Intended recipient

Brian Morrison bdm at fenrir.org.uk
Tue Sep 13 13:48:17 BST 2011 

On Tue, 13 Sep 2011 12:14:18 +0100
Roland Perry <lists at internetpolicyagency.com> wrote:

> In article <20110913111247.0000627a at surtees.fenrir.org.uk>, Brian
> Morrison <bdm at fenrir.org.uk> writes
> >>Their stated aim was to intercept (small i)
> >> emails, of course.
> >
> >Not as such, they are only "intercepting" email that otherwise would
> >have been marked as a failed delivery because there was no MX record
> >for the incorrect domain name.
> 
> That's very pertinent to my original question - who is the intended
> recipient. If the sender has perpetrated a typo, who exactly (legally)
> did they intend to send it to?

Well I suppose that would be the address they wanted to type rather
than the one they did type. But would it be any different if this were
postal mail and a simple numerical error had led to delivery of say a
post card to the wrong building?

> 
> >They could have done this without storing the message bodies, all
> >they were interested in were the headers which their mail server
> >legitimately processed.
> 
> They also looked at the bodies I think (strongly implied by Figure 1).
> 
> <http://www.wired.com/images_blogs/threatlevel/2011/09/Doppelganger.Doma
> ins.pdf>
> 
> But even if they were just "intercepting" the headers, that doesn't
> change any of my questions (it's only where people are legally looking
> at [only] traffic data that we have to be picky about the difference
> between headers and bodies).

I was being picky because you could argue that by not looking at the
bodies you had not looked at anything privileged, only the outside of
the envelope in the case of a letter in the post.

> 
> >It should be sufficient to simply list the number of incorrectly
> >addressed emails they received.
> 
> That would be a different, and simpler, study than this appeared to
> be. If done in the UK would you be looking at a RIPA 3(3) exemption
> for that? My questions are probably about interpretation of 3(1).

I think the automatic collection by the server is fair enough, even if
the domain name is deliberately weird it isn't as if other such weird
domains don't exist. It's looking in the message bodies that crosses
some sort of legal line, but you can see why a researcher (rather
than some sort of crook) would do that for relatively innocent reasons.

-- 

Brian Morrison

More information about the ukcrypto mailing list