Is virus scanning interception?

Nicholas Bohm nbohm at ernest.net
Sat, 13 Jul 2002 10:35:13 +0100 

At 22:20 12/07/2002 +0100, Ian Miller wrote:
> >At 16:34 12/07/2002 +0100, James Hammerton wrote:
> >>This explicitly refers to making the contents of the communication
> >>available to another person (and the conditions that follow do not
> >>alter this as far as I can tell). So unless RIPA defines a person so
> >>as to include an automated virus checker, the ICO appears to be at odds
> >>with RIPA.
>
>Nicholas Bohm wrote:
> >"Person" includes a company or other body corporate, but not a machine.  No
> >doubt automated virus checking could be set up in such a way as to make the
> >communication available to an unintended recipient, but there seems no
> >reason why it has to be set up that way; and if it isn't then it isn't
> >statutory interception.
> >
>Whereas it does not have to be set up that way, there are good reasons for
>doing so.
>
>Some virus scanners include heuristic scanning which detects content that
>this is in some way suspicious and may well include a virus.  Indeed many
>new viruses are initially identified by such scanning.  Establishing
>whether it really is a virus cannot be done automatically so it must be
>sent to a real person.  Forwarding the e-mail to this person is, I assume,
>interception.
>
>Also it is becoming increasing popular to do some content scanning at
>firewalls.  (e.g. Blocking out-going attachments containing the text
>"company confidential".)  Such content scanning filters tend to have a
>significant false positive rate, so it is common to quarantine rather than
>destroy any message that scores a hit for manual inspection.
>
>Most of the software is sold world-wide so it is not generally appropriate
>to omit a feature on account of adverse legal implications of using them in
>one jurisdiction.  Certainly the software I was working on a little over a
>year ago can be configured to quarantine for manual inspection for either
>of the reasons mentioned above.
>
>I would be very interest to know under what circumstances enabling such
>features might be illegal in this country.

I think Richard Clayton has answered this with his references to the 
relevant permissive provision, with which I agree.

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone   01279 871272    (+44 1279 871272)
Fax     01279 870215    (+44 1279 870215)
Mobile  07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF