Tuesday, June 13, 2006

Does Irish law protect your voicemail?

The Irish Independent has a story about wrongful access to mobile phone voice mailboxes. Although the story claims that access to voicemail messages is "a crime under the Postal and Telecommunications Act 1983", it's not clear if that is true. Section 98(1) of the 1983 Act provides:
A person who-
(a) intercepts or attempts to intercept, or
(b) authorises, suffers or permits another person to intercept, or
(c) does anything that will enable him or another person to intercept,
telecommunications messages being transmitted by [a person deemed to be authorised under the Authorisation Regulations] or who discloses the existence, substance or purport of any such message which has been intercepted or uses for any purpose any information obtained from any such message shall be guilty of an offence.
The reference to telecommunications messages being transmitted suggests that stored messages, such as voicemail messages, may not be protected by section 98.

There are two counter arguments. First, it might be said that such messages are "being transmitted" until they are first listened to. This is an incomplete solution, however, at best it would only protect new messages, with those already listened to having no protection.

Second, it could be argued that the act of dialing into the voice mail itself causes the message to be transmitted, and the interception takes place where you listen to such a message. This is given support by the very wide definition of "interception" contained in section 98:
In this section, "interception" means listening to, or recording by any means, or acquiring the substance or purport of, any telecommunications message ...
Again, though, this is an incomplete solution. If we adopt this argument, then the mobile phone company employee who listens to the message at work would not be guilty of an offence, as the (locally held) message would not be transmitted.

This article highlights, then, one problem with Irish interception law. Whatever view we take, it seems that stored messages such as voicemail do not enjoy adequate protection - and it is long past time that the 1983 Act was updated to take account of technological changes in the meantime.


  1. Anonymous18 June, 2006

    I agree with you. Completely absent from reports of this story is the clear fact that (i) Section 98 only applies to telephone messages in the course of their transmission by Bord Telecom Eireann, obviously now Eircom - not mobile phone operators, and (ii) the phone owner's failure to change their password from 0000 could reasonably be deemed consent to anyone accessing their voicemail. The Law Reform Commission highlighted this in 1996. When a phone is first activated the mobile phone operator clearly warns the owner to change the password. I suspect the current reports on this story are to investigate other claims related to it as an incident overall, not the voicemail accessing element.

  2. Completely absent from reports of this story is the clear fact that (i) Section 98 only applies to telephone messages in the course of their transmission by Bord Telecom Eireann, obviously now Eircom - not mobile phone operators

    This isn't actually the case. Section 98 has in a roundabout way been extended to all telcos operating under a general authorisation.

    With the advent of deregulation, section 98 was extended to cover other licensed operators (the Postal and Telecommunications Services (Amendment) Act, 1999, section 7). Subsequently, with the introduction of a general authorisation framework, the provisions of section 98 were extended to any person operating under a general authorisation (Regulation 4(8) of the European Communities (Electronic Communications Networks and
    Services)(Authorisation) Regulations 2003).

    But I agree with the thrust of your point though - there are telcos who are not covered by section 98 - skype (as planetpotato points out) being the obvious example.

  3. [Comment edited to remove defamatory content]

    Anonymous said...

    This story is doing the rounds again and, I hate to say it, it's actually having the effect of severely damaging the media's reputation - as if it needed any further damaging already.

    I worked for three years as a telecommunications lawyer. Under section 98, if someone doesn't change their default password from 0000, that's it - forget it. Your voicemail is open to all and sundry.

    The persistent running of this story is flapdoodle...