Blackberry and

Peter Fairbrother zenadsl6186 at zen.co.uk
Sun Jul 19 17:00:55 BST 2009 

Dave Howe wrote:
> Peter Fairbrother wrote:
>> In the UK it would depend on why the modification is done.
> 
>> If the ISP has been ordered to do it by a notice under the Regulation of
>> Investigatory Powers (Maintenance of Interception Capability) Order
>> 2002, then it's legal - if not, it would most definitely be illegal (it
>> would be interception).
> 
> 
> I would argue just installing the code - without activation - would not
> be interception as no messages are at that point being sent to the
> telephony provider.

I disagree, strongly. RIPA doesn't say he has to have read it, only that 
it's made available to him.

First, I think we'd all agree that installing the code, and activating 
it, is modification of the network, and copying messages is monitoring, 
so both fall under the definition of interception in 2(2), assuming 
content is made available.

I think we'd also all agree that it's available to him once it's on his 
computer screen and he's looking at it.

Is it available to him once it's on his computer screen if he doesn't 
look at it? All he has to do is look at it.

Is it available to him once it's in his computer but not on-screen? All 
he has to do is put in on-screen and look at it.

Is it available to him once the code is activated? All he has to do is 
copy it into his computer, put in on-screen and look at it.

Is it available to him once the code is installed? All he has to do is 
activate the code, copy it into his computer, put in on-screen and look 
at it.

Is it available even if he doesn't install the code? All he has to do is 
install the code, activate the code, copy it into his computer, put it 
on screen and look at it?


And I'd say Yes, it is available to him, even in that last case.

In a sense the content is even available to me (assuming I'm a good, or 
bad, enough hacker), but I'd have to do a lot of hacking to get hold of it!


And each of those actions, installing, activating, copying, putting and 
looking, is an interception, as it makes it *more* available.

Availability is a spectrum. If you want to say that at some point in the 
tale above it's not available, you have to say where, and why - and I 
don't think that's ever going to be possible, or that any point in the 
scenario above would be a sensible place to draw a line.


What might be sensible is to say that, in some cases, an action falls 
short of making content available.

For instance, perhaps in some circumstances [1] an ISP installing 
intercept-ready equipment to pass content to a fourth party in 
anticipation of a s.12 notice doesn't make the content (any more) 
available to the fourth party if it's not switched on, and if the 
control of the switch remains in the hands of the ISP.

However, it may in some circumstances make the content more available to 
the ISP etc, - and in the Blackberry case, installing the code most 
definitely would.




[1] Roland, I am working on an answer about which circumstances, but 
don't expect it soon! But so far:

I think it depends in large part on the precise meaning of "as to" in 
s.2(2). I take that to include some intention to make content available; 
and it also, separately, implies a reasonable duty not to make content 
easily available.

I don't think it can reasonably include a strict duty to make content in 
the modified system at least as as unavailable as in the old - but 
absent other considerations, there shouldn't be a lot of increase in 
availability.

Of course "as to" may simply mean "with the result that", and then it's 
another can of worms!

a) If all the available switches, or the cheapest switches, or the 
standard switches, just happen to be intercept-ready, then I'd say that 
it's not interception to install them. No intent, and minimal necessary 
increase in availability.

b) Suppose an ISP chooses to install intercept-ready switch X rather 
than non-intercept-ready switch Y in anticipation of a s.12 notice, even 
if the intercept-ready switch is more expensive, but the ISP figures 
that it'll be cheaper overall as they will have to replace the switch 
when they get the s.12 notice.

The line is somewhere around here, but I'm not entirely sure which side 
of the line that lies on, and it will depend on circumstances. But I 
think a Judge would give the ISP a lot of leeway here, even if it's 
technically illegal, which I think it might be.

This is the bit I'm having trouble with -  but I'm fairly sure RIPA 
wasn't written with that in mind, and whether deploying the equipment, 
or any other reasonable behaviour, is legal or not doesn't affect what 
RIPA actually says!

c) Installing an extra tap to enable interceptions, even in anticipation 
of a s.12 notice, probably both isn't and shouldn't be legal.

BTW, haven't most ISPs already received a s.12 notice?

> 
> However, I would be interested to see if installing code on my phone,
> without my authorization and to my *potential* detriment, was computer
> misuse. This isn't adding interception code to a router or host they
> control, its adding it to *my phone* - which they don't own or control.

I think your phone is part of the network, like a dumb telephone handset 
would be, or at least partly - and with the above interpretation, it's 
interception as well as misuse.

-- Peter Fairbrother

More information about the ukcrypto mailing list