zenadsl6186 at zen.co.uk
Tue Sep 13 12:24:22 BST 2011
Roland Perry wrote:
> This man-in-the-mailbox attack brings a whole new perspective to the
> "who is the intended recipient" debate.
I'm pretty sure the intended recipient has to be the person the sender
intends (in his mind) to send the email to, ie the fortune500 company,
not the researchers.
If the sender made a mistake and the researchers got the email by
mistake, then they would be innocent - but that's not what happened,
they got the emails intentionally.
> Although there's a historical precedent - people sending faxes to a
> typo-phone number. Which of course leads to those long legal disclaimers
> which have been inherited on many corporate emails.
> Would the activity of these researchers (or malicious counterparts) be
> an interception in the UK; and as they've modified the public DNS to do
> this, is it an interception on a public network and therefore criminal?
It would be interception twice over if done in the UK, and it would be
First, the change to DNS is a modification to the system 2(2)(a).
Second, they are monitoring transmissions sent on a public network 2(2)(b).
Both these actions make content available to a person other than the
sender or the intended recipient, therefore they are interception as
defined in Section 2(2).
The actions are done with the purpose of making content available, so
they satisfy the requirement for intentionality in S. 1(1) - and
therefore they are criminal actions.
Note that if you did this by mistake (eg if att.com had a division
called spl, and you registered splatt.com without intending to see any
ATT mail) it might  still be interception - but it wouldn't be a
criminal offense as there was no intent.
 depending on whether the Judge thinks the "as to" in S.2(2) implies
an element of intent or not - a moot point
-- Peter Fairbrother
More information about the ukcrypto