Saturday, 25 September 2010

RIPA and voicemail

Some comment recently over the Metropolitan Police's view that a Regulation of Investigatory Powers Act prosecution cannot be mounted over interception of voicemails after they have been accessed and read by the recipient.   This interpretation of RIPA has been well known ever since the legislation was enacted. It is something of a grey area, since the key question for stored messages under RIPA S2(7) is whether the system is used for storing the message in a manner that enables the recipient to 'collect it or otherwise to have access to it'. It can be argued that this does include opened incoming messages that are left on the system for future reference. However no court has yet had to consider this and the question remains unanswered.  

The main statute governing hacking is the Computer Misuse Act, which is generally much better suited than RIPA to penalising unauthorised access to data stored on computers. RIPA's predecessor (the Interception of Communications Act 1985) only governed communications in transit. RIPA extended the interception regime to some stored communications and created many anomalies in the process.  For instance whatever the position regarding read incoming messages, it is tolerably clear that the RIPA definition of interception does not cover copies of outgoing e-mail messages stored in a Sent folder, since such copies have never been transmitted to a recipient at all.  The anomalies created by RIPA are largely the result of trying to extend principles developed in the era of ephemeral communications (telephone calls) to self-recording communications such as voicemails and e-mails.

This all came up in the context of voice-mail hacking, discussed in the evidence of Assistant Metropolitan Police Commissioner John Yates to the Commons Home Affairs Committee on 7 September 2010.  He said (uncorrected transcript): "There are very few offences that we are able to actually prove that have been hacked. That is, intercepting the voicemail prior to the owner of that voicemail intercepting it him or herself.".  This comment itself illustrates the confusion between hacking and interception.  RIPA never was an anti-hacking statute.  It was enacted in 2000 to provide a human rights-compliant basis for government interception of communications and to give effect to the communications privacy provisions (Article 5) of the then EU Telecommunications Privacy Directive. 

Would it not be better to reinstate the bright line between the offences of intercepting communications in transit (RIPA) and hacking into stored communications (CMA) than to create more confusion by, as has been mooted, extending RIPA yet further into the area of stored communications?

No comments:

Post a Comment