Roland Perry - "is an ISP a 'Person'?"

[Dave Howe]

Peter Fairbrother wrote:
> Under RIPA the interception can be the the modification of or
> interference with the system, ss.2(2)(a).
Indeed true - providing (and this is the distinction we are having trouble
with) the changes are made "as to make some or all of the contents of the
communication available, while being transmitted, to a person other than the
sender or intended recipient of the communication."

you seem to believe that adding a additional virus-checking stage to the
normal email processing is making available to an individual; I can't see
how this can possibly be the case, and apparently nor can several other
people here.

If nothing else, take the assumption that storing mail (however temporarily)
on a mailserver in the normal course of operation is "interception" under
the act - that is, that mail is "made available" to the operator of the
server as he could examine it in the spool dir while in transit. That is
ok - you are defining anything required for the normal operation of the
machine as being lawful interception.
so you have the case that *every* email ever visiting that machine is
lawfully intercepted and "made available" to the operator. how then can it
also be *illegally* made available to him? You are defining him as having
lawful access to every email in his spool dir; if an additional daemon runs
on that code, it can't possibly give him any more information than he
already has lawful access to.
It doesn't make sense, and it opens holes in the law big enough to drive a
truck though.
It is simply more sensible (and both in accord with normal perception and
the concept of "making available") to assume that an act of interception
occurs if the operator examines in-transit mail at any point; that it is
lawful interception if he so examines it for reasons relating to the
operation of the service, and not if he examines it for any other reason. It
would also be an act of interception if mail were spooled specifically to a
place so that an operator (or other third party) could look at it. It isn't
interception if mail is stored, altered or deleted by an automated process,
as an automated process is itself incapable of being a "person" for the data
to be made available to, and the data is "made available" only to a daemon
process, not a real or corporate person.





The concept of which items
> of mail were intercepted doesn't really apply then. RIPA interception
> can also arise out of an act of monitoring, ss.2(2)(b), when the
> concept does apply.
>
> When postmen sort mail it's not ordinarily interception, under
> ss.2(5). If they change the sorting process so that the sorters do
> something different with mail to an individual*, the change in the
> sorting process would be a "modification" interception. Running the
> process would be a "monitoring" interception of ALL the mail it was
> run on, even if they only read the address on the outside of the
> letters.
>
> If someone sorted through the contents of the sorting-box for a round
> or postcode in order to select mail for one person, it would be a
> "monitoring" interception of ALL the mail for that round or postcode,
> and the act of taking the mail out of the box would be a
> "modification" or "interfering" interception.
>
> The previous two paragraphs are not subject to my "interpretations",
> or arguments about "person", it's all plainly set out in RIPA. So
> what? RIPA interceptions happen all the time. They are mostly
> perfectly legal.
>
>
>
>
> I really don't see what all the fuss is about.
>
>
> Assuming automated scanning is interception, it just prevents ISP's
> from doing things they couldn't do by hand, things that we wouldn't
> want them to do anyway. Arguing that the intention was to allow these
> things to happen is IMO unlikely to succeed in Court.
>
> It doesn't stop virus scanning, it doesn't stop (most) spam scanning,
> it just stops things like autoscanning for eg political content.
> ISP's can scan or autoscan for "purposes connected with the provision
> or operation of the (telecommunications) service". That they should
> be able to autoscan for other purposes would make a mockery of the
> intent of RIPA.
>
> For DPA compliance ISP's should autoscan if possible, to limit the
> numbers of people who see content.
>
> Incidently it's impractical and probably nearly impossible to autoscan
> without a human occasionally seeing content, for testing, auditing and
> similar purposes, so this discussion is of little practical
> significance to ISP's.
>
>
>
> I guess the perceived problem probably comes from the butchery of the
> word "interception" in RIPA.
>
>
>
> Charles Lindsey also wrote:
>
>
>> Peter Fairbrother said...
>>
>>> It makes content available for the person who runs the machine to
>>> use, even if he doesn't read it. The words "see" and "read" do not
>>> appear in Ch1 of RIPA.
>>
>> No, but it would be reasonable to interpret the meaning of "making
>> available" as being "to enable the commumication to be 'seen' /
>> 'read' / 'heard' / 'felt' (as may be appropriate for the form of that
>> communication)". If it doesn't mean that, then what does it mean?
>
> It just means made available. Not made available for every purpose,
> or for a suitable or particular purpose, but just made available, in
> any way at all. Which would include being made available to use in a
> scanner.
>
>
> -- Peter Fairbrother