URLs, IPs and interception

Sat, 1 Mar 2008 04:41:34 +0000

In response to your notes, my point was that law isn't black and white =20=

- it's more a case of grey : i.e. how you interpret and argue it.

So lets review the act a little bit, i'm just skimming it (it is late!)

Firstly, as all laws here do, it makes it an offence to intercept only =20=

in the UK:

s1 (1)

>  "It shall be an o=EF=AC=80ence for a person intentionally and without
> lawful authority to intercept, at any place in the United Kingdom..."

Therefore any system which routed traffic outside of the uk may be =20
permitted to capture information there and not necessarily be bound by =20=

RIPA. Sealand, anyone?

Then the lack of clarity for Scotland:

s1 (8)

> (8) No proceedings for any o=EF=AC=80ence which is an o=EF=AC=80ence =
by virtue of =20
> this
> section shall be instituted=E2=80=94
> (a) in England and Wales, except by or with the consent of the
> Director of Public Prosecutions;
> (b) in Northern Ireland, except by or with the consent of the
> Director of Public Prosecutions for Northern Ireland.
>

i'd need some convincing but this may suggest that it is not a =20
prosecutable offence in Scotland at all;

Next, there appears to be some protection for engineers who would be =20
tasked to look after such a system (undoubtedly put in place at the =20
behest of the government with the appropriate waivers of criminal =20
liability for owning such a device)

s1 (6) (a) -

> (6) The circumstances in which a person makes an interception of a
> communication in the course of its transmission by means of a private
> telecommunication system are such that his conduct is excluded from
> criminal liability under subsection (2) if=E2=80=94
> (a) he is a person with a right to control the operation or the use of
> the system; or

sounds like to me that any engineer would be unable to be prosecuted =20
under this act, if their job was to manage the routers which handle =20
the traffic...

s1 (3)

> (3) Any interception of a communication which is carried out at any
> place in the United Kingdom by, or with the express or implied consent
> of, a person having the right to control the operation or the use of a
> private telecommunication system shall be actionable ...

Again this reads to me that anyone working on the system is excused =20
from prosecution as long as they have permission to do so. Separating =20=

daily maintenance from intentional information gathering makes this =20
one interesting.

I've just got ten pages in of skimming a 114 page doc - it's a big =20
beast! lots of this redefines itself and amends itself. I'm sure the =20
scottish thing is dealt with later, as somehow would be the concept of =20=

defining what managing vs intercept is which i brought up.

my point is that trying to define a black-and-white answer like you =20
are isn't a trivial exercise - there are lots of traps and pitfalls =20
here.

--james=