(A word of warning: more so than normal, this blog entry is my opinion, and does NOT constitute nor should be relied upon as legal advice.)
Readers might be forgiven for thinking that the answer to the question posed by the title of this entry is, quite literally, staring me in the face. Yes, I’m typing this blog on what it quite unquestionably a computer. But what else counts as a computer? A PDA? Yes, no question of it. A smartphone? Almost indisputably, especially given that my iPhone is far more powerful than many PDAs, or indeed many portable computers of only a few years ago. But what about a digital camera?
My question isn’t purely academic. As a keen photographer I’ve followed with both interest and concern the growing number of accounts of photographers being stopped and searched under anti-terror legislation, or harassed by security guards, again often on the pretext of security. A common feature of such incidents is the demand that the photographer delete images on his or her camera. And this explains my question, because I think there is a good case to be made that to do so is illegal under the Computer Misuse Act 1990.
It turns out I have company in high places in this regard. Lord Carlisle, in his 2008 annual report on the operation of the Terrorism Act 2000, notes with concern reports of the use of recent anti-terror legislation against photographers (see paras 195 to 197) and specifically comments that police officers who use force against photographers to, for instance, make them delete photographs, risk liability for both disciplinary and criminal proceedings. What I am suggesting is that irrespective of other liability under such legislation as the Police and Criminal Evidence Act 1984, the CMA may well provide specific protection to photographers.
(As an aside, there is a simple and practical approach to dealing with such incidents: comply with the demand, and then use readily-available data recovery utilities to recover the deleted files later, so long as no new pictures have been recorded on the memory card in question. But that doesn’t address what I consider to be the unjust nature of the demand in the first place.)
The relevant part of CMA 1990 is section 3, as recently amended by the Police and Justice Act 2006. S.3 provides that it is an offence for a person to, knowing that the act is unauthorised (s.3(1)(b)), prevent or hinder access to any program or data held on a computer (s.3(2)(b)). If a digital camera counts as a computer for the purposes of CMA 1990, then deleting a photograph from it would constitute preventing or hindering access to data held on it. (Even if the image was recoverable, it would still count as ‘hindering’.) The relevant questions are therefore whether a digital camera does count as a computer and whether a demand by a police officer or security guard to delete photographs is deemed to be unauthorised.
The second question is the easier one to answer. S.17(5) CMA 1990 says that access is unauthorised if it is by someone who would not be entitled to control access to that data, and who does not have the permission of someone who does. The only person entitled to control access to a computer owned by me and in my possession is me; the same applies to any device that counts as a computer for the purposes of CMA 1990.
Now, s.10 CMA 1990 does provide certain exemptions for law enforcement, and in particular it says that access by a constable or other investigating officer is not unauthorised even if done without consent. However, it very also very clearly states that this only applies to the offence created by s.1(1) CMA 1990, that of gaining unauthorised access to computer material. It does not apply to s.3. So, in the context of a camera, an officer may look at pictures stored on it in the course of a lawful search because s.10 makes such access lawful. But s.10 does not make it lawful to infringe s.3 by deleting them.
All this of course presupposes that a digital camera is a computer, at least as far as CMA 1990 is concerned. Unfortunately, whilst the Act includes a lot of other definitions, it is silent as to what a computer is; whoever drafted the act evidently thought it obvious. It probably was obvious in 1990, when even the advent of PCs had not changed the understanding that a computer was a box that you typed data into and which gave output in text or graphics on a screen or via a printer. But, as I noted earlier, today we see a much wider range of devices as being computers. As I said, my iPhone is almost certainly one by any reasonable definition. Now, it incorporates a camera (quite a good one, as I have one of the new 3GS models) and I am confident that there would be a very strong case that if anyone tried to make me delete pictures on my iPhone or attempted to do so themselves then they would be committing an offence under s.3 CMA 1990.
But the iPhone is a general-purpose device, not one dedicated to photography. (Yes, I know it’s strictly a phone. But it is really a small, powerful PDA with a phone built in, as is clear from the way Apple will sell you an iPod Touch that is almost identical but sans phone.) My Canon digital SLR is made for the sole purpose of taking photographs; it is definitely more of a camera than my iPhone, but is it also less of a computer?
How have other countries sought to define computers? Singapore’s Computer Misuse Act is closely modelled on the UK Act, but with additional explanatory material that defines a computer as
“an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such devices, but does not include an automated typewriter or typesetter, a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility.”
Would this include a digital camera? It mentions both electronic and optical elements, together with data storage – all of which a digital camera possesses. The exclusions seem to me to relate to devices that cannot store data or run software. Digital cameras clearly do the former, and indeed can run software too, as is seen from the patches posted by manufacturers.
If we accept that the Singaporean definition of a computer is a reasonable one (and speaking as someone who’s been studying computers one way or another since the mid-1980s, it seems eminently sensible to me) then it is hard to avoid concluding that English law should recognise a digital camera to be a computer for the purposes of the CMA 1990. If so, then s.3 makes it an offence to delete, or seek to force someone to delete, photographs from such a camera without lawful authority, and as the s.10 exception does not apply to s.3, mere investigation does not provide such authority.
Does this mean that I think that anyone told to delete photographs should refuse to do so and cite s.3 CMA? As I said earlier, this post is not legal advice and must not be taken as such. What people do under such circumstances must be up to them; however, I feel that should a complaint about forced deletion of photographs be pursued, then the s.3 CMA aspect is at least deserving of consideration.
Posts on this blog represent my opinion. It may be my considered opinion on the basis of my formal study of law and technology. But it is not legal advice. It must not be treated as, or acted upon as, legal advice and no liability is accepted for doing so.