URLs, IPs and interception

Tom Thomson ukcrypto at chiark.greenend.org.uk
Sun, 2 Mar 2008 12:21:36 -0000 

The piece of S1 (3) that you quote seems to say the precise opposite of
what you interpret it as meaning - you seem to have imagined a "not" in
"shall be actionable".

M.

-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk] On Behalf Of James Cox
Sent: 01 March 2008 04:42
To: ukcrypto@chiark.greenend.org.uk
Subject: Re: URLs, IPs and interception

In response to your notes, my point was that law isn't black and white
- it's more a case of grey : i.e. how you interpret and argue it.

So lets review the act a little bit, i'm just skimming it (it is late!)

Firstly, as all laws here do, it makes it an offence to intercept only
in the UK:

s1 (1)

>  "It shall be an o?ence for a person intentionally and without
> lawful authority to intercept, at any place in the United Kingdom..."

Therefore any system which routed traffic outside of the uk may be
permitted to capture information there and not necessarily be bound by
RIPA. Sealand, anyone?

Then the lack of clarity for Scotland:

s1 (8)

> (8) No proceedings for any o?ence which is an o?ence by virtue of
> this
> section shall be instituted-
> (a) in England and Wales, except by or with the consent of the
> Director of Public Prosecutions;
> (b) in Northern Ireland, except by or with the consent of the
> Director of Public Prosecutions for Northern Ireland.
>

i'd need some convincing but this may suggest that it is not a
prosecutable offence in Scotland at all;

Next, there appears to be some protection for engineers who would be
tasked to look after such a system (undoubtedly put in place at the
behest of the government with the appropriate waivers of criminal
liability for owning such a device)

s1 (6) (a) -

> (6) The circumstances in which a person makes an interception of a
> communication in the course of its transmission by means of a private
> telecommunication system are such that his conduct is excluded from
> criminal liability under subsection (2) if-
> (a) he is a person with a right to control the operation or the use of
> the system; or

sounds like to me that any engineer would be unable to be prosecuted
under this act, if their job was to manage the routers which handle
the traffic...


s1 (3)

> (3) Any interception of a communication which is carried out at any
> place in the United Kingdom by, or with the express or implied consent
> of, a person having the right to control the operation or the use of a
> private telecommunication system shall be actionable ...

Again this reads to me that anyone working on the system is excused
from prosecution as long as they have permission to do so. Separating
daily maintenance from intentional information gathering makes this
one interesting.

I've just got ten pages in of skimming a 114 page doc - it's a big
beast! lots of this redefines itself and amends itself. I'm sure the
scottish thing is dealt with later, as somehow would be the concept of
defining what managing vs intercept is which i brought up.

my point is that trying to define a black-and-white answer like you
are isn't a trivial exercise - there are lots of traps and pitfalls
here.

--james