lists at internetpolicyagency.com
Tue Sep 13 14:28:21 BST 2011
In article <20110913134817.00004dc0 at surtees.fenrir.org.uk>, Brian
Morrison <bdm at fenrir.org.uk> writes
>> That's very pertinent to my original question - who is the intended
>> recipient. If the sender has perpetrated a typo, who exactly (legally)
>> did they intend to send it to?
>Well I suppose that would be the address they wanted to type rather
>than the one they did type. But would it be any different if this were
>postal mail and a simple numerical error had led to delivery of say a
>post card to the wrong building?
It would only be analogous if you knew (for example) that lots of
letters were sent to slightly the wrong address, and you arranged to
assume that address yourself. For example I worked from 37a High St
Brentwood for a while, and lots of things were addressed to Brentford (I
blame the Nylons adverts). What if someone hypothetically in 37 High St
Brentford thought it would be interesting to add a 37A to their
letterbox and then read whatever dropped in?
>> >They could have done this without storing the message bodies, all
>> >they were interested in were the headers which their mail server
>> >legitimately processed.
>> They also looked at the bodies I think (strongly implied by Figure 1).
>> But even if they were just "intercepting" the headers, that doesn't
>> change any of my questions (it's only where people are legally looking
>> at [only] traffic data that we have to be picky about the difference
>> between headers and bodies).
>I was being picky because you could argue that by not looking at the
>bodies you had not looked at anything privileged, only the outside of
>the envelope in the case of a letter in the post.
I don't think that's a defence if a member of the public is intercepting
>> >It should be sufficient to simply list the number of incorrectly
>> >addressed emails they received.
>> That would be a different, and simpler, study than this appeared to
>> be. If done in the UK would you be looking at a RIPA 3(3) exemption
>> for that? My questions are probably about interpretation of 3(1).
>I think the automatic collection by the server is fair enough, even if
>the domain name is deliberately weird it isn't as if other such weird
>domains don't exist. It's looking in the message bodies that crosses
>some sort of legal line,
Although throwing away mis-delivered items isn't perhaps interception,
failing to bounce these emails may have given the senders a false sense
of security that they'd been delivered. Or perhaps they did send a
bounce message too?
> but you can see why a researcher (rather
>than some sort of crook) would do that for relatively innocent reasons.
Research isn't an absolute defence either.
More information about the ukcrypto