Is it ever acceptable for a journalist to hack into somebody else’s email?

John and Anne DarwinIs it ever acceptable for a journalist to hack into somebody else’s email?

It’s an interesting question – and one that has recently come to the fore because of the alleged hack by Sky news journalist Gerard Tubb.

As Naked Security reported last year, Sky News correspondent Gerard Tubb managed to gain access to an email account belonging to John Darwin – the so-called “Canoe Man” who faked his own death as part of a complex fraud involving his wife.

In a case which gripped the British public’s imagination, keen canoeist John Darwin faked his own death at sea in 2002 only to subsequently walk into a London police station over five years later claiming to have no memory of what had happened to him.

Sign up to our free newsletter.
Security news, advice, and tips.

Darwin’s wife acted surprised and overjoyed at her husband’s “back-from-the-dead” miracle, but the smiles soon disappeared when a photograph was found on the internet showing the couple posing for a Panama estate agent’s website.

It transpired that during his “missing years” Darwin had moved into a bedsit adjacent to his family home, and began to live secretly with his wife again.

Having collected collected life insurance and pension policies worth £250,000, the Darwins bought property in Panama with the intention of creating a canoe holiday business – and starting a new life together.

While John Darwin remained in Central America, his wife Anne returned to the UK to sell their property in Seaton Carew, near Hartlepool.

The trial of “Canoe Man” and his wife captured the imagination of the British public, and media agencies were keen to uncover more about the couple.

In a July 2008 news report, which has since been removed from the Sky News website, reporter Gerard Tubb told how he he had uncovered evidence including emails that revealed why the missing man had returned to Britain, and the couple’s plan to settle back in Panama.

Sky News story. Click for larger version

“We discovered an email from John to Anne dated 31 May 2007 in which he tells her that planned changes to visa regulations will prevent him from continuing to live in Panama with a tourist visa.”

A spreadsheet, allegedly created by the couple and describing their “masterplan”, was also published by Sky News on its website.

Part of canoe man's spreadsheet published by Sky News

Unauthorised access to another individual’s computer or email account like this is a breach of the Computer Misuse Act, a criminal offence in the UK that can lead to imprisonment.

However, Sky News bosses, who had approved the hack by Gerard Tubb, argued that the hacking was “justified and in the public interest”.

At last year’s Leveson Inquiry into press ethics and criminal activity by journalists, Lord Justice Leveson told Sky News that they had clearly broken the law and couldn’t hide behind a “public interest” defence.

“At the end of the day you committed a crime,” Lord Leveson said during testimony given by John Ryley, head of Sky News.

Yesterday, however, the chances of Sky News or reporter Gerard Tubb being charged over the email hack disappeared.

As The Guardian reports, the Crown Prosecution Service has decided that it would not be in the public interest to prosecute Gerard Tubb, because the unauthorised access was done with the intention fo proving a criminal act had been committed.

It transpires that the police lawfully obtained a number of the same emails, which were used by prosecutors as evidence during the trial of Anne Darwin.

Sky NewsAnd that’s really the point, isn’t it?

The authorities have the ability and the means to lawfully access email communications as part of their investigations – and maverick journalists shouldn’t be hacking into email accounts, particularly when the owners of those email accounts are already under investigation by the police.

It’s easy to imagine how evidence could become corrupted or could be argued to have become tainted or compromised if unauthorised third parties have had access to it.

It may not be in the public interest to press charges against Gerard Tubb and Sky News, but this decision should not be taken as a green light by other journalists that email hacking is ever acceptable.

And what of “Canoe man” and his wife? John Darwin was given a six year prison sentence, and was released in early 2011. His wife was released from jail two months later. Word has is it that Darwin worked on his memoirs while in prison – which, no doubt, will be serialised by the press.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.