No joy for director in Guinness case

Philip Wheeler and Anna Killick on the use of virtual evidence. Philip Wheeler and Anna Killick are solicitors at Crockers Oswald Hickson. As we move ever-closer to the 21st century, worldwide channels of communication are widening by virtue of the Internet.

The Internet allows people to communicate by e-mail, news groups, "bulletin boards" and Web sites, possibly allowing criminal gangs – for example paedophile rings – to further their activities.

Electronic messages sent and received through individual PCs are processed by external "servers", frequently operated by Internet Service Providers (ISPs).

Although a PC user may delete a message from their own machine, they generally have no control over what is stored on a server.

Data stored on a server, such as e-mail addresses of senders and recipients, may provide the key to a criminal investigation.

So what powers do the police have to gain access to electronic messages and other data which could constitute vital evidence?

ISPs are in the business of holding computer data, and are thus obliged to register under and comply with the Data Protection Act 1984 (DPA). The rationale behind the DPA is that "personal data" – data which enables a living individual to be recognised – is used in accordance with certain principles.

These provide that data must not only be obtained fairly and lawfully, but held and used for specific purposes.

Any electronic messages transmitted through the Internet will constitute "personal data" under the DPA, and as such cannot be used or disclosed in any manner incompatible with the purposes for which it is held.

Under section 28(3) DPA, the police may serve a notice on an ISP which requests access to data, stating that if the information relevant is not disclosed, it would be likely to prejudice the prevention or detection of a crime, or the apprehension or prosecution of offenders.

The ISP is not obliged to disclose the material in question, which may serve to assist the Internet criminal. However, if the ISP complies with the police request, it will not be guilty of disclosing personal data in breach of the DPA. Otherwise, authorities must follow existing procedures if they wish to gain access to material stored on computer.

Applications to intercept e-mail require a warrant signed by the Home Secretary under the Interception of Communications Act.

To gain access to data held on computer, police must apply to a Crown Court Judge for a warrant under the Police and Criminal Evidence Act 1984.