It seems obvious that voicemail hacking should be illegal – right? Oddly, the legal position is not as clear as it could be.
Regulation of Investigatory Powers Act
Interception of a telephone call is a criminal offence under the Regulation of Investigatory Powers Act (RIPA). This Act states that it is a criminal offence for a “person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of a public telecommunication system”.
In addition, there is also a civil law right to bring an action for damages for unlawful interception.
The issue is that, to be illegal under RIPA, interception of the communication must take place “in the course of its transmission”. The Act provides that the time when communication is “in the course of its transmission” is extended to include times when the system “is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it”.
While it is clearly an interception to listen in to a phone call in real time (bugging or tapping), what about voicemail hacking?
An incoming voicemail that is sitting in an inbox unopened would be regarded as “in the course of transmission” because it is awaiting collection. But what about an voicemail that has already been listened to, and yet continues to be stored or held in archive? Is it unlawful under RIPA to access such voicemails?
At the time RIPA came in, the Home Office indicated that, once a communication had been read by the intended recipient, it is no longer “in the course of transmission”. This view is also supported by the Information Commissioner.
The view is apparently also taken by the police who say that it is only a criminal offence to access someone else’s voicemail message if they have not already listened to it themselves. This means that to prove a criminal offence has taken place it has to be proved that the intended recipient had not already listened to the message. This means that the hacking of messages that have already been opened is not a criminal offence.
This is puzzling because it implies that a person’s right to privacy in respect of a communication he or she has received is infringed where a third party has access to it before the recipient has read it, but is not infringed where a third party has access to it after the recipient has read or listened to it.
There is not much case law on this issue. This point was considered in July 2002 by The Lord Chief Justice, Lord Woolf. The case concerned the telecommunications provider NTL Group Limited (NTL). The police were investigating a fraud and sought a special protection order under the Police and Criminal Evidence Act 1984 relating to voicemails held by NTL for certain individuals. NTL were concerned that, to comply with the police request, would involve them committing an offence under section 1 of RIPA. Although the point was not considered in any detail, the Court commented that under RIPA the time of communication is extended until the intended recipient has collected it. The implication is that, once the recipient has collected it, there can be no “interception” under RIPA.
If there has been an offence under RIPA, then where the offence is committed by a body corporate and is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of a director, manager, secretary or other similar officer of the body corporate, then he (as well as the body corporate) shall be guilty of that offence and liable to be proceeded against and punished accordingly.
A person who is guilty of unlawful interception is liable to imprisonment for a term not exceeding two years or to a fine, or to both.
Whether or not there has been an offence under RIPA may come down to technical arguments about the exact working of the voicemail system, how and when it was hacked and what transpired with regard to each message. For example, a voicemail (whether listened to or not) if not deleted may still be stored “in a manner that enables the intended recipient to collect it or otherwise to have access to it”. As such the hacker must somehow access the server in order to listen to the message, irrespective of whether it has been listened to previously.
It is extremely unfortunate that the law on this point is not as clear as it might be. If hacking into a voicemail is not a criminal interception under RIPA, the main piece of legislation that deal with interception of communications, then what is it?
Computer Misuse Act
It could be a criminal offence under the Computer Misuse Act. Under this Act, it is a criminal offence to have unauthorised access to any program or data held in any computer. But is a mobile phone voicemail a “computer”. “Computer” is not defined in the Act, but while it may not extend to the old-fashioned tape systems for telephone messages or domestic telephone answering machines, it will extend to voicemails held on mobile phone networks which are server-based.
A person guilty of this offence is also liable to imprisonment for a term not exceeding two years or to a fine or to both.
Data Protection Act
Under this Act, it is an offence to obtain or disclose personal information without the consent of the data controller. If a person has obtained personal information illegally (for example, by blagging) it is also an offence to offer or to sell personal information.
One issue is that for an offence to occur in relation to an individual’s personal information, the individual must have been alive at the time their data was obtained, because the Data Protection Act only applies in relation to living individuals.
Another issue is that it is a defence for the person obtaining the data to show that it was justified as being in the public interest.
There are no custodial sentences in respect of data protection offences and no powers of arrest; all offences are punishable only by a fine.
No doubt these issues will be subject to greater scrutiny over the coming months.