back to article Custodial offence for deliberate invasion of data protection? Forget it!

I must confess that I find it rich that New Labour Ministers, who were in government for more than a decade, are now huffing and puffing about their “phone inboxes being hacked”. The sad truth is that, in government, they could have done a great deal to protect individual privacy by making such hacking a custodial offence. In …

COMMENTS

This topic is closed for new posts.
  1. N2

    Pot Kettle Black

    The Za (not so) nu Labour lot will be trying to tell us they were the party of thrift next!

  2. RichardB

    Hacking into...

    Is this just calling up their remote answerphone and trying their date of birth as the password?

    1. Tom 35

      date of birth?

      More like 1234 or 7777 would be my guess.

  3. Anonymous Coward
    Flame

    Deutsche Telekom COMINT Affair

    http://www.spiegel.de/wirtschaft/0,1518,555162,00.html

  4. The Other Steve
    Grenade

    In first with ...

    .. bitch whine not hacking, bitch whine whine whine stallman toe jam neckbeard, whine whine whine created the internet, whine whine linux, whine whine bitch media language rapists, bitch whine whine.

    The boat sailed, it's common usage, STFU and get over it.

    M'kay ?

    1. LawLessLessLaw
      Boffin

      when hacking is illegal only hacks hack

      I too have been distressed by the use of the term "hack" not because of the hacker / cracker / phreaker thing but it just seems so innocent as a term.

      Is burglary to become "hacking your house" ?

      I think the correct term for guessing your voicemail PIN should be espionage. It's no more hacking than breaking a safe.

      1. Loyal Commenter Silver badge

        Correct term?

        Fraudulent access of private data perhaps?

  5. Anonymous Coward
    WTF?

    Fernmeldegeheimnis ???

    In Germany we have this:

    http://www.gesetze-im-internet.de/stgb/__206.html

    Five Years in Jail for those "private investigators" could easily be possible if they did this here. Currently some Deutsche Telekom employees/consultants have to defend themselves for "traffic analysis" related to Deutsche Telekom Boardroom leaks.

    I guess the British government has some complexes because they do so much eavesdropping themselves or something. The German government does their share too, but extensive private comint will definitely land you in Jail for at least two years.

  6. Anonymous Coward
    Unhappy

    The practise is reprehensible but...

    1. A custodial sentence will rarely be applied and when applied will be appealed and only in the 'most serious' cases will it stand. 12 months in an 'Open' prison for a journalist would be the most to be expected. Locking up the editor or proprietor or other senior rep - that might make a difference.... but that is eve less likely when we can't get director of large enterprises locked up for serious HSE infractions involving death.

    2. It will not change while there is a salacious interest by the public for details of celeb private life. While there is an opportunity to 'de-stabalise' prominent folks by the prospect of having their privacy invaded then there is no incentive by those who control the "free press" & "Meja" to act.

    I have no solution other than taxing the profits for the enterprises involved at a penal level. For example, 5 times the profit made each day a story is run were privacy has been invaded and no public interest defense can be made.

  7. Anonymous Coward
    Anonymous Coward

    make your mind up

    The first statement bashes Labour, then you say "I also make a prediction: the custodial section 55 offence in the Data Protection Act is not going to happen for the foreseeable future."

    So the ConDems arn't going to do anything either.

    Stop the tosh and provide some clarity please.

    (bloody tories)

    1. Anonymous Coward
      Anonymous Coward

      It's perfectly clear

      Both sides complain about it when in opposition, but don't do anything about it when in power.

    2. Anonymous Coward
      Anonymous Coward

      Try this

      The Labour government could have implemented the custodial sentence but didn't. That's called a "fact"

      The author of the article made an assertion that's called a "speculation"

      Does that help you at all? I thought not.

      (bloody gruaniad readers suffering from URL-dysphasia)

  8. Anonymous Coward
    Anonymous Coward

    The offence is...

    The offence is "unauthorised entry into a computer system". It doesn't matter *HOW* it's carried out.

    Otherwise you might as well say that killing people is only illegal if carried out with a knife, gun or rolling pin. It's the killing that's illegal, not how it's done.

  9. Anonymous Coward
    Black Helicopters

    underhand methods

    I wonder what constitutes "underhand methods"

    Does using anti-terror legislation to spy on someone to find out if they live with walking distance of a school constitute an "underhand" method?

    Does using anti-terror legislation to bully innocent citizens mearly taking holiday snaps to find out their personal details constitute "underhand"?

    Does forcing every adult to register their personal details in an electorial register or car/driver registration database and then selling that database for cash constitute "underhand"?

    1. Jimbo 6
      Grenade

      Couldn't agree more

      Whereas the Tories have a history of hitting people in the pocket, Labour has frequently been the party to attack civil liberties (just remember who brought in the Prevention of Terrorism Act, and internment without trial, in the 70s). Party of the working class, my arse.

      This time they seem to have put so much effort into creating a surveillance state, where every Jobsworth with a badge acts like a member of the East German Stasi and has a right to loot our bins for info, or harrass us for taking pictures of tourist attractions, they never realised that *their* personal information was going to be inspected with a fine-tooth-comb (or publicly published) at some point.

      Poetic justice. Let's hope something (nearly) as amusing as Wacqui Jacqui's porn payments gets into the public domain and destroys some more careers.

    2. david wilson

      @AC (understandably)

      >>"Does using anti-terror legislation to spy on someone to find out if they live with walking distance of a school constitute an "underhand" method?"

      Alternatively:

      "Is it fair to see if people are lying and cheating to get their child into a school, ahead of a child who has, according to the rules, a greater right to be there, particularly when checking-up is most likely to be done when there are already other reasons to be suspicious of a particular claim?"

      There, fixed that for you.

      If someone is actually going out of their way to claim they live somewhere in return for what they clearly view as a benefit, they can hardly whine and scream 'privacy' if people occasionally check to see if they're telling the truth.

      No doubt many of the people who'd scream most loudly about this particular invasion of privacy would be perfectly happy to have other people checked up on to make sure they aren't dole scroungers, etc.

  10. Neil 7
    Megaphone

    Labour are a joke

    The opposition (as they thankfully are now) are just pointing and laughing at the problems manifesting themselves in the new government, problems that Labour failed to act upon and deal with while they were in power - it's embarrassing but predictable behaviour as Labour attempt to score points and impress only the most dim witted among the electorate.

    With regard to the behaviour of the press, it's not just the accessing of voicemail and message boxes that is at issue, they are even alleged to have intercepted (ie. tapped) phone calls between ordinary members of the public - no national security or political scandal involved here, just a juicy story (which turned out to be completely untrue, I hope she sues their @rses off and gets a front page apology). This behaviour is way, way beyond acceptable and the guilty should be given harsh custodial sentences and the publisher given the stiffest of financial penalties.

    1. http://www.guardian.co.uk/media/2010/apr/10/newspapers-phone-hacking-inquiry

    1. Chris Parsons

      Couldn't agree more

      But sadly, there are a large number of the dim-witted who are so easily taken in by the late, unlamented ship of fools. They, along with the state apparatchiks, union members and benefits junkies are responsible for the fact that ZanuLabour almost got in again, despite their huge credibility gap.

  11. Paul Crawford Silver badge
    Big Brother

    Worse than that...

    ..is that they wanted to invade our privacy, by proxy (any one wonder why BT/Phorm were not prosecuted under existing laws?) and by the infamous NIR part of the ID card/passport scheme they backed.

    When a politician complains about their own privacy, I have little sympathy as they tried to cover up the expenses scandal by attempting to get parliament to exclude the FOIA from their business, while it applies to myself and millions of others in a whole range of public-funded work.

    Yes, privacy matters, but when it comes to laws for it I trust politicians as far as I can comfortably spit out a rat.

  12. Anonymous Coward
    Grenade

    "date of birth as the password"?

    Worse than that. Of the several thousand voicemail boxes accessed illegally by the NotW, less than one hundred had non-default PIN/access codes. So all you actually needed was the mobile number and the operator's default voicemail access PIN.

    An odd definition of "hacking", but honesty and technology journalism are rare bedfellows these days.

  13. Anonymous Coward
    Anonymous Coward

    Isn't this covered by the computer misuse act?

    I'm sure one of the main crux's is 'lying to a system that you're authorised to use an account when you're not'.

  14. JaitcH
    WTF?

    The fault is that of the data holders and web site operators

    I have always regarded data or web site vulnerability to be the responsibility of the owner/operator of the data in question.

    For years the U.S. Government web sites bleated on about the criminal risks of attacking their domains. In my opinion if a web site is vulnerable it is NOT the (h)(att)ackers who should be held accountable but the data holder.

    The U.S. Government, amongst many, should be embarrassed, in fact, by the fact that their web sites, etc., have even been breached. So much for the high handed speech about their technological prowess just proves that they are technical eunuchs.

    Many of the vulnerabilities by IT departments not patching or updating software for which there is a word: laziness.

    1. The Other Steve
      FAIL

      Here are some other words

      For exploiting such laziness : "Crime"

      For You : "Douche"

      Right now I am running BF attacks on your banking password, since if I can compromise it, it's your own fault. No whining when I take all you money or you're a fucking hypocrite.

    2. david wilson

      @jaitch

      Seems to me that responsibility is maybe best shared, rather than simplistically lumped on one person or another.

      The less high I make a fence around my property, and the more I leave gates open and/or unlocked and/or weakly locked, the less /sympathy/ I might get if I find someone wandering around in my garden.

      However, leaving a gate open or unlocked, or only weakly locked doesn't give anyone a /right/ to just walk in to look around, and it certainly doesn't lessen the /responsibility/ of anyone who wanders onto my property and starts doing things they know perfectly well they have no right to do (stealing things, damaging things, etc)

      Just because it's easier to mug an old lady than a rugby player doesn't mean it's partly the old lady's fault for being less physically strong, and hence less wrong of the mugger to pick on her.

      If my defences really were objectively inadequate (whatever that means), I might not be able to convincingly argue that someone merely demonstrating by their non-vandalising/non-stealing presence that my security is limited actually costs me however much it costs to make my security better, as some people with insecure websites seem to try and argue, though even then, there's a question of what actually passes as 'objectively adequate'.

      However, even if I did have security holes, maybe to the extent that I should welcome someone pointing them out (maybe nipping in through my unlocked gate and leaving immediately, or just pushing the gate open, and then shouting a warning to me), that in no way lessens the responsibility of someone whose intent is to do anything beyond being neighbourly and immediately warning me about my failings.

      Someone who's found ferreting around inside my garden shed or taking pictures through my windows shouldn't have any recourse to claims that they were only or even partly trying to help me.

      There are all kinds of ways in which people may make themselves a greater or lesser target for crime, but that doesn't even partially absolve the criminal of responsibility.

  15. ShaggyDoggy

    Last time I looked

    Answerphones were not computers

    1. Loyal Commenter Silver badge
      FAIL

      Would that have been in 1973 then?

      Because anything more advanced than a tape recorder is going to contain a microprocessor, and therefore technically will be a computer. Any voicemail held by an operator (such as BT, or Vodafone) is, I would estimate, about 99.99999% likely to be held on a computer. What do you think they do? Have an operator to write it down on paper and read it back to you?

    2. The Other Steve
      FAIL

      Yes that's right

      Because all mobile telcos have a big room of cassette tape based answering machines, one for each user. They don't in any way make use of these newfangled 'computrons'.

      Previous poster is right, should come under (at least) CMA s1, and probably S2, this is voice data stored on a computer.

      1. No, I will not fix your computer
        Boffin

        Grey area....

        >>Because all mobile telcos have a big room of cassette tape based answering machines, one for each user. They don't in any way make use of these newfangled 'computrons'.

        Actually, many still use tape in one way or another, DLT/LTO even some DDS are still out there, direct storage had taken over for all new installations rather than just buffering before writing to tape, but these usually archive to tape anyway, that said they are all fronted by computer systems, the key issue here is that there are two sections (section 55) which is "Unlawful obtaining of personal data" and (section 17) "Unauthorised Access to a Network", both are secion 1 offenses, however as the Computer Misuse Act 1990 is a bag of shite it needs to be replaced, the issue of what is a network, and what constitutes being stored ON a computer (rather than acessible from a computer, in the case of disk and tape) means cases just don't make it, of get plea'd away, hence the need for section 55 as 17 (and therefore section 1) is unenforcable if you have a decent brief.

  16. Jim Morrow
    WTF?

    more enforcement, not more laws

    I just don't get it.

    Breaking into a mobile's voicemail account is an offence under the Computer Misuse Act and the Regulatory Investigatory Powers Act. These carry stiffer penalties than the Data Protection Act or a beefed up DPA.

  17. Anonymous Coward
    Grenade

    DPA doesn't punished privacy violation well, but...

    it could be argued that the 'hacks' breached the Computer Misuse Act (unauthorised access, and possibly modification), along with RIPA (if the messages hadn't been listened to by the recipient before being accessed as they would be considered still in transit and therefore an unlawful interception).

  18. JasonH
    FAIL

    For crying out loud - this is not the issue!!!

    This article has missed the point by miles, IMHO.

    This debate should not be about the challenges of proving who committed the offence (i.e. method, intent, number of attempts and so on) or how to prosecute these 'private investigators'. These events are always going to be hard to prove without surmounting the huge burden of evidence collection and proving intent.

    So the real issue is how are we allowing - as a society, under our current legal framework, etc - the mobile network operators to provide SIMs with a generic, default PIN? This is ludicrous! After all, cars and houses are not sold with the same generic key; credit cards do not have a default PIN of '0000' or '3333'...

    Each SIM should be provided with a unique PIN, treated with the same security as credit card companies do with their PINs.

    Most users are not technically literate enough to understand why or how to change their PIN. As a result, this is a major security hole that affects the majority of mobile phone users in this country. This issue is what the ICO and OFCOM should be shouting from the rooftops about, and this is perhaps where the government could introduce appropriate legislation and control.

    1. Andrew Woodvine

      I don't think default PINs are really the issue

      Before you can access your voicemail from another phone on Orange and Vodafone you first have to change the default PIN, by calling your voicemail service from your mobile. I assume this is the case for the other three networks, but I don't know. Anyone?

      Also, if the default PIN hasn't been changed you can't spoof your CLI and get in that way, as I've tried it with my own voicemail, just out of curiosity.

  19. Anonymous Coward
    Anonymous Coward

    Computer Misuse Act

    Hmm, perhaps someone can correct me if I'm wrong but wouldn't unauthorised access to voicemail be an offence under section 1 of the Computer Misuse Act?

    "1. Unauthorised access to computer material (that is, a program or data)."

    Since we don't use actual switchboards anymore (I'd hope not..), it is more than likely that the voicemail in question was in fact a computer system and its data 'computer material'.

  20. Keris

    If you have nothing to hide...

    Labour MPs are complaining about breaches of their privacy? Someone should remind them of their own policies -- what do they have to fear? I applaud the journalists who are getting into MPs inboxes, and hope they publish the details far and wide, give the bastards a demonstration of what privacy is about.

    1. david wilson

      @Keris

      For all its faults, the 'if you have nothing to hide, you have nothing to fear' argument does at least work a little better when it comes things like officials potentially being able to find out where someone's car has been (albeit with the possibility of limiting/tracing/recording database access to make indefensible access harder or riskier) than with some random unregulated citizen eavesdropping on someone else's phone calls.

      A phone user, whoever they are and whatever their political leanings, does have some realistic expectation of privacy (even state agencies should need a warrant in order to listen in on calls) whereas in many of the cases where people rush to cry 'Big Brother!", the information is at least about public activities, such as where someone drives a vehicle with identifying plates bolted on both ends, or who the person is who regularly takes their dog to crap in a public park, etc.

This topic is closed for new posts.