interference, and there would be no need to obtain a warrant, because RIPA is not even engaged. RIPA’s warrant provisions only cover unread messages.
However, access to the content of your read inbox items would be protected by the Data Protection Act. As this legislation provides for very minor offences and a weak, underfunded, regulatory regime, that is why the MPS legal advice has far more worrying consequences.
It is for this reason that the arguments underpinning the MPS legal advice have to be published in full - Mr Yates' comments on RIPA cannot be left to gather dust. If they are seen to be correct, then Parliament needs to call for a complete review of all RIPA powers, as when it provided public authorities with intercepting powers in 1999, Parliament had in mind the content of all messages – not just the unread ones.
This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.
COMMENTS
Same old nonsense, yet again.
RIPA section 2(2) says that an interception can only be of a communication "while being transmitted". Section 2(7) says:
" For the purposes of this section the times while a communication is being transmitted by means of a telecommunication system shall be taken to include any time when the system by means of which the communication is being, or has been, transmitted is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it. "
That doesn't say protection stops when the message has been transmitted - it fact it says exactly the opposite. The "advice" is plainly wrong.
A suitably stored message will be in transmission for s.2 purposes (defining interception) even after it "has been, transmitted ".
This "legal advice" is strongly reminiscent of the Watkin Phorm email - self-serving nonsense. So yes, I want to see it too.
Poetic Justice!
TEN years of Labour rule demonstrate how worthless their plethora of legislation, much more than previous governments, really is.
Now the British Law books are cluttered with meaningless, police time wasting, legislation. How fitting it is that all these Members of Parliament become the victims, many of whom are actually lawyers, and really didn't bother to read the legislation they voted for rather they acted like sheep following Blair and Brown where ever they would lead them.
But..
But.. in general terms, unauthorised access to a computer system is an offence under the Computer Misuse Act 1990 (as amended). So, if I broke into your email system and read your messages then I would be committing an offence anyway.
Voicemail is a bit trickier - does the law interpret voicemail systems as computer systems under the meaning of the act? Obviously it *is* a computer system holding all the messages..
IT infrastructure monitoring strategies
What you need to know about cloud backup
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
Customer Success Testimonial: Recovery is Everything
