Feeds

Sky News hack of Canoe Man's email in public interest, Ofcom says

Broadcaster's right to expression trumps privacy - this time

High performance access to file storage

Sky News hacked into Yahoo! email accounts owned by John and Anne Darwin and broadcast their contents to the world - but Ofcom reckons that's OK, thanks to the unique nature of the case.

John Darwin is better known as the "Canoe Man", who faked his own death so his wife could collect his life insurance and they could both enjoy a new life in Panama.

Following the successful prosecution of the couple for fraud, Sky News revealed it had hacked both their Yahoo! accounts and shared the contents with the police, an admission which prompted Ofcom's investigation.

Investigations are normally triggered by a complaint from the aggrieved party, but when the head of a national news organisation goes on TV and admits his journalists committed a criminal act the regulator finds itself obliged to investigate.

BSkyB denied nothing and cooperated fully with the investigation, which is laid out in detail in Ofcom's Broadcast Bulletin (PDF, starts at page 71 after the usual slaps on the wrist for swearing and such). The investigating journalist sought permission from his managing editor to hack the email accounts, and permission was granted - without anyone seeking legal advice.

It's the kind of thing which wouldn't happen in a post-Leveson world, but at the time Yahoo! accounts could be easily compromised by guessing a few security questions. As the police were apparently taking no interest in the mailboxes, the information gathered by the journalist proved extremely important.

There was little doubt that John Darwin had faked his own death for monetary gain, but his wife's defence rested on the allegation that he had coerced her into complicity. The email exchanges between them were, therefore, important in showing a "very close loving relationship" and undermining the wife's coercion defence.

BSkyB says that at the time it had no guidelines on this sort of thing as "Sky News did not usually undertake investigative journalism, however when it does, the record showed that it is extremely rare for it to authorise conduct which has the potential to involve contravention of the law", which is (sort of) a relief.

Sky News also did the right thing in passing the information on to the police and saying nothing afterwards, says Ofcom, which is all very public-spirited, but doesn't change the fact that it would appear to be a breach of the Computer Misuse Act 1990, under which "unauthorised access to computer materials" (under which interception of emails falls) is not permitted.*

Ofcom doesn't really care if the journalist broke the law or not in hacking the email accounts - that's beyond the remit of a media regulator. The question they're concerned with is whether Sky News broke privacy regulations by broadcasting the contents of those mail messages once they'd been hacked.

Even convicted fraudsters are protected by privacy legislation, but in this instance (and this instance only) Ofcom has decided that the messages were of such legitimate interest that it outweighed their right to privacy.

Not that this is intended to set any kind of precedent, as the regulator makes abundantly clear:

Ordinarily, Ofcom would be unlikely to consider it warranted for a broadcaster to allow its journalists to access private email accounts and subsequently disclose email correspondence without permission or authority from the account holder for such programme content.

So journalists, and aspiring journalists, should take note: don't broadcast the contents of the mailboxes you hack into, unless you think you might be able to get away with it. ®

*While public interest is not a defence in this particular law, it is entirely at the discretion of the police and the Crown Prosecution Service to decide whether or not to prosecute, and it appears they have chosen not to do so.

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Intel sees 'signs of improvement in the PC business' but earnings remain 'Meh...'
Prospects for the future, however, please Wall Street money men
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.