A consensus has emerged from the Courts of Appeal in New Zealand and the UK that digital data is not property for the purposes of the law.
The two courts used different reasoning but arrived at the same conclusion. This issue is important because it runs to the protection and remedies available to an innocent party against misuse of electronic data.
Jonathan Dixon, the Queenstown bouncer who accessed CCTV footage of the England Rugby Captain in a bar during the 2011 Rugby World Cup, appealed his conviction for dishonestly obtaining property on the basis that the digital data did not come under the definition of ‘property’ in the Crimes Act. The New Zealand Court of Appeal yesterday agreed (but substituted his conviction with one of dishonestly obtaining a benefit).
Earlier this year, in Your Response Ltd v Datateam Business Media Ltd, the England and Wales Court of Appeal overturned the lower court’s finding that a publishing company’s electronic database, interrogated and amended hundreds of times a day in support of the company’s customers, could support the database manager’s common law lien as security for its outstanding fees.
Although the latter case does not appear to have been brought to the New Zealand court’s attention, both Courts of Appeal noted that the respective first instance decisions had been motivated by understandable perceptions that electronic data had value in itself, and should be capable of protection by law. But those first instance decisions erred in treating that data as property, and therefore susceptible to legal protection of and remedies for breached property rights. Both Courts of Appeal confirm that there is no property interest in information itself.
The English decision had the easier course, because a claim to a common law lien over an item is founded on its (transferrable) possession by the claimant. Its subject is accordingly ‘tangible property’, which is distinguished from ‘intangible property’. The common law recognises no other form of property. The key distinction is that physical possession of intangible property cannot be transferred (although statute law sometimes deems such transfer to occur); control of the property alone is insufficient.
While the media on which the database was held could be transferred, that could not be said of the information making up the database. Various legal protections for data are only explicable by the assumption that information, if property at all, is not susceptible to legal remedies reliant on possession. The UK Court of Appeal recognised there was much benefit in extending property rights to encompass technological developments, but that was a job for Parliament.
In New Zealand, Parliament had extended the Crimes Act’s definition of ‘property’ to accommodate computer-related crime. The new definition was intended to cover all forms of tangible and intangible property. But, by analogy with confidential information, the New Zealand Court of Appeal considered that information comprised by digital data was not property at all.
The accepted legal position is that confidential information is not property, but protected by the law from abuse, as a matter of ‘conscience’ arising from the circumstances in which the information was obtained. The New Zealand Court of Appeal considered that a computer file’s “stored sequence of bytes available to a computer program or operating system… cannot meaningfully be distinguished from pure information”, and therefore was not 'property' for the purposes of the Crimes Act. But Mr Dixon had still obtained a benefit from accessing the bar's computer system – an alternative offence for which he was then convicted.
Although recognising that information’s exclusion from the definition of property may be said to be illogical and unprincipled, the New Zealand Court of Appeal identified good policy reasons for not recognising information as property, including the free flow of information and freedom of speech. As Parliament had not expressly included ‘information’ in the Crimes Act’s definition of ‘property’, despite the notoriety of the issue, it was not for the Court to subvert that through legal evolution.
While not the focus of their judgments, the English judges also were concerned for unintended consequences of any decision that the database was property to which a lien could apply. Other intangible property could not be distinguished. Such lien holders may acquire an advance on other creditors. Lenders would have organised their affairs on a settled understanding of securities. The world of IT contracting would doubtless be rendered substantially more complex and uncertain (which is saying something). And – most significantly, completing the circle to the New Zealand position – the law has never recognised information as property.
Businesses reliant on the security of their information must take special steps to protect it. While protections for confidential information are reasonably well understood, protections for electronic information are less well developed. Reliance on property rights will not suffice. The decisions also have implications for other situations in which parties are dealing in information.