The recent controversy and fallout relating to alleged practices of phone hacking and paying police officers for information at UK tabloid newspaper the News of the World has been headline news the world over. As police investigations progress it is almost inevitable that the laws relating to hacking, interceptions and bribery of police officers will come under the spotlight. In this article we consider the relevant laws in New Zealand and steps businesses can take to ensure compliance with legal, industry and ethical standards generally.
The News of the World Story So Far
On 10 July 2011 the News of the World, a subsidiary of Rupert Murdoch's News Corporation, ceased publication amid allegations of practices of hacking into the voicemail messages of individuals and paying police officers for information.
Allegations of phone hacking first arose back in 2005 in relation to articles about Prince William, resulting in the conviction of a News of the World reporter and a private investigator for intercepting voicemail messages on royal aides' phones. Suggestions of hacking on a much wider scale then followed in 2009, when UK newspaper The Guardian published an article suggesting that several thousand public figures may have been targeted by News of the World hacking attempts. The article reported that those who may have been affected included the then deputy prime minister John Prescott and film star Gwyneth Paltrow.
However, it has only been just recently that the alleged practices of the News of the World have become the subject of international attention, ultimately leading to the paper's demise. In early July claims emerged that the News of the World had hacked into the phone of a 13 year old murder victim and deleted messages, potentially impeding the police investigation. Further allegations soon followed, including that:
- the phones of relatives of deceased UK soldiers and 7/7 victims had been hacked; and
- the paper had condoned payments to police officers in exchange for information for stories.
These events ignited public outrage. While police investigations and any subsequent legal proceedings will still need to be played out, the consequences for News Corp have already proven extremely damaging. The fallout for News Corp so far has involved:
- the cessation of the News of the World as a paper, with the issue of several public apologies;
- its share price on the Nasdaq and ASX stock exchanges plummeting, reducing its market value by billions of dollars (New Zealand Herald, 13 July 2011); and
- News Corp aborting its multi-billion dollar takeover bid for BSkyB.
The scandal has also seen the resignation of certain senior employees, and arrests of those thought to have been involved in illegal activities.
New Zealand Hacking and Interceptions Laws
The New Zealand laws relating to hacking and the interception of communications perform the dual roles of:
- facilitating and permitting interception for lawful purposes, generally in relation to criminal investigations and matters of national security; and
- prohibiting unauthorised hacking and/or interception of private communications.
This reflects the need to on the one hand "arm" law enforcement and government security agencies with the necessary tools to carry out their functions during the information age, while on the other hand to protect the rights of individuals and businesses to have the privacy of their private information and communications respected.
Laws Permitting and Facilitating Hacking and Interception
A number of statutes provide Government agencies with the ability to obtain warrants which extend to accessing information stored electronically. For example, under the Fair Trading Act 1986 (Fair Trading Act) the Commerce Commission can apply for warrants to search a particular place for the purpose of investigating a breach of the Act. Such a warrant will authorise the Commerce Commission to search for and remove documents, including material stored on computers. Any access to a computer permitted under a warrant under the Fair Trading Act or other applicable laws will not constitute a breach of the anti-hacking laws discussed below.
Interceptions of private communications are permitted in fewer circumstances:
- The Police can be issued with interception warrants to investigate offending by organised criminal enterprises, serious violent offences, terrorist offences, drug dealing offences and specified cannabis offences.
- The Government Communications Security Bureau can intercept, with or without a warrant (depending on the circumstances), communications containing foreign intelligence.
- The New Zealand SIS can obtain warrants authorising the interception of communications where (among other things) the interception is necessary for the detection of activities prejudiced to New Zealand security or for the purposes of gathering foreign intelligence information essential to New Zealand security.
The Telecommunications (Interception Capability) Act 2004 (Interception Capability Act) is designed to facilitate the execution of these warrants. The Interception Capability Act requires:
- network operators to ensure that every public communications network and telecommunications service they own, control or operate has "interception capability". Interception capability is essentially the ability to intercept telecommunications and obtain call associated data; and
- network operators and telecommunications service providers to assist surveillance agencies (such as the Police and the SIS) by making available technical personnel and providing other reasonable assistance.
Laws Prohibiting Hacking and Interceptions
Generally hacking and interceptions of private communications will constitute criminal offences if not permitted by a warrant or other applicable law. It is a crime to:
- Access a "computer system" without authorisation or a legal right. Maximum prison sentences range from 2 to 7 years, depending on whether the access was dishonest or by deception and whether any loss is caused or property, privilege, service or benefit is obtained. The concept of a computer system is broadly defined, capturing not only computers but also:
- 2 or more interconnected computers;
- any communication links between computers or to remote terminals or another device;
- 2 or more interconnected computers combined with any communication links between computers or to remote terminals or any other device;
- any part of the items described above and all related input, output, processing, storage, software, or communications facilities, and stored data.
- Intercept a private communication by means of an interception device, however there are certain exceptions such as where the interception is carried out for the purpose of maintaining an Internet or other communication service to the public. This offence carries a maximum penalty of 2 years' imprisonment.
These acts might also constitute a breach of the Privacy Act 1993 (Privacy Act) and/or give rise to a civil claim based on an interference with privacy. Under the Privacy Act it is unlawful to collect personal information for an unlawful purpose and/or by unlawful means.
New Zealand Anti Bribery and Corruption Laws
As a foreword it is encouraging to note that Transparency International's Corruption Perceptions Index 2010 ranks New Zealand's (along with Singapore's and Denmark's) public sector as being the least corrupt of the 178 countries surveyed. Nevertheless, New Zealand still has a relatively comprehensive set of laws prohibiting the bribery/corruption of public officials. These laws are predominantly found in the Crimes Act 1961 and, in respect of police officers, the Crimes Act provides that any person who corruptly offers a bribe with intent to influence a law enforcement officer in his or her official capacity is liable to a term of imprisonment not exceeding 7 years.
Compliance Practices for Businesses
The backlash from the News of the World controversy plainly illustrates the importance of lawful and ethical business practices. While it may be a fairly extreme example of what can go wrong, the potential consequences of unlawful or unethical business activities should not be underestimated. Clearly unlawful activities can lead to fines, damages or even prison sentences for individuals. However, the negative PR and damage to business reputation are often the first felt effects and can be the most serious.
There are of course some fairly simply steps that businesses can take to ensure compliance with applicable laws and standards. These include:
- Obtaining a General Understanding: As a first step, obtaining a general understanding of the laws and standards applicable to the business. Some laws (such as employment laws and the Fair Trading Act) will be applicable to virtually all New Zealand businesses, while others will only be relevant to particular businesses. Without such an understanding or appreciation of the legal environment, it will not be possible to set appropriate operational business policies and protocols.
- Keeping Up-To-Speed on Developments: Businesses also need to keep up-to-speed on developments to laws and standards affecting them. This might involve any combination of signing up to receive relevant legal or industry newsletters or publications and/or employing in-house counsel or some form of compliance officer whose responsibility it is to monitor relevant changes to laws and standards.
- Policies and Protocols: Developing, making available to employees and otherwise implementing policies and protocols to ensure compliance and otherwise set expectations around which business practices are and are not acceptable. For example, a number of businesses set policies in relation to gifts and entertainment for clients, particularly those who may be public officials, to avoid suggestions or allegations of bribery or undue influence.
- Compliance Training: In addition to notifying employees of the business policies and protocols, addressing this in employee compliance training may also assist. This could be part of the employee induction process and/or carried out on a regular ongoing basis. Any such training should be targeted towards the employee's role. For instance, call centre employees should receive training on the procedures to be adopted to avoid Privacy Act breaches.
- Checks and Audits: Compliance checks and/or audits might also be an option. This might involve (for example) a legal review of any advertising/marketing pieces before they are published, or audits of business systems to ensure that applicable regulatory and industry standards are being adhered to.