Phone hacking and Australian law

4 August 2011

This is a cross post from Intellect, Minter Ellison's technology, media, communications and IP blog. Written by Nick Petrie, Tarryn Ryan and Veronica Scott.

After 168 years of publication, the News of the World published its last edition as a result of what has become known as the 'phone-hacking scandal'. There have been arrests and resignations. There is a police investigation and there will be a public inquiry. The debate has now moved to Australia with calls for a statutory media watchdog and the establishment by News Ltd of an internal review of editorial expenditure to confirm it has paid only for "legitimate services".

Getting access to information for news stories is a crucial part of any journalist's work. This may involve paying for the information. But how far can a journalist go before their actions become unlawful? In this post, we look at how Australian law would apply to the 'phone-hacking' activities of News of the World, which activities are lawful and which would be an offence, what penalties could be imposed, what remedies victims might have under breach of privacy and breach of confidence laws. We will also look at the extent to which journalists can record conversations in order to secure newsworthy information and the application of statutory privacy laws.

The final edition of News of the World

The 'hacking' techniques

The activities in question, loosely described as 'hacking', concerned the unauthorised access of voicemail messages left on the private mobile phones of people who we shall refer to as 'targets'. The techniques used have been described in reports as follows:

  • calling a general number available from the mobile phone service provider which enables its customers to access their voicemail account from other phones, then accessing the target's account by entering their mobile phone number and their PIN number. It would be relatively easy to find out a target's mobile number and work out their PIN, because most people leave a default PIN, such as 1234, active, or use an easily remembered PIN number such as 0000;
  • getting one person to call a target's mobile phone number and engage the line while at the same time, another person also calls that number and is diverted to the phone's voicemail account. Again, access to the messages would generally be easy if the PIN is set to default or an easy number; or
  • using a method that has become known as 'blagging'. This involves calling up a service provider and purporting to be the owner of a target's mobile phone account then claiming to have forgotten the PIN and convincing the customer service operator to either disclose the existing PIN or to reset it to the default, allowing the caller to then access the taget's voicemail messages in one of the ways described above.

The Commonwealth Telecommunications (Interception and Access) Act 1979 (Telco Act)

Using these methods to gain unauthorised access to voicemail messages held by a carrier licensed in Australia could breach Australian law. Under the Telco Act it is an offence to access stored communications 'with the knowledge of neither' the recipient or the person who sent the message. A stored communication means a communication that is not passing over a telecommunications system, is held on equipment that is operated by, and is in the possession of, a carrier and cannot be accessed on that equipment, by a person who is not a party to the communication, without the assistance of an employee of the carrier.

According to the Telco Act's Explanatory Memorandum, this includes SMS messages and voicemail messages. It is also unlawful to authorise or enable this kind of access. There are some exceptions to these rules, such as police interceptions, which require a warrant. None of the exceptions apply to journalistic activities unless of course the journalist has the consent of the recipient or sender.

Importantly, it is also an offence under the Telco Act to communicate, record, make use of, or give evidence in a proceeding of information obtained in this way. This would obviously include publishing the information in any news medium.

Each of these offences is punishable by up to two years imprisonment. Civil remedies are also available to a person aggrieved by a defendant who engaged in such conduct. This may be target, whose account was accessed, the person who left the message, or even a person on behalf of whom the communication was made.

The Commonwealth Criminal Code

These accessing techniques also raise issues of identity fraud. Under the Criminal Code 1995 it is an offence to deal in 'identification information' with the intention that you, or someone else, will purport to be another person, for the purpose of committing, or facilitating the commission, of an offence. This can carry a penalty of up to five years imprisonment.

The technique of 'blagging' would probably breach this prohibition. A 'blagger' would have to use a target's identification information, such as their name and date of birth, while purporting to be that target, in order to obtain a PIN number, which then enables the blagger to commit the offence of accessing a stored communication.

It is also possible that the actual accessing of the voicemail, by entering a PIN number, could be an offence under this section of the Code. The definition of identification information includes a series of numbers or letters (or both) intended for use as a means of personal identification. A voicemail account PIN number, whether or not it is the default number, is intended to be used to identify the owner of the account. By using that PIN number to access a voicemail account, the journalist is purporting to be the owner of the account, again for the purpose of committing the offence of accessing a stored communication.

In the first part of our post-News of the World series of posts, we looked at the techniques which were used by News of the World journalists and/or private investigators they hired to access the voicemails of targets and relevant offences under the Australian Commonwealth Telecommunications (Interception and Access) Act 1979 and Criminal Code.

Elements of breach of confidence

In Australia, for a person to prove that an unauthorised access of their voicemail messages was a breach of their confidence, they would have to show that the information in the message:

  • had the requisite quality of confidence; 
  • was obtained or received by the journalist/media organisation in circumstances importing an obligation of confidence on those recipients; and
  • was disclosed, or threatened to be disclosed, in an unauthorised manner. Disclosure would clearly include publication by the media.
Following the 2001 High Court decision in ABC v Lenah Game Meats (the ABC case), any obligation of confidentiality would not depend on a direct relationship existing between the journalist or other third party who accessed the voicemail messages and the target, or indeed the person who left the voicemail.
The obligation of confidence would extend to any third party who received the information, if that third party knew, or ought to have known that the information was confidential given the manner in which the information was obtained. Applying this to the News of the World scenario, a journalist, who personally, or through an investigator, accesses a target's voicemail, may have an obligation of confidentiality to that target or the person who has left the message, despite not having a direct relationship with these people.

Requisite quality of confidence

The main challenge for an aggrieved person in this scenario would be showing that the information has the requisite quality of confidence. In the ABC case, images of possums being killed and processed in a factory were recorded in an unauthorised and illegal manner. However, it was held by the High Court that, as the images obtained did not disclose any confidential or commercially secret information, the quality of confidence threshold was not met. Chief Justice Murray Gleeson noted that, when information does not have the requisite quality of confidence 'that the information was tortiously obtained in the first place is not sufficient to make it unconscientious of a person into whose hands that information later comes to use it or publish it.'

Applying this to the access of voicemail messages, it is fair to say that just because someone accessed another person's voicemail account in what may be considered to be an immoral or illegal manner, does not mean that a breach of confidence has occurred. The central issue will be the nature of the information that was obtained.
Some information accessed on voicemail messages, such information relating to sexual relationships, a person's health, or that is subject to a police investigation, would be likely to be considered confidential. On the other hand, if a voicemail message was accessed that only disclosed information about what someone was cooking for dinner, it is less likely that this information would be considered to have the requisite quality of confidence. While information such as this is unlikely to be newsworthy, even if it were published, no breach of confidence will occur.
It is important to note that if confidential information is accessed but not disclosed, or threatened to be disclosed, there can be no breach of confidence.

Defences

There are also two defences that a journalist can seek to rely on in disclosing information that would otherwise be a breach of confidentiality: 

  • the limited defence for disclosure of 'iniquities': the disclosure must be proportionate to the crime, wrong or misdeed of public importance committed. This would generally mean that disclosure would have to be to the police or other authority with the 'proper interest' to deal with the iniquity. Disclosure of the information by publication in a newspaper would probably be disproportionate; and
  • the information is already in the public domain: a journalist may assert that information obtained in a voicemail message could not be considered confidential because it is already in the public domain. The extent of dissemination and forum of publication will be relevant to this argument. The Victorian Supreme Court case of Australian Football League v The Age Company Ltd suggests that a journalist would have a stronger public domain argument if the information that they obtained in a voicemail had already been published in the 'traditional' media, rather than merely on internet chat forums.

Remedies

A key remedy available for breach of confidence is an injunction restraining the disclosure of the confidential information. If a person came to know that their voicemail account had been hacked they could seek to have disclosure or publication of that information restrained. Once a breach of confidence has occurred the aggrieved party may seek compensatory damages. Following the Victorian Court of Appeal decision in Giller v Procopets, it appears that a successful plaintiff in a breach of confidence claim could be awarded substantial damages for emotional distress, hurt or embarrassment caused by a breach. In this case, the plaintiff was awarded $40,000 for breach of confidence, which included $10,000 for aggravated damages, after her former partner disclosed to third parties a video depicting sexual activity between the two.

Claim for breach of privacy?

Unlike New Zealand, there is no general tort of privacy in Australia. In the ABC case, the High Court left the door open to the development of a tort of privacy in Australia, but found there could have been no invasion of privacy in that case. Justices Gummow and Hayne stated that any development in relation to a standalone tort of privacy in Australia would be to 'benefit of natural, not artificial, persons.' As the plaintiff in that case was a company, it was unnecessary to determine whether a tort existed. Furthermore, in Giller v Procopets the Victorian Court of Appeal found that it was unnecessary to determine whether a tort of privacy exists in Australia, because the plaintiff's were able to seek redress under breach of confidence.

Where a person can seek redress in breach of confidence after their voicemail account has been accessed without authorisation, it is questionable whether a court would find that there has been a breach of privacy. Whilst the Commonwealth Privacy Act 1988 protects unauthorised accessing and misuse of people's personal information, there is an exemption for the media and the Act has limited sanctions. However, the current debate about media regulation in Australia, following the closure of News of the World, has reignited the discussion regarding the desirability of a statutory tort of privacy.

Latest developments

This has added fuel to the recommendation of the Australian Law Reform Commission (ALRC) in May 2008 following its reveiw of the operation of the Privacy Act, that a statutory cause of action for serious invasion of privacy should be enacted in Australia. The Federal Government's position had been that this was not yet a priority in privacy reform. However, the Federal Home Affairs Minister, Brendan O'Connor, has just announced the launch of a consultation period for privacy reform with a discussion paper to be released shortly.

The lack of a consititutional guarantee of freedom of speech in Australia, such as that enshrined in the US in the First Amendment to the Constitution in the Bill of Rights and Article 10 of the EU Convention on Human Rights (incorporated into UK law by the Human Rights Act 1998) will mean that any new law will need to provide this protection at the very least. Further, whilst described as being ad hoc, the benefit of the common law, which was recognised by the ALRC when it first considered the introduction of a tort of privacy in 1979, was that courts could develop jurisprudence in this area. This means they can evolve and distil principles to respond  these issues as they arise and provide protections and defences as are desireable on a case by case basis (which they have been doing, as can be seen from recent decisions in the UK such as Naomi Campbell and Max Mosley, and those Australian cases referred to above).

A statutory tort would struggle to cover the field, made more difficult by the speed of technological development, as has been experienced with the application of the Privacy Act. Also as Chief Justice Gleeson said in the ABC case, one of the reasons for proceeding cautiously is, 'the lack of precision of the concept of privacy', when deciding what would be a serious intrusion on a person's privacy.

The next piece in our post-News of the World series will deal with the application to the media of existing statutory data privacy laws and the regulation of the recording of conversations.

(Photo courtesy Flickr user Gene Hunt. Used under Creative Commons license)

Share

Something to say?

If you have a story to tell or an opinion to share about journalism, media coverage of a particular issue, or any media-related topics, then send us an email.

We want to hear from you

The Buzz

27 September 2011

In this week's Buzz: the state of investigative journalism, video games as an educational tool for reporters and CNN journalists open up on their most embarrassing reporting mistakes.

more

Top Tools

Women for Media
17 April 2012
www.womenformedia.com.au is a new online directory connecting journalists to more than 100 senior Australian business leaders who are willing to provide media comment.
more