Man and machine (was Re: Is virus scanning interception?)

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Tue, 23 Jul 2002 09:11:16 +0100 

> -----Original Message-----
> From: Peter Fairbrother [mailto:zenadsl6186@zen.co.uk]=20
> Sent: 22 July 2002 21:26
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Man and machine (was Re: Is virus scanning=20
> interception?)=20
>=20
>=20
> > Quentin Campbell wrote:
>=20
> [...]
> >=20
> > For the purposes of this thread what sensible distinction=20
> is there to=20
> > be made between the processing performed by a Mail Transport Agent=20
> > such as Sendmail and the processing performed by a separate content=20
> > scanner which processes the same data?
>=20
> The first isn't interception, because there is no act of=20
> modification or monitoring of the message passing process in=20
> order to access content. An alternative view is that, if it=20
> is in fact accessing content, it is authorised under s3(3)=20
> because it is done for purposes connected with the operation=20
> of the message passing process.
>=20
> The second is interception, I would argue. The content has=20
> been used to make a decision and thus been made available to=20
> something, the parameters of the making of the decision have=20
> been set by a human, the decision has in effect and law been=20
> made by a human, and thus a human has effectively used access=20
> to the content.=20

Peter

You selectively quote me in your reply and fail to include my second
paragraph which said:

"In considering this question one should be mindful that an MTA normally
scans and transforms messages, both headers and body [1], and can be
configured to reject mail based on what is found."  =20
...
[1] It may surprise some people that an MTA needs to scan and possibly
change
    the content of a message. In the Unix world it is normally necessary
to
    escape the string "From " if it appears at the start of a line in
the body=20
    of the message.  =20
  =20
In an MTA of course there is "[the] act of modification or monitoring of
the message passing process in order to access content". That is what
installing and configuring and operating an MTA is all about! An MTA
doesn't suddenly magic itself into operation; it has to be configured
and regularly updated by someone.=20

Given all the above and that an MTA "accesses content" of a message in
order to operate, if I am to follow the logic of your argument no site
could consider changing MTAs from (say) Sendmail to Exim and no site
could modify the configuration of an existing MTA or routinely update
tables of addresses, etc, used by an MTA. That is not the common sense
view of what RIPA is intended to do and as you have pointed out is in
any case authorised conduct under S3(3).

We chose to do our content scanning for anti-virus and anti-spam
purposes in software that is separate to, but cooperates with, our MTA
but as I pointed out our MTA was already doing some filtering and
blocking based on content anyway. We could equally have added the
additional A-V and A-S capability into the MTA (Sendmail) itself.=20

It is no surprise that this answers my original question as to whether
there is a distinction between the operation of an MTA and the exercise
of an A-V and A-S capability in or with that MTA - there is no
distinction.=20

Quentin
---
PHONE: +44 191 222 8209    Computing Service, University of Newcastle
FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."=20