"How to spy on my wife’s phone": an English law perspective on an article about stalkerware

- Posted in privacy by - Permalink

CW/TW: domestic abuse, and controlling behaviour

WTF?

I honestly can't believe I am writing this.

Actually, scratch that. I can't believe that someone wrote the piece to which this blogpost is a response.

That piece, on a website called "Tech Times", is called "How to spy on my wife's phone".

It is from April, and I'm not going to link to it (click revenues), and the Wayback Machine's archive doesn’t seem to be working. I'm sure you can find it if you want it.

The article claims that it will:

show you how to spy on your wife via her phone without getting caught. The solution we offer is discreet, affordable, and easy to implement.

It reads very much like a sponsored piece, but this is not labelled or declared.

It's not the first time that "Tech Times" has published this kind of content.

In August 2019, it ran a piece (written by a male writer) entitled "How to Read Someone’s Text Messages Without Their Phone Free". It ended with the "takeaway" that:

Suspicions are best ended quickly. Therefore, you need to make sure that no doubt remains in your head about the other person.

In September 2019, it had "How Can I Spy on a Cell Phone Without Installing Software on the Target Phone?" Why?

You might want to use it on your spouse, your child, or an employee who you feel is slacking off from work.

This article concludes by saying:

"Once you have the evidence you need, you can confront your maybe-cheating wife with proof. Then you can take a call on the future of your relationship based on her reaction."

Yeah. Because assessing "the future of your relationship" based on your wife's reaction to you telling her that you have been spying on her with malware or remote stalking services sounds like a sensible course of action. Idiot.

Anyway.

Men. Don't do this.

Seriously.

(And, yes, I know, #NotAllMen.)

With great power comes great responsibility.

Just because you can do something doesn't mean that you should do it.

At least some of you reading this are likely to be, well, a bit geeky. Perhaps more than a bit geeky.

And, like me, there's probably a strong chance that you run services for your friends and family. Services which enable them to communicate.

I run our DNS infrastructure, our email systems, our messaging platform, manage our router and Wi-Fi and Internet connectivity, and some of our telecoms.

That gives you a lot of power. And, with that, comes a lot of responsibility. If you are a geek in a similar position to me, wield that power wisely, and for good.

Neil, is there a legal point to this?

Yes. I thought it would be a good opportunity — a "teachable moment", if you will — to note that the behaviour this misogynistic article encourages is, from an English law perspective, likely to amount to one or more criminal offences.

Honestly, the fact that this behaviour is most probably illegal is a secondary point: behaviour can be repugnant without being illegal, and spying on your wife is repugnant.

But having some insight into the legal aspects might be useful, or just interesting.

This is not an exhaustive overview.

Computer Misuse Act 1990

The Computer Misuse Act 1990 is rather showing its age, and there are calls for reform, but some of the acts which someone might carry out to spy on their wife's phone are likely to fall within it.

Someone commits the first offence under that Act if:

  • he causes a computer to perform any function with intent to secure access to any program or data held in any computer or to enable any such access to be secured;
  • the access he intends to secure or to enable to be secured, is unauthorised; and
  • he knows at the time when he causes the computer to perform the function that that is the case.

It's broad. Any computer. Any function. Any program or data. Held in any computer.

Illegal interception

It's a criminal offence if someone, without lawful authority, intentionally intercepts a communication in the course of its transmission by means of a public telecommunication system, a private telecommunication system, or a public postal service, and the interception is carried out in the UK.

(s3 Investigatory Powers Act 2016)

Logging in to someone's voicemail box, to listen to their voicemail? Interception.

The same logic would also cover logging in to someone's Gmail account, for example, or their Facebook messages. (And see NTL and Ipswich.)

Doing so by accessing messages stored on their phone? Probably not "interception", but could still be computer misuse.

Illegal obtaining of personal data

It's a criminal offence if you knowingly or recklessly obtain or disclose personal data without the consent of the controller (in this case, probably your wife). (s170 Data Protection Act 2018)

There are statutory defences, but it's difficult to see they would apply in the case of stalkerware. (Which, of course, wouldn't necessarily stop someone trying.)

Controlling or coercive behaviour

You commit an offence if you:

  • repeatedly or continuously engage in behaviour towards another person (B) that is controlling or coercive,
  • at the time of the behaviour, you and they are "personally connected",
  • the behaviour has a serious effect on them, and
  • you know or ought to know that the behaviour will have a serious effect on them.

(s76 Serious Crime Act 2015)

This law has been (rightly, IMHO) criticised for being too narrow, since the test for "serious effect" requires that the victim must fear violence multiple times, or else that the behaviour must cause the victim serious alarm or distress which has a substantial adverse effect on their usual day-to-day activities.

However, it is clear that stalkerware is intended to be within the scope of the legislation. The Government's guidance says that it expressly includes:

monitoring a person via online communication tools or using spyware

Who else is thinking about this?

Loads of people. Two in particular come to mind (and my apologies to everyone I have forgotten — including the author of one particularly brilliant article about mobile phones and domestic abuse which I read some years back, and which, despite numerous searches this morning, I just cannot find):

Violet Blue's "Smart Girl's Guide to Privacy". The blurb is that this book:

helps you hack your way through the jungle of privacy chaos and fight back against sleazy marketers, unethical megacorporations, scammers, stalkers, hacked apps, and thieves.

I read it a few years back and, while Violet Blue wrote it five years ago, it remains relevant. (Of course, the correct book to promote here would be "Men, don't spy on your wife" — the onus should be on men to behave, not on their partners to have to take defensive steps — but I don't know of such a book.)

Dr Leonie Tanczer: Dr T has done (and continues to do!) some great work around the Internet of Things and domestic abuse. Check our her remarkable list of publications.