Roland Perry - "is an ISP a 'Person'?"

Peter Fairbrother zenadsl6186 at zen.co.uk
Mon, 07 Oct 2002 16:58:06 +0100 

Owen Blacker wrote:

> Peter Fairbrother:
>> 
>> But do such systems actually exist? Is it possible to run a mailserver
>> that scans mail for spam and viruses without occasionally having to look
>> at mail? Would anyone with practical experience care (or dare) to comment
>> on this please, as it's an important point?
>> 
>> Suppose a customer phones and asks if you quarantined a message, and you
>> look for it. Or a customer complains that you have stopped a message in
>> error, and you have to look at the message in order to find out how to
>> change the filtering rules. That's RIPA interception*. Whether it's legal
>> or not is a different matter, but it is interception. No arguments about
>> "no person" or "made available" would change that.
> 
> No, it's not.  It's reacting to a customer's request.  It's not
> interception if they've asked you to do it, now, is it?!

Under RIPA, it is interception. That you have asked them to do it makes no
difference.
> 
>> *The first example may be covered by 2(5), in which case 3(3) can
>> probably be so widely interpreted that this whole discussion is moot. But
>> I doubt that. And the second example wouldn't be so covered. You could
>> get around it, but it would be a hassle and you wouldn't keep many
>> customers. Unless they were Unix-y types, who would put up with the
>> hassle, but who would
>> probably want to do their own filtering anyway. No cigar.
> 
> I'm not convinced that 2(5) would apply (virus payloads and spam are
> certainly content, not traffic data), but I'm sure that, even were this
> interception (which I don't believe it is), 3(3) would apply.
> 

I don't think it would apply either.

>> 
>> Leaving the RIPA sh*t, and it is sh*t, out for a moment, if autoscanning
>> isn't interception then ISP's could autoscan MY mail for anything they
>> liked, and block mail they thought I shouldn't see. Or from people they
>> disagreed with. Or to people they didn't want me to write to. Or any mail
>> that was encrypted. They needn't even tell me about it. It wouldn't be an
>> offence. And the tort if any would be damn hard to prove - hell, you
>> might not even know it had happened.
> 
> No, they really couldn't.  It's not about whether autoscanning is
> interception or not, it's about the ~purpose~ for which such scanning is
> effected. 3(3) blatantly (imho, ianal) permits virus scanning and (at a
> push, but I don't think it's a big one) spam filtering, as these are
> arguably "tak[ing] place for purposes connected with the provision or
> operation of that service".  Censoring your mail because the Moot list is
> full of dangerous radicals(!) really wouldn't pass the 3(3) test.
> 
> Yes, RIP is shite, but it's not quite ~that~ shite that it falls to such a
> reductio ad absurdum.  :)

But if autoscanning isn't interception there is no offence, and the 3(3)
test is irrelevant. And RIPA fails in these circumstances.

>> That has to be wrong, and in everyday terms it has to be interception.
>> They would be looking through my mail and stopping things they didn't
>> want me to see or send. Bye bye to even the illusion of free speech we
>> still have.
> 
> Indeed.  It would be interception.  And even were it not a contravention of
> RIP Chapter I, it would be a breach of your Article 8, 9 and 10 rights
> under the Human Rights Act
> <http://www.hmso.gov.uk/acts/acts1998/80042--d.htm> (right to privacy,
> freedom of thought and conscience and freedom of expression, respectively)

If autoscanning isn't interception then it wouldn't be interception, and
wouldn't be an offence under RIPA. And there is no offence of breaching HRA
rights (unless you are a public authority, and even then it isn't an
"offence" you can be jailed for, it's just "unlawful").



-- Peter Fairbrother