Is virus scanning interception?

Richard Clayton richard at highwayman.com
Fri, 12 Jul 2002 20:46:25 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <B954E558.21627%zenadsl6186@zen.co.uk>, Peter Fairbrother
<zenadsl6186@zen.co.uk> writes

>Richard Clayton wrote:
>
>> The RIP answer is that s3(3) says...
>> 
>> (3) Conduct consisting in the interception of a communication is
>> authorised by this section if-
>> 
>> (a)   it is conduct by or on behalf of a person who provides a
>> postal service or a telecommunications service; and
>> (b)   it takes place for purposes connected with the provision
>> or operation of that service or with the enforcement, in
>> relation to that service, of any enactment relating to
>> the use of postal services or telecommunications
>> services
>> 
>> so if providing virus scanning is part of the provision of the service
>> then the provider may do it (either in an automated way, or by
>> inspecting every email themselves) without infringing RIP.
>
>I doubt it. They don't _have_ to do virus-scanning to either provide or
>operate the telecommunications service

correct, but that's not the test in the statute

"a purpose connected with the operation of that service" doesn't say
anything about necessity of that purpose...

>, virus-scanning customers email
>doesn't help them to provide or operate the service,

...anyway, that's not the case - I am aware of several services that
have found it necessary to discard virus infected email so as to
continue to keep their mail systems functioning [none of which, before
people leap to conclusions, was Demon].

Indeed, I can recall this discussion occurring before...

> and I don't know of any
>relevant enactments.

... ah search helps me out here:  Hansard  19 Mar 2001 : Column WA124

The Earl of Northesk asked Her Majesty's Government: 

    Whether the practice of internet service providers checking e-mail
    subject lines for malicious code, for example to filter out the
    Kournikova virus, would constitute a breach of terms of the
    Regulation of Investigatory Powers Act 2000. 

Lord Bassam of Brighton: Section 3(3) of the Regulation of Investigatory
Powers Act 2000 provides that interception of a communication is lawful
if it is conducted by, or on behalf of, a person who provides a
telecommunications service (which includes Internet Service Providers)
and it takes place for purposes connected with the provision or
operation of that service. An example of this might be to prevent
interference with the operation of a system by a virus.

... still, we never did believe what Bassam said, did we :)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBPS8yERfnRQV/feRLEQIg7wCgqpw/s4kZ49xDeR3ic0eS1gnm6VoAn3/y
Ezy4Z33K1Ja8EBXd3G611jp5
=d8Re
-----END PGP SIGNATURE-----