Blackberry and

[Peter Fairbrother]

Alexander Hanff wrote:
> signup at bealoid.co.uk wrote:
>> Question first, because there's a huge chunk of text.
>>
>> q: Imagine some telco did similar in England.  What laws would they 
>> have broken, what would happen to that telco, would individuals have 
>> any avenue for action?
>>
>> q: Now imagine the same situation gone further - the malware has been 
>> activated, and is harvesting email/text/etc.  What laws would have 
>> been broken etc.

That would make it worse, in the UK, as each activation and each harvest 
would be a further, seperate interception - but just installing the 
malware would still be an interception, unless it was done by Order, see 
my last post.

If the software has the capability to provide a third party with 
messages, read or unread [1], even if it's not used, then installing it, 
or activating it, would be an interception.


However there is one big caveat here: the communications may be stored 
communications, and it may be lawful interception to harvest them. It 
would be necessary for the harvesting to be done under one of several 
non-RIPA powers relating to stored communications though, otherwise it 
would be illegal interception.



[1] I have come to the conclusion that whether a message has been read 
or not has no bearing on whether it's interception or not. A lot has 
been made of this point, but I think it's irrelevant, see 2(7), noting 
the last 7 words: ".. collect it or otherwise to have access to it".

As long as the message is in the system, eg both unread and read 
webmail, or email on your home computer, or sms's on your mobile, then 
getting hold of it is interception.

(I'm assuming that your device is part of the system, but that's usual - 
you couldn't send or receive electronic messages without it!)


However if it's a stored communication - read or unread - then lesser 
rules than RIPA apply, see 1(5)(c). It's still interception either way, 
but if it's done under "any statutory power that is exercised (apart 
from this section) for the purpose of obtaining information or of taking 
possession of any document or other property" then it's legal 
interception under RIPA.


Though I'm unsure why 1(5)(c) doesn't read "any statutory power (apart 
from this section) that is exercised ..", haven't got the hang of that bit.



>>
> Isn't this already the case in the UK?  My understanding was that the UK 
> enabled relevant sections of RIPA to force providers to log all cellular 
> traffic data including sms messages back in October 2007 and as Peter 
> stated s12 of RIPA covers this.  

No, s. 12 covers interception, ie content, not traffic data.

I agree there is a mechanism for requiring the logging of traffic data 
(though I doubt it includes the content of sms messages), but it's not 
s. 12. Anyone know what it is?


Granted they only record traffic data
> (where you were, who you were sending too, what time etc.) and not data 
> content but there really is not a great deal of difference in my mind.

Some difference - but I agree, not a lot.

-- Peter Fairbrother

> 
> Alexander Hanff
> 
>