Phil raises an interesting question in a comment to the last post. He asks if emails taken from a server are not more like taking letters from your house using a search warrant than intercepting communications which would come under the RIPA law.
Having checked the text of the RIPA Act again it seems that three things need to be demonstrated for it to kick in. The interception has to be “intentional”, “without lawful authority” and “in the course of transmission”. The first two points will only be established in the context of the Indymedia case when we know who requested the disks, what they were looking for on them, and what legal cover they think they had for it.
The question of when an email is “in the course of transmission” is one which I am not sure has been fully tested in the courts yet (any lawyers please advise). An IMAP server in particular is both a part of the transmission system and a storage system. I do not think it can be entirely excluded from the protections of RIPA or that would seriously weaken the measures in a way which was not, I believe, intended.
The question is whether mails on the server are like letters at the local postal sorting office and therefore fully protected as being in the public the transmission system or like letters in a filing system at home that would not be covered by RIPA and could be seized on a normal search warrant. The reality is that both analogies from the paper world could apply. Technology as ever challenges traditional definitions.
It may be that there is already case law in this area that would clarify the matter. If not, then it will sadly be through cases like this that we may come to define what constitutes an email “transmission” system for the purposes of RIPA protections.
[...] nder: General — Richard @ 9:49 am
Many thanks to those who commented on my earlier post regarding the scope on interception of email under the Regulation of Investigatory [...]
[...] the NTL case which precisely looks at the interaction of the two laws. And Clive Feather illustrates the implications of this. As more material which is of evidential value i [...]
Indymedia server scandal – “no UK law enforcement agencies were involved”
As suspected no UK law enforcement agencies were involved in the Indymedia disk seizure scandal, according to the responses to Parliamentary Questions:, http://www.publications.parliament.uk/pa/cm200304/cmhansrd/cm041020/text/41020w14.htm “Indymedia M…
This came up recently under US Federal Wiretapping laws, and it was held that email sitting on a server awaiting collection were “in storage” rather than “in transit” and as such fell outside that law. The decision is USA v. Councilman, available at http://www.cdt.org/wiretap/20040630decision.pdf
As usual, laws designed for voice communications tend to fall down when applied to the internet.
Your Post Office analogy is excellent and appropriate. Obviously in the digitally networked world most data goes through a series of “in storage”/”in transit” phases before reaching it’s final destination. It seems obvious to me that until something has reached the end of it’s journey it is still in tramsit. Consider the email on the IMAP server to be a passenger who has landed at the airport but hasn’t yet reached home.
This point was debated extensively in the House of Lords as it considered RIPA. Lord Bassam tried to clarify things using a “doormat” metaphor which ended up confusing everyone!
I believe the resolution was that once mail has been downloaded by the recipient it is no longer in transit. This would be the case even when the recipient leaves a copy of the message on their POP or IMAP server.
Section 1(7) and 1(8) of RIPA 2000 defines the status of stored email. Section 1(5)(c)states how it can be lawfully accessed. Relevant case law can be found in the case of NTL v Ipswich Crown Court the text can be found at the end of this link: http://www.cyber-rights.org/documents/ntl_case.htm. The case was never appealed to the Lords so this judgement stands.
I believe the resolution was that once mail has been downloaded by the recipient it is no longer in transit. This would be the case even when the recipient leaves a copy of the message on their POP or IMAP server.
This is backed up by the case posted by Tony Hutchings, stating that transmission lasts until the intended recipient has “collected it”. It seems certain that the reading of an email would count as “collection”, although that’s not always easy to define in practice (Say I ssh to my mail provider’s server, and run less on my mailbox. Which emails have I “collected”? How does anyone tell?)
What happens if the mails are downloaded automatically by my computer? That’s not unlike the doormat analogy: mail on my doormat is in my posession, even if I haven’t read it; similarly, mail on my computer is in my posession, even if I haven’t logged on since it collected it.
Tony Hutchings is correct in his cite. However, the implication of the case is that a PACE order to seize documents *could* be used to intercept letters at the local sorting office. Or even in the red van, provided it’s come to a stop (obeying a policeman’s raised hand, say) rather than being in motion.
Update: I should add that the opinion in USA v. Councilman has been withdrawn and a rehearing granted. For more detail on the area, see Orin Kerr’s article on the US Stored Communications Act, available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=421860