Labour leader Joseph Muscat’s hacking claim last week raises a legal conundrum that should interest any office employee with an e-mail account and access to internet.

The allegation made by Joseph Muscat in Parliament on Wednesday is that a private e-mail exchange between himself and RTK journalist Sabrina Agius landed in the hands of the PN media as a result of computer hacking, since neither he nor Ms Agius released the correspondence.

Given that we are talking about a gmail account, nobody, not even an employer could gain access to that exchange in a legal manner

In the e-mails, which span a period of months, Ms Agius offers herself as a tool for the Labour Party while Dr Muscat urges her to keep her job at the Church-owned radio because the party “needs” her there, though he also expressed the wish that she joins The Times or national broadcaster PBS.

The journalist was suspended the morning after the exchange became public on Wednesday evening, and she is now facing disciplinary proceedings.

Many speculated on how this private exchange could have become so public. While not excluding anything, IT experts who spoke to The Sunday Times agreed on the likelihood that the e-mails were divulged from Ms Agius’s end, not Dr Muscat.

“A gmail account or in this case Joseph Muscat’s own domain (as opposed to the .gov domain administered by Mita) could have been hacked but this is no mean feat, especially with gmail. It’s quite a task and I doubt someone would do it only to leave with an exchange of this nature,” an IT administrator pointed out.

Hacking of Ms Agius’s e-mail account by someone who had access to RTK’s server would be simpler, he said, but it would still require a dogged search for an e-mail and password.

“Unlike the e-mails of your work address, most company servers would not have an imprint (copy of the contents stored on the server) of a gmail message; however, there are ways and means of obtaining the username and password, which would obviously give you access to the inbox,” he said.

The most likely prospect and the simplest explanation, he argued, would be that Ms Agius left her gmail page open on her work computer while she was out and someone who noticed this printed the exchange.

This immediately raises a legal issue concerning data protection, seeing as there is a clear use of personal data without the consent of the people who own it.

Like any legislation, the Data Protection Act is subsidiary to the concept of public interest enshrined in the Constitution. “The pertinent question with regard to the publication of these e-mails is: was their dissemination and the inevitable impinging on the privacy of Dr Muscat and journalist justified because of an overriding public interest?”

Yes, according to the head of news at the PN media house Media Link, Nathaniel Attard, who released the correspondence in its entirety to the press on Wednesday.

The e-mails showed Dr Muscat was using the RTK journalist for his political interest, Mr Attard argued, and therefore the public had a right to know.

In the absence of a public interest argument, which if challenged would have to be settled before the Data Protection Commissioner, or court, that data is strictly private and therefore protected.

“Given that we are talking of a gmail account, nobody, not even an employer, could gain access to that exchange in a legal manner, without the consent of the data subject or claiming public interest,” another lawyer said.

“Ms Agius, at best, could be accused of computer misuse (for accessing gmail while at work) but this is something many companies tend to turn a blind eye to. I don’t expect anyone in our office not to communicate with the outside world while at work,” he added.

The situation would change if the e-mail account had been a work domain, meaning an e-mail address given by the employing company.

There have been rulings on these scenarios which say that a company can gain access to e-mails of an employee but only if it has in place a policy alerting employees of this possibility.

“In other words, if you were never made aware of your company’s communication policy and your employer accesses your e-mail, there is a breach of data protection,” he emphasised.

The same would apply to the use of internet. Any employees could fall foul of computer misuse legislation if they are caught accessing internet sites that are unrelated to work.

“However, an employer can only use evidence of this misuse obtained through scans of the IT system if the employee in question was made aware of the company’s policy to oversee internet use,” a lawyer stressed.

The scenario would change with regards to criminal activity, say accessing child pornography, in which case data protection would be waived.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.