Expectation of Privacy Extended to Email 161
An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"
too bad (Score:5, Insightful)
It's just a shame that the right decision comes down on the side of the spammer.
Re:too bad (Score:2, Insightful)
Everyone deserves the same rights and treatment under the law.
Re:Can we extend this (Score:3, Insightful)
Unlikely. Slashdot comments are public by design. Webmail is simply an interface to otherwise regular email message, which this covers under the logic they are intended for an identified recipient and provided to other intermediaries on the way for delivery, much like traditional mail.
Re:too bad (Score:5, Insightful)
Nothing in the current decision suggests that, since it is about the meaning of the Fourth Amendment and therefore the limits of government power.
So are much of the the hardcopy material in which you have a reasonable expectation of privacy under the Fourth Amendment. Encryption has never been a Constitutional prerequisite to a reasonable expectation of privacy.
Re:Does anyone else see this as a bad thing? (Score:3, Insightful)
Did similar past decisions regarding public phones and postal mail compel telecoms and the USPS to encrpyt all telephone transmissions and letters?
Password-protected (Score:3, Insightful)
That's the whole point of passwords! I'd say that's a pretty straightforward expectation.
Re:How is email privacy currently violated? (Score:1, Insightful)
Either way, they don't pick people up for one email message. They have to have enough evidence to convict in order to arrest someone for terrorism or supporting terrorism. This is why terrorism cases take so long and rarely finish prosecution; the mountain of evidence required by federal courts is incredible.
So, your test will generate a negative, and you have no control to determine whether or not it's a false negative. Unless they have physical evidence, they're not going to arrest you, and you're not going to know what level of surveilance they're putting on you.
Courts are irresponsible (Score:3, Insightful)
Yet the courts took 20 years to figure this out. People seem to accept it -- that's just 'the way it works' -- but it's a travesty, and an injustice to 20 years of defendants. The Judiciary is responsible for delivering justice, yet all they deliver is process. If their process doesn't work -- for 20 years -- to hell with justice for all the people that are screwed in the meantime; we'll get it right eventually. They're like the most incompetent, hide-bound business, delivering nothing profitable, committed not to outcomes but to long-established procedures.
If I took 20 years to adjust to some change in IT and deliver on my responsibilities, I'd have been fired 19 years 6 months ago. There is no accountability for the Judiciary -- I suppose that's intended, to preserve its independence -- but what frustrates me most is that the Judiciary takes no responsibility on its own, and that people are blind to it and just accept it, like Windoze users who just accept whatever was given them.
Re:too bad (Score:3, Insightful)
It is clear text."
Except for the fact that you cannot read someone's email as a routine matter of simly handling it, as in a mail carrier. It takes extraordinary effort to access/read someone's email, akin to steaming open an envelope. Ergo, your assertion is wrong.
Not too bad! (Score:2, Insightful)
This is often the case - think of all the free speech cases involving Nazis and white supremicists in this country. It has a good side - it reassures us in the rule of law. If these rights apply to an alleged spammer, then we can be assured that they apply to everyone.
So hold up a beer for this guy, who has accidently helped further all of our rights. And let's hope the police get a proper search warrant and put him away for a good, long time.
Re:too bad (Score:5, Insightful)
The difference is that the casual observer can hear two people holding a conversation in a public place. You cannot casually observe email without explicitly trying. That is the big difference, it takes effort to look at email and that is why there is an expectation of privacy.
I've dealt with a few organizations where they've sent credit card info in an email. They are business cards with fraud protection so most people don't worry about it. Of course you must trust the recipient. Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path. In either circumstance an alternate crime has already been committed and will be dealt with. I'm not sure there has ever been a case of credit card fraud because someone sent and email with credit info and the message was intercepted. It's always the recipient of the information mishandling the data in some way.
Personally I don't care either, what I write in email I freely share with others because I use my corporate account. I'm the only one in the company authorized to go through email so I really don't have to worry, beyond that it just doesn't matter. If you speak ill of someone speak ill of them to their face. I've never been afraid of my emails being public but given that the execs often plan secretive meetings and the future of the company through email I can understand the expectation of privacy. Just because I can go through everyone's email doesn't mean that I do. I require a specific reason and only then will I move forward. I do this even when an exec asks me to pry into email accounts. If they don't have a reason then I don't do it. The company lawyer supports me in it all so I'm pretty safe.
I would agree that sending CC info in email isn't necessary the brightest thing to do but no more so than giving it over the phone to someone which also enjoys an expectation of privacy.
Re:Courts are irresponsible (Score:3, Insightful)
You could call it a problem with the system that technically it is the Judiciary that decides what the law actually means, but they are only able to make that decision after a conflict has arisen and been brought before the court, and in the meantime you're basically guessing. Yet based on the precedents of postal service and telephone it should be fairly obvious that the 4th Ammendment applies to email. Also based on the fact that law enforcement generally gets warrants to recover email, I'd say they generally assume the 4th applies as well.
So when someone decides the opposite, and the issue comes before the court, the court rules on it and now we have a clear precedent of what before was merely assumed: Email is protected under the 4th Ammendment.
Re:Enzyte Why? (Score:2, Insightful)
It is, of course, even easier to read e-mail than normal mail. What's important is that the proper regulations be applied to government. Although it's also possible for other people to read your mail, if they act on what's contained (e.g. identity theft) it's already criminal. The government is not so good at policing itself however, hence this ruling.
Re:too bad (Score:5, Insightful)
One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium. I predict in the future a huge legal case where this exactly is the crux -- the question, what is the expectation of privacy in an unencrypted email? I further predict that the result will be similar to a postcard, not a letter.
To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.
Re:too bad (Score:5, Insightful)
Encryption is like shipping your letter in a box with a combination lock on it. That may be a really good idea if the contents of the letter are extremely important, but 100% absolutely NOT required for you to have an expectation of privacy vis a vis the 4th Ammendment.
People keep confusing "expectation of privacy" with "practical feasibility of someone violating their privacy if they want to". They are not the same thing. As a techie you might think it has something to do with how difficult it is to read email, but that's really irrelevent, which is obvious if you look at every other method of communication.
I have an expectation of privacy when conversing in my home, even though just putting your ear to my window would allow you to hear.
I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.
I have an expectation of privacy when sending a letter, even though a light shone through the envelope can reveal its secrets.
Now, if you are worried about people who don't care about your expectations of privacy or the law, and your data is important, then yes you should be aware of the practical reality and take extra precautions, eg encryption, or a sound-proof booth in your home, or whatever. That is not the same as an expectation of privacy.
Expectation of privacy means you expect you will be granted privacy, not that you expect that nobody can breach your privacy.
No legal expectation of privacy (Score:3, Insightful)
Re:too bad (Score:4, Insightful)
Actually - I have a very high expectation of privacy for that postcard. Why shouldn't I? It's not on public display and at no point in its transit from sender to recipient is it ever in a state where a casual member of the public can gain acess to it to read it.
In fact, it takes abnormal conditions (mailbox fails in some manner and the postcard ends up on the ground) or deliberate malfeasance (somone reaches into the mailbox or delivery vehicle) for it to become exposed to a third party. Furthermore, a letter in an envelope has exactly the same privacy failure modes with the trivial requirement of opening the envelople required.
Precisely - regular email cannot be acessed by a third party absent accident or malfeasance.
This is precisely why your analogy fails - it's easy to sniff around if the person has privileged acess _or_ deliberately utilizes tools to perform the sniffing. Just like a physical letter (or postcard) it takes either a systematic failure or deliberate action to view the contents of an email, it is virtually impossible to do so casually.