Federal Judge Says E-mail Not Protected By 4th Amendment 451
DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."
Stop using FedEx (Score:5, Interesting)
Wow, best to stop using FedEx and other *private* companies to send mail then.
Not the same, in several aspects (Score:5, Insightful)
It's not about transportation, it's about destination.
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.
There are options, potentially, for the more privacy minded:
* POP email with "delete from server" active will limit how much of your mail your ISP has access to.
* Run your own mailserver.
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.
That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...
Re: (Score:3, Informative)
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.
We have this already, it's called PGP. ECHELON already reads the To:, From: and Subject: lines of all email sent over any significant hops, so you don't really need to secure those.
PGP (Score:4, Insightful)
Oh certainly, if everyone you get email from uses PGP, you're already good.
I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.
Re:PGP (Score:4, Interesting)
I thought Hushmail did something like that. Like they store your email encrypted and your password decrypts it when you need access, so they can't read your mail even if they get a subpoena. I think it even sends it to your browser in its original encrypted form and the client decrypts the data.
Re:PGP (Score:4, Informative)
What are they going to do, ignore a court order? The point is that they can give the court all of the customer's data but since it's all encrypted there's no harm.
I do remember something (probably on slashdot) about an easy web interface that let you send your password to the server for your data to be unencrypted over there for the session. They warned everyone "Don't use this because if we get a court order to keep logs on you, we'll log your password and hand it over to them."
Re:PGP (Score:4, Informative)
This was because Hushmail was forced to either allow the Interpol (which has clout in Ireland and other places Hushmail has their servers) to read what the server decrypted via the Javascript client, or likely face shutdown for not cooperating.
There is absolutely nothing Hushmail's developers could have done once the judge in their area handed the search warrent papers. I still highly recommend using the service, not just for E-mail, but a decent place to store some documents offsite.
Re:Not the same, in several aspects (Score:4, Informative)
Yes and the spy sats can see through your roof and read what you are typing on your comp00ter right now!
Seriously, get a grip, they aren't watching you. REALLY, they aren't. If Echelon were reading those, don't you think it would be exactly the thing to obsfucate if you've got something to hide? And thats done with SSL, not PGP.
If you're going to suggest something for encryption, PGP is entirely not it on any number of levels. There are several reasons why only geeks use it, first being its obnoxious to keep your key data up to date, even with the key servers. This is a prime example of why the 'OMG DECENTRALIZEDQ%!@%!@%' crap people go for is retarded. You decentralize it, then add back centralized servers so you can make it usable again, but not usable enough that everyone is on the same page.
S/MIME is far more useful in the general sense of email since there are 3rd party 'trusted' stores for validating certificates AND revoke them.
PGP users are too into the idea of a decentralized web of trust which is fine for geeks who have 4 friends and thats the end of it, for those of us who communicate with others outside of our basement it falls apart. It was a great first implementation of encryption for the masses, but we're past that now, will you geeks please get over it. Its not going to take over the world, the general public isn't going to bother, hell I'm a geek who writes encryption software and I don't deal with PGP.
Re:Not the same, in several aspects (Score:4, Informative)
S/MIME is easiest to use within, or between, large organizations. Large companies can afford to give all their employees s/mime keys. S/MIME scales within an organization in a way that PGP does not. While individuals can get s/mime keys for free from a few places (NOT Thawte any longer), they're a pain to administer.
There's a reason everyone and their dog uses pgp keys, and not s/mime keys. e.g.
http://w2.eff.org/Misc/EFF/?f=pgpkey.eff.txt
http://www.kernel.org/signature.html
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc
The trusted 3rd party broker and revoker offered by S/MIME is meaningless for most email communications, because Verisign and other CAs cannot cost-effectively vet individual email senders. PGP acknowledges this difficulty and offers an infrastructure for people to be as paranoid or as trusting as they want to be of others' keys.
Re:Not the same, in several aspects (Score:5, Insightful)
It's not about transportation, it's about destination.
Every PO-box is then unprotected under 4th amendment too?
Re:Not the same, in several aspects (Score:5, Interesting)
I was thinking the same thing about safety deposit boxes.
Re:Not the same, in several aspects (Score:4, Interesting)
I run my own mail server. Would this precedent then not apply to me? I have a reasonable expectation that I alone have access to my mail server.
This is a bad precedent regardless. When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery. When you make a cell phone call, you are giving data packets representing your voice to a 3rd party for delivery. Extrapolating the argument further, would then the only way to have a reasonable expectation of privacy in your communication is when you are speaking face to face with the intended recipient?
The intentions of the 4th amendment need to be upheld in a rapidly changing world. Most people have only a minuscule understanding of the technology they use and most people DO expect their emails to be private communication. Precedent like this might move people to explore encryption, which I think law enforcement can overwhelmingly agree will make their job much more difficult.
Re: (Score:3, Interesting)
When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery.
I'm curious how US courts regard postcards. It seems to me that unencrypted email is more similar to a postcard than a package. I don't expect privacy for emails, not because I know how the law in my country treats that issue, but because I send them over a public network in plain text. Even if the law says it's private it still isn't.
A post under TFA: quotes "The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their pa
Re:Not the same, in several aspects (Score:5, Interesting)
I rent an apartment, am I fucked as well?
Occasionally I am just absolutely struck fuck-dumb by the sheer level of pants on head retardedness displayed in decisions like this. Then I realise the 1st and 2nd amendments come into play.
Re:Not the same, in several aspects (Score:5, Interesting)
So does the phone company regarding your phone calls. That doesn't mean that there isn't a reasonable expectation of privacy.
Re:Not the same, in several aspects (Score:5, Informative)
Indeed, if you'd like a citation that agrees with you, http://cyberlaw.stanford.edu/packets001954.shtml [stanford.edu] is a good place to start.
Re: (Score:3, Interesting)
Somehow you're reminding me: what makes me want to ROFL convulsively is watching the morons yelling into their Bluetooths in places like an airport or a downtown sidewalk, while clearly expecting privacy. Don't believe it? Try holding a running tape recorder near their face and see how they respond. Be ready to run (or fight).
I haven't assumed privacy on a telephone since 1954, and never, ever on a cell phone. For me this means that things I want to keep secret aren't mentioned on the phone. If I ha
Re:Not the same, in several aspects (Score:4, Interesting)
The email leaves my home network is sent to my personal mail server. This transfer uses TLS.
My mail server sends it to GMAIL. This transfer uses TLS.
Gmail stores it. Google promises to only disclose my information with my permission or with other controls on dissemination. See Google's privacy policy [google.com] and the Gmail privacy policy [google.com]
I have ensured my family members use https/pops to download from gmail.
How do I not have an expectation of privacy in that transaction?
Re:Not the same, in several aspects (Score:5, Insightful)
Re:Not the same, in several aspects (Score:4, Insightful)
I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.
That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.
Re:Not the same, in several aspects (Score:5, Interesting)
And, following that logic, my banking details are not private because bank employees can read them, my medical details are not private because insurance company employees can read them, my phone calls are not private because telephone company employees can listen to them, etc..
Re:Not the same, in several aspects (Score:4, Informative)
No, there are explicit laws protecting that information through targeted legislation. That's actually part of the argument on why the CAN access your e-mail this way (if it's on a cental 3rd party system).
But, in contrast, they CAN subpeona your medical records, phone records, and more.... They do that every day!!!! This only extends that to e-mail. The difference is, you have no expectation of guaranteed privacy of e-mail as you do with medical records as those are protected by such targeted legislation and regulation, so they can subpeona access to it, and they don't have to provide you protection notice under the 4th amendment (though it does have to pass a judge's scritiny for them to get that subpeona). In other words, It;s not that they could not already get your e-mail through a court order, this just gives them the abiltiy to do so without first having to issue your lawyer notice (you can still fight to have the contents kept from a court case, it;s not public record, you still have rights).
Re: (Score:2, Insightful)
Re:Not the same, in several aspects (Score:5, Interesting)
Tacit approval? I cannot agree. Most people consider their email to be the same as their real mail. There is no reasonable cause to consider the technical details of the email process as the common user has no knowledge of such details and typically believes his email is secure whether or not that is actually the case.
This judge is simply wrong to assert that the technical details disqualifies email from having 4th amendment protection.
FedEx has the same access to the contents of the mail as an email host provider has to read a user's email. One has but to access it. We "trust" FedEx not to tamper with or damage our mail. We "trust" email service providers not to tamper with or damage our email. I see no cause for technical details to play as a factor primarily because the constitution makes no qualifications for protection and it is not for legislators, judges or presidents to add qualifications that aren't stated. I believe it is unconstitutional to attempt to do so.
Re: (Score:3, Insightful)
The only expectation to privacy I have handing a package over to the postman is that if i can PROVE he opened it, i can sue.
The EXACT SAME is true of e-mail. They CAN NOT access it, even on a public server, without a warent or subpeona, both of which require an active litication in front of a judge to execte.
it does not:
1) prevent information from being opened and read by unauthorized parties
2) does not protect me from accidental opening (ever have a package damaged in shipping, or a backup that had to be
Re: (Score:3, Informative)
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail,
Seeing as I accidentally replied to the wrong post...
Yes, there is. When you get a shipping account from FedEx, you explicitly allow them to open and inspect any package at any time for any reason.
Re: (Score:3, Insightful)
This isn't new, and there isn't anything to stop your ISP from siphoning your emails in transit. Many companies are required to keep all email communications stored for an amount of time and have systems in place that capture and store for later discovery. Even deleting the message doesn't mean that it's really gone. The cold hard fact is that while your data is in transit on a system not owned by you, you don't own it. It's like your trash on the curb, the sanitation workers can (and probably do) go th
Re: (Score:3, Interesting)
I guess the 4th Amendment doesn't apply unless there is an unbroken chain of ownership between private parties.
Re: (Score:2)
Those types of deliveries are protected by law. 5 years in prison I believe. There are no laws that apply to e-mail. Easy solution is to encrypt all your e-mails you expect to be private.
Re:Stop using FedEx (Score:5, Insightful)
Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.
Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.
Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.
Re: (Score:3, Informative)
it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved.
Not necessarily. In "One Party" states, only 1 party(the recorder) in the conversation must have knowledge of the call being recorded. I've recorded a convo w/ a "2 Party" state business(o-line retailer) who's number was toll free and I was "unaware of their location at that time". Man she was super-pissed when I called out her lies. She threatened to press charges and created quite a stink! Management refunded my monies and then some. I doubt she works for there anymore.
States Requiring One Party Notificat
I think the judge is (Score:3, Interesting)
Ok, I didn't RFA. I'm too upset already...
The judge is trying to change the guidelines: http://www.usdoj.gov/ [usdoj.gov]—s&smanual2002.htm
I forget the court case, but I distinctly remember a case where the result was the "reasonable expectation of privacy" was enough to consider your papers to be private. I am not sure it was supreme court or not that did this. Many older cases without computers do apply to computers; yet for some reason we need to rehash resolved issues because of widespread computer ignor
Other cases (Score:2, Interesting)
Just out of curiosity, what are the privacy rights on say,a storage facility.Can the cops just walk on in and open things up, or do they need a warrant?
Re: (Score:3, Funny)
Its also a good place to organize raves and that type of thing, and is generally free from these AOL newbs that seem to be cropping up more and more on the World Wide Web. But anyways, on other topics I hear 1997 is going to be the year of the linux desktop.
Re:Stop using FedEx (Score:4, Interesting)
Yes, and if the police show up and say "we wanna open this package" FedEx will say "I've gotta see a warrant or I'll be liable for you violating someone's 4th amendment rights". Or, at least, that's what will happen if the person the police are talking to actually speaks english...
Re: (Score:3, Insightful)
Wow, I completely replied to the wrong post. Wanted to reply to http://yro.slashdot.org/comments.pl?sid=1424201&cid=29918707 [slashdot.org]
Re: (Score:3, Interesting)
Yes.... but if the police want to search your package they still need a warrant.. no matter whether your package is currently in the hands of FedEx or not.
Re: (Score:3, Interesting)
ok (Score:3, Insightful)
Re:ok (Score:4, Insightful)
Re: (Score:3, Insightful)
no, the proper analogy would be to telephone, where the information travel on infrastructure owned by a third party. They also have the technological mean to listen to your conversations, but elect not to. Your isp could (technologically) read your e-mails, but he elects not to.
There is also no technological means to keep a postal employee from opening an envelope and examining its contents, as it is a trivially simple task. The restriction is a legal one, not a technological one, but despite that, senders of mail in sealed envelopes have a reasonable expectation of privacy.
Unencrypted e-mail is like postcards (Score:2)
Do you have an expectation of privacy when you send a postcard?
Re:Unencrypted e-mail is like postcards (Score:5, Insightful)
Re:ok (Score:5, Insightful)
More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.
This will definitely get overturned on appeal unless the lawyers involved are inept.
Re:ok (Score:5, Informative)
Funny, in the UK we had police smash into almost 7,000 safe-deposit boxes.
More than 500 officers smashed their way into thousands of safety-deposit boxes to retrieve guns, drugs and millions of pounds of criminal assets. At least, that's what was supposed to happen."
It was a warrant-expansion, from one of those "seizure of criminals assests" laws, that were started first in the States. Gone ALL wrong, 'tho'.
"Many of the clientele were families who had fled turmoil, pogroms, coups and wars and long had a cultural preference for locking away money and jewels, building up a vehement distrust for the integrity of traditional banks. Here, stepping down the spiral staircase at the back to the darkened boxes below, they felt reassured that their most important possessions were safe."
Read more: http://www.dailymail.co.uk/home/moslive/article-1222777/The-raid-rocked-Met-Why-gun-drugs-op-6-717-safety-deposit-boxes-cost-taxpayer-fortune.html [dailymail.co.uk]
Re: (Score:3, Informative)
Emphasis on the "positive". :-) Medieval? There's a certain pride that the rights and privileges we are losing were established back in the Middle Ages. Hellooo... Magna Carta!
There are tools that can help (Score:4, Insightful)
It's a real shame that email encryption never really hit the mainstream.
Re: (Score:3, Insightful)
This is precisely the sort of action that could lead to encryption taking hold.
Re: (Score:2)
The only thing that will make e-mail encryption take hold is an advance in the technology or at least the clients.
When using e-mail encryption is as simple as checking a box (or better yet, enabled by default) and the key generation, registration, retrieval, etc are completely automatic it might catch on.
So far I've yet to see a client that does this in a successful and consistent way.
Re: (Score:3, Funny)
Re:There are tools that can help (Score:4, Insightful)
The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.
Of course another option would be to get common carrier status for the internet, at least within the US.
Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.
Re: (Score:2)
ISPs are increasingly supporting smtp-tls. That means that the transfers are encrypted between mailservers. To send an email to another party requires that the email goes through a limited number of mailservers, but the ISPs whose role is providing connectivity between those mailservers can't read the emails.
Re: (Score:2)
Key management is a hassle for most folks. I still think people can be trained, though. Just need simple enough metaphors.
Meanwhile, here's an easy Thunderbird plug-in: http://en.wikipedia.org/wiki/Enigmail [wikipedia.org]
Re: (Score:2)
No it's great: that's why it's still legal.
Identity base encryption (Score:2)
I wonder if you can use the DMCA to your advantage (Score:5, Interesting)
As a bit of an aside, does it matter if you try to make the data private via encryption?
There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?
Re:I wonder if you can use the DMCA to your advant (Score:5, Insightful)
Re: (Score:3, Interesting)
Re: (Score:2)
What if you host your own email server?
Re: (Score:3, Funny)
"Copyright 2009, All Rights Reserved - NOTICE: This email has been digitally encrypted with the Double ROT13 encryption algorithm. Any unauthorized access is a violation of the DMCA and will be prosecuted to the fullest extent of the law"
As Half Life 2 taught us... (Score:3, Interesting)
That is why I've been using crypto (Score:2)
Difficult to do (Score:2)
Re: (Score:2)
People are only so willing to not have webmail, and they are not always available in person.
Their loss.
How do the statutes apply to rented property? (Score:2)
If you're staying in a hotel room, are you entitled to privacy there? Can that room be searched without a warrant, because it's not your home? Curious.
Re: (Score:2)
*splutter*... US Mail? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
crazy terrorist paranoid pedophile hacker
You left a few things out. I'm sure there's more to add, too.
By this logic... (Score:5, Insightful)
...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.
Re:By this logic... (Score:5, Informative)
Actually, they are private because there is a law saying they are private.
Re: (Score:2, Insightful)
Does this mean... (Score:4, Insightful)
when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?
judges: stay the HELL out of tech and .. (Score:2, Insightful)
and I'll stay out of law.
deal?
I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.
hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?
I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
Judges are just people doing their jobs to the best of their ability with the information given to them.
sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.
don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.
given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it
Re: (Score:3, Insightful)
He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.
Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.
Re: (Score:3, Insightful)
There is no way to escape having your email stored by a 3rd party. I run my own mail server and even I cannot guarantee there are no 3rd parties who will have storage of my email.
The reasoning is simple. Companies often use 3rd parties to store or filter their email. For example: I send an email to a friend. His company's mail server routes all mail to Messagelabs and they filter out the spam and route it back. Messagelabs, being a 3rd party has access to my email and reads the contents of it to make a deci
This is not the same everywhere. (Score:5, Informative)
Recently in the second Circuit, it has been ruled that gmail users do have an expectation of privacy in their e-mail account. http://online.wsj.com/public/resources/documents/Bear1.pdf [wsj.com]. Here the Court ruled that the warrant was too broad since it didn't restrict the inspection of e-mails that were unrelated to the investigation.
In light of both rulings, it may not prevent the government inspection, but could be grounds to suppress. Furthermore, the Stored communications act prohibits a warrant for this type of information unless, "offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."
4th (Score:2)
Papers and effects? The founding fathers were smart enough to protect email. This ruling is a disgrace.
ECPA (Score:5, Informative)
I see that the electronic communication privacy act of 1986 is being ignored once again.
http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
Exsqueeze me? (Score:2)
How is this any different then making a phone call? My voice still has to go through the Phone Companies equipment. They still need a warrant to tap my phones (well, maybe not thanks to the Patriot Act).
If this ruling stands, it's going to open up a whole new can of worms. Email should be considered PRIVATE if there is only one recipient, just the same as if I make a call to a single individual.
Consequences (Score:3, Insightful)
By that logic, that judge's emails should be open to being searched.
3rd-party doctrine (Score:5, Insightful)
When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP
Yes, just like:
- Mail
- Safe deposit boxes
- Bank accounts
- Voice mails
- Telephone conversations
- Storage units
As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!
Re:3rd-party doctrine (Score:4, Interesting)
You would be wrong.
Most those things have separate laws to cover them. Well some of them due, I do not think there are any such protections for safe deposit boxes other than the providers of said boxes have a reputation to maintain if they want people to use them. There aren't to my knowledge any such protections for storage units, although it may be covered as if it were your home by a different law.
Phones and mail have laws specific too them to protect them, nothing to do with the 4th admendment other than spirit and intention.
We're just going to have to get off our lazy asses and demand the same coverage for internet related communication.
The main difference with phones is historically, there has not been a recording of the call stored outside the persons home. The phone company doesn't record every conversation for you to listen too later. If they did, you'd be in a different arena. Its much easier for law enforcement to get records of your calls than it is to wire tap your calls, the records are already stored so you can be billed, and you and I demanded the phone company do so, as we expect detailed billing.
With email, ISPs DO record it for later, as part of the service, thats the way it works. Your email ISN'T private and its rather retarded that you think something stored on someone elses hard drive is private to you, regardless of the law.
Reasonable ruling if analogy holds (Score:2)
I think this ruling is just fine as long as they extend analogy with the physical world further. I.e. if e-mail and information stored on the 3rd party servers are not "private", then e-mails and information stored locally on servers in my home should be protected by the 4th amendment.
As long as that's the way they read the law (applying "home" boundaries literally rather than as a way to define a set of "things that belong to a person") - fine with me. It's not upholding the spirit of the amendment but rat
Netzero? (Score:2, Funny)
Get with the times, man...Juno is the ISP of the future!!!
The death of the provider server? (Score:2)
Considering that many people already are not using their ISP's e-mail server, is this likely to become the death knell of publicly provided e-mail services?
I can see this being a significant issue for gmail, msn, yahoo and AOL (almost had SOL there, interesting) and their customer relations. For me it's a 5 min process to move my own services back onto my own computers. And as part of that I can advise friends and people I am going to exchange personal e-mail with to use an encrypted platform.
I don't know t
Summary is not quite right. (Score:4, Insightful)
The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.
Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.
I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".
Well (Score:2)
Time to encrypt, bitches. I'll show you a "private space".
Bush Appointee (Score:2, Informative)
Not to get all ad hominem or anything, but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.
Zo
TFA talks about notification not access (Score:4, Interesting)
The article doesn't seem to make the distinction between mail at rest (on a mail server) and mail in transit (passing on the wire) so I don't know if running your own mail server makes any difference here or not. It would at least reduce the exposure time for "snapshots" to be taken and disclosed. If your mail was on your own server you would at least have to be approached by a court with a subpoena or similar that demands access, which you would probably notice.
Encryption is of course, the answer.
This is nothing new (Score:4, Informative)
We've seen this sort of "logic" before, and often. The general principle is "When a computer becomes involved, all precedent is forgotten, and centuries of hard-learned lessons must be learned all over again." I've forgotten who first pointed this out, but it's a useful thing to remember.
It took many centuries, and many deaths, for the freedoms that most of the "first-world" countries have were encoded in their laws. But over and over, we've found that the courts don't apply those laws to anything that involves a computer. It takes a good list of horror stories about the actions of ISPs and other people in positions of power, plus new laws, to get the older Real World laws applied to anything involving a computer. This is just one example of many.
It's sorta funny that computers, which are the ultimate in relentless, unforgiving, mechanical logic, have an effect on humans that can be characterized as destroying our ability to use logic as simple as saying that everything we knew before still applies when there's a computer in the vicinity.
In most of the First World, it's illegal for a postal or other delivery employee to open a package and make notes on the content. There are good historic reasons for this. It's interesting to read the history of the concept of "common carrier", and understand why it came to be. People did literally die before these rules went into effect, as the result of people opening and reading the contents of messages in transit, and selling the information to interested parties. This history isn't a secret. But when its a computer transferring messages, the carriers are permitted to inspect the contents and sell the information to interested parties. This will eventually lead to laws applying the common-carrier rules to computerized communications. But this will only happen after the same sort of disasters that led to the common-carrier rules for written, printed and analog telephone communications.
The only scheme that's stable over the long term is that "carriers" of messages should not be allowed to use the contents of the messages for any purpose. In exchange for this, the people in power agree to not punish the carriers for the contents of any delivered messages. Anything else will eventually be a disaster for the people in power, when they learn too late that the carriers have made "commercial" use of the contents of messages to/from powerful people.
This isn't a hypothetical scenario; it is exactly what led to the common-carrier laws in the past. Things like this court decision just shorten the time until such disasters occur. And it's all due to our mysterious inability to remember and apply historic precedent when there's a computer involved.
The blog's author has updated his analysis... (Score:4, Informative)
The original author of the blog in the story has revised his analysis thus:
"In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers. I missed this because the reasoning closely resembles the argument for saying that the Fourth Amendment doesn’t apply at all, and I didn’t read the earlier section closely enough. That’s obviously a much narrower position, and I apologize for misunderstanding it the first time in the quick skim I gave it. Sorry about that: The fault is entirely mine."
http://volokh.com/2009/10/29/opinion-on-fourth-amendment-and-e-mail/ [volokh.com]
Re: (Score:3, Informative)
While you have the car in your possession, no. But, once you turn it in, yes.
And, that is a bad analogy.
Re:Geeks may say (Score:5, Insightful)
I run my own mail server, you insensitive clod!
of course, the 'ever so smart judge' does not know this fine nuance.
the fact that packets travel along routers, bridges and gateways means that some of your 'property' is stored/forwarded outside your 'house'. BUT SO WHAT??
US mail travels in a store-forward way. are they allowed to read your mail because its 'not in your house, at the time' ?
finally, why is this moran allowed to concluded that ALL mail sits on 'webservers' ? even if it IS web-based, oftentimes its pop/imapped to your home system and then deleted off the server. or maybe you run old style port25 mail and it truly does go point to point and never 'sits' on an ISP for more than transit-time.
I'm really annoyed by judges who make decisions based on FALSE assumptions and lack of understanding. this judge should be fired or even tried for treason. his crime is THAT great; its a threat to some fundamental privacy that the constitution (once) allowed us.
those who seek to over-rule constitutional laws ARE traitors. look it up.
Re: (Score:2)
the fact that packets travel along routers, bridges and gateways
No, no, no. It's not like a big truck. It's a series of tubes!
Re:Geeks may say (Score:5, Insightful)
Re: (Score:3, Insightful)
Why would he care whether you run your own mail server? His holding is that the police don't have to notify you when they're executing search warrants on your e-mail held by third parties. If your e-mail is held by you, and not a third party, then the warrant has to be shown to you.
Re: (Score:2)
According to TFA, "Judge Mosman concludes that Rule 41 and 18 U.S.C. 2703(a) require the notice to be served on the ISP, not the account holder, as a statutory matter." Thus, if the server is physically in your control I presume police would have to present you with a proper search warrant. The issue becomes less clear when the server is hosted at a third-party ISP facility but administered by the ISP's customer. In that case, must the warrant go to the server admin or can police get away with serving the I