Roland Perry - "is an ISP a 'Person'?"

Peter Fairbrother zenadsl6186 at zen.co.uk
Thu, 03 Oct 2002 03:04:02 +0100 

> Dave Howe wrote:

> Peter Fairbrother wrote:
>> Under RIPA the interception can be the the modification of or
>> interference with the system, ss.2(2)(a).
> Indeed true - providing (and this is the distinction we are having trouble
> with) the changes are made "as to make some or all of the contents of the
> communication available, while being transmitted, to a person other than the
> sender or intended recipient of the communication."
> 
> you seem to believe that adding a additional virus-checking stage to the
> normal email processing is making available to an individual; I can't see
> how this can possibly be the case, and apparently nor can several other
> people here.
> 
> If nothing else, take the assumption that storing mail (however temporarily)
> on a mailserver in the normal course of operation is "interception" under
> the act - 

But it isn't.

> that is, that mail is "made available" to the operator of the
> server as he could examine it in the spool dir while in transit. That is
> ok - you are defining anything anything required for the normal operation of
the machine as being lawful interception.

I'm not doing that. I'm saying any interception required for the normal
operation of the communication service is lawful. Most normal operations
aren't interception.

> so you have the case that *every* email ever visiting that machine is
> lawfully intercepted and "made available" to the operator.

No. The fact that root could read mail isn't interception.

> how then can it
> also be *illegally* made available to him?

If you change the system so root could read mail, or "opened" a mail so root
could read it, that change would be an interception. Whether it was legal or
not would depend if he had a lawful reason, as defined in RIPA, to do it.

> You are defining him as having
> lawful access to every email in his spool dir;

No I'm not. I'm saying the fact that he could take steps to read the mail is
not interception. If he did take steps, it would be.

> if an additional daemon runs
> on that code, it can't possibly give him any more information than he
> already has lawful access to. It doesn't make sense, and it opens holes in the
> law big enough to drive a truck though.

The mail can be made more available to him. Availability is rarely absolute.
If something is on top of Mt. Everest, is it available to you? More so than
if it's on the Moon, less so than if it's in your pocket.

> It is simply more sensible (and both in accord with normal perception and
> the concept of "making available") to assume that an act of interception
> occurs if the operator examines in-transit mail at any point; that it is
> lawful interception if he so examines it for reasons relating to the
> operation of the service, and not if he examines it for any other reason.

Yep. And if he gets a machine to examine it for him.

> It
> would also be an act of interception if mail were spooled specifically to a
> place so that an operator (or other third party) could look at it. It isn't
> interception if mail is stored, altered or deleted by an automated process,
> as an automated process is itself incapable of being a "person" for the data
> to be made available to, and the data is "made available" only to a daemon
> process, not a real or corporate person.

I disagree. Not that it's relevant anyway, an interception has already
occurred in the modification of the system, whereby the mail has been
diverted so that the operator has enough access to it to feed it to the
scanner. The act that caused that diversion is an interception.

-- Peter Fairbrother