Original URL: http://www.theregister.co.uk/2010/09/13/ripa_email_advice/

Police legal advice gives spam RIPA protection

None for your read messages though

By Amberhawk Training

Posted in Law, 13th September 2010 11:30 GMT

The voicemail hacking incident is still exercising MPs – especially the Labour ones who did little to protect individual privacy during the party's decade in power (see last week’s blog).

So when Assistant Commissioner John Yates of the Metropolitan Police Service (MPS) gave evidence on “Specialist Operations” to the Home Affairs Select Committee (last week), MPs on the Committee took the opportunity to ask a range of questions about the lack of prosecutions re such hacking.

Yates’ answers reveal that the MPS has obtained legal advice from a leading QC which, if applied in practice, means that unread spam messages receive a high level of privacy protection under the Regulation of Investigatory Powers Act (RIPA) whereas read private email messages of immense confidentiality do not receive any privacy protection from RIPA. Don’t believe me? Then read on.

In relation to the incidence of “voice mail hacking”, Yates said the following (at Q5):

Hacking is defined in a very prescriptive way by the Regulation of Investigatory Powers Act and it’s very, very prescriptive and it’s very difficult to prove.... There are very few offences that we are able to actually prove that have been hacked. That is, intercepting the voicemail prior to the owner of that voicemail intercepting it him or herself.

Note my emphasis on “prior to the owner of that voicemail intercepting it him or herself”? What does that imply?

Consider the relevant provisions of RIPA and its definition of interception. Section 2(2) of RIPA states that “a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if [he makes] some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication”. Section 2(4) states that an “interception of a communication” has also to be “in the course of its transmission” by any public or private telecommunications system.

I had not appreciated the significance of “in the course of its transmission” or “while being transmitted” until now – but John Yates’ testimony has put an end to that. What Yates appears to be telling the Home Affairs Committee is that the MPS legal advice states that once the lawful recipients have read or listened to their Inbox messages, there can be no interception in connection with those messages. The RIPA offence falls away because each read message “has been transmitted” rather than “is being transmitted”.

So consider your email (or telephone) inbox. According to the MPS legal advice, if someone gains unauthorised access your unaccessed voicemail or inbox messages, there is an interception of communications under RIPA, and the risk of a custodial sentence. If you have read your messages, there is unlikely to be an interception and no RIPA offence. Of course Section 55 offence under the Data Protection Act could be engaged, but that is not going to frighten anyone (see last week’s blog).

Now consider what you did today. In your email inbox will be all sorts of messages, some of which you will no doubt leave unread (eg spam in your deleted items folder), and some of which you will undoubtedly read and subsequently cherish (eg mailings from me or Amberhawk). The unread deleted messages gain the full protection of RIPA, whereas those messages that you have read do not. In other words, the MPS legal advice appears to imply that RIPA provides a very a topsy-turvy world of privacy protection.

However, there is a more serious side to the MPS legal advice. If it is correct, then any claim that RIPA provides a high level of protection against the misuse of RIPA powers by law enforcement agencies could easily be misplaced. For instance, suppose the law enforcement agencies wanted to gain access to the content of your email inbox: in relation to the content of your read messages, there would be no interference, and there would be no need to obtain a warrant, because RIPA is not even engaged. RIPA’s warrant provisions only cover unread messages.

However, access to the content of your read inbox items would be protected by the Data Protection Act. As this legislation provides for very minor offences and a weak, underfunded, regulatory regime, that is why the MPS legal advice has far more worrying consequences.

It is for this reason that the arguments underpinning the MPS legal advice have to be published in full - Mr Yates' comments on RIPA cannot be left to gather dust. If they are seen to be correct, then Parliament needs to call for a complete review of all RIPA powers, as when it provided public authorities with intercepting powers in 1999, Parliament had in mind the content of all messages – not just the unread ones.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.