Blackberry and

[Dave Howe]

Peter Fairbrother wrote:
> Dave Howe wrote:
>> Peter Fairbrother wrote:
>>> In the UK it would depend on why the modification is done.
>>
>>> If the ISP has been ordered to do it by a notice under the Regulation of
>>> Investigatory Powers (Maintenance of Interception Capability) Order
>>> 2002, then it's legal - if not, it would most definitely be illegal (it
>>> would be interception).
>>
>>
>> I would argue just installing the code - without activation - would not
>> be interception as no messages are at that point being sent to the
>> telephony provider.
> 
> I disagree, strongly. RIPA doesn't say he has to have read it, only that
> it's made available to him.

Problem there is - if you aay "well yes, but if he turned it on, it
would send him messages, therefore its available" you could also say
"well yes, he hasn't even installed it, but if he DID...." - equally,
that would mean upgrading a router or server with a version of the
software which allows redirection, even if the previous version did, and
even if that feature wasn't turned on, would constitute interception.

as far as I can tell, the code doesn't do anything at all with the
messages, even look at them, unless activated. I am more interested in
the fact though (having went and read the article) that the provider
lied about the update, claiming it was a "performance update".

Surely you wouldn't do that if you were legally in the clear?


> First, I think we'd all agree that installing the code, and activating
> it, is modification of the network, and copying messages is monitoring,
> so both fall under the definition of interception in 2(2), assuming
> content is made available.

Another breakpoint there - would the device constitute part of the
network, or is it (as the "final delivery point") beyond the "doormat"
and hence outside of the scope of interception?

> I think we'd also all agree that it's available to him once it's on his
> computer screen and he's looking at it.
> 
> Is it available to him once it's on his computer screen if he doesn't
> look at it? All he has to do is look at it.
> 
> Is it available to him once it's in his computer but not on-screen? All
> he has to do is put in on-screen and look at it.
> 
> Is it available to him once the code is activated? All he has to do is
> copy it into his computer, put in on-screen and look at it.

I would say the dividing line is if the *code* looks at the messages -
even if it doesn't do anything with them, even if it discards them as
soon as it is sure it has nothing to do - which of course is possible. I
haven't seen the code so have no idea what its activation vector might
be; feasibly, it inspects every mail to see if certain header fields are
present and/or if the mail as a whole constitutes an activation code, in
which case every mail it inspects for its activation could well be
unlawfully intercepted.

code that doesn't look at the messages isn't intercepting anything,
which is what I would expect to be the distinction. I am aware the law
is rarely logical or applies common sense though :)

> Is it available to him once the code is installed? All he has to do is
> activate the code, copy it into his computer, put in on-screen and look
> at it.
> 
> Is it available even if he doesn't install the code? All he has to do is
> install the code, activate the code, copy it into his computer, put it
> on screen and look at it?
> 
> And I'd say Yes, it is available to him, even in that last case.

Is it available even if he has to *write the code* and install it? is
the mere existence of the theoretical possibility that he could write
such code and deploy it (in that he has access to a patch distribution
channel, with or without customer consent) enough?

how about if he had to hack into the distribution channel as well?

> In a sense the content is even available to me (assuming I'm a good, or
> bad, enough hacker), but I'd have to do a lot of hacking to get hold of it!
>
> And each of those actions, installing, activating, copying, putting and
> looking, is an interception, as it makes it *more* available.
> 
> Availability is a spectrum. If you want to say that at some point in the
> tale above it's not available, you have to say where, and why - and I
> don't think that's ever going to be possible, or that any point in the
> scenario above would be a sensible place to draw a line.

I would say the dividing line is the point at which someone *or some
thing* looks at a message for a purpose other than providing a service
to (and authorized by) the intended recipient, or for assisting the
passage of the message from sender to recipient. No matter how
"available" a message might be, it would seem insane to consider
"intercepted" a message that nobody has seen or touched other than the
parties involved and the telecommunications service, to the extent
required to get the message to its destination.

however, I suspect (as was mentioned earlier) that it is more pertinent
that the CPS are unlikely to charge anyone with anything if it is not in
their interests to do so - and anything that will make ISPs less likely
to be "helpful" is not in their interest.