Federal Judge Says E-mail Not Protected By 4th Amendment 451
DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."
ok (Score:3, Insightful)
There are tools that can help (Score:4, Insightful)
It's a real shame that email encryption never really hit the mainstream.
*splutter*... US Mail? (Score:4, Insightful)
By this logic... (Score:5, Insightful)
...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.
Does this mean... (Score:4, Insightful)
when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?
Re:There are tools that can help (Score:3, Insightful)
This is precisely the sort of action that could lead to encryption taking hold.
Re:ok (Score:4, Insightful)
Re:There are tools that can help (Score:4, Insightful)
The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.
Of course another option would be to get common carrier status for the internet, at least within the US.
Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.
judges: stay the HELL out of tech and .. (Score:2, Insightful)
and I'll stay out of law.
deal?
I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.
hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?
I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.
Not the same, in several aspects (Score:5, Insightful)
It's not about transportation, it's about destination.
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.
There are options, potentially, for the more privacy minded:
* POP email with "delete from server" active will limit how much of your mail your ISP has access to.
* Run your own mailserver.
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.
That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...
Re:Not the same, in several aspects (Score:5, Insightful)
It's not about transportation, it's about destination.
Every PO-box is then unprotected under 4th amendment too?
Re:Geeks may say (Score:5, Insightful)
I run my own mail server, you insensitive clod!
of course, the 'ever so smart judge' does not know this fine nuance.
the fact that packets travel along routers, bridges and gateways means that some of your 'property' is stored/forwarded outside your 'house'. BUT SO WHAT??
US mail travels in a store-forward way. are they allowed to read your mail because its 'not in your house, at the time' ?
finally, why is this moran allowed to concluded that ALL mail sits on 'webservers' ? even if it IS web-based, oftentimes its pop/imapped to your home system and then deleted off the server. or maybe you run old style port25 mail and it truly does go point to point and never 'sits' on an ISP for more than transit-time.
I'm really annoyed by judges who make decisions based on FALSE assumptions and lack of understanding. this judge should be fired or even tried for treason. his crime is THAT great; its a threat to some fundamental privacy that the constitution (once) allowed us.
those who seek to over-rule constitutional laws ARE traitors. look it up.
Consequences (Score:3, Insightful)
By that logic, that judge's emails should be open to being searched.
3rd-party doctrine (Score:5, Insightful)
When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP
Yes, just like:
- Mail
- Safe deposit boxes
- Bank accounts
- Voice mails
- Telephone conversations
- Storage units
As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!
Re:ok (Score:5, Insightful)
More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.
This will definitely get overturned on appeal unless the lawyers involved are inept.
PGP (Score:4, Insightful)
Oh certainly, if everyone you get email from uses PGP, you're already good.
I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.
Re:By this logic... (Score:2, Insightful)
Re:I wonder if you can use the DMCA to your advant (Score:5, Insightful)
Re:Unencrypted e-mail is like postcards (Score:5, Insightful)
Re:Not the same, in several aspects (Score:2, Insightful)
Summary is not quite right. (Score:4, Insightful)
The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.
Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.
I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".
Re:judges: stay the HELL out of tech and .. (Score:3, Insightful)
Re:Stop using FedEx (Score:5, Insightful)
Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.
Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.
Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.
Re:judges: stay the HELL out of tech and .. (Score:2, Insightful)
Judges are just people doing their jobs to the best of their ability with the information given to them.
sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.
don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.
given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it just doesn't show that he has done any research. 'mail is stored on your isp' he says. ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.
when you have this much power over the population, you have a DUTY to be smarter and wiser than joe sixpack.
the amount of damage to our freedom that these clowns have upsets me no-end. our legal system is quite broken and judges need to live UNDER the laws they pass (first) before hoisting it upon the rest of us. lets see how he likes his mail 'searched'. let him live with this for, say, 5 years. then lets see how enthusiastic he is about privacy.
Re:judges: stay the HELL out of tech and .. (Score:3, Insightful)
He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.
Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.
Re:Not the same, in several aspects (Score:5, Insightful)
Re:By this logic... (Score:2, Insightful)
Re:Geeks may say (Score:5, Insightful)
Re:Geeks may say (Score:2, Insightful)
Mod parent up.
I am in shock that we would even debate this. The judge is wrong, end of story. If you can't take the time to get familiar enough to make an adequate ruling, then you shouldn't be ruling on it. Why can't we challenge the courts ability to make an informed decision and for them to either learn the subject matter or get counsel who does know it?
Re:Geeks may say (Score:3, Insightful)
Why would he care whether you run your own mail server? His holding is that the police don't have to notify you when they're executing search warrants on your e-mail held by third parties. If your e-mail is held by you, and not a third party, then the warrant has to be shown to you.
Re:judges: stay the HELL out of tech and .. (Score:3, Insightful)
There is no way to escape having your email stored by a 3rd party. I run my own mail server and even I cannot guarantee there are no 3rd parties who will have storage of my email.
The reasoning is simple. Companies often use 3rd parties to store or filter their email. For example: I send an email to a friend. His company's mail server routes all mail to Messagelabs and they filter out the spam and route it back. Messagelabs, being a 3rd party has access to my email and reads the contents of it to make a decision. Therefore, I have no expectation of privacy because my friends company has hired a 3rd party to filter spam?
Rulings like this would make our founding fathers roll in their graves. Is the only way to have an expectation of privacy for myself and all my correspondence recipients to use our own mail servers that physically lie in our homes? If this doesn't get reversed on appeal, I'm contacting my senator. Legislators can fix this, if we can get them off their asses.
Re:Stop using FedEx (Score:3, Insightful)
Wow, I completely replied to the wrong post. Wanted to reply to http://yro.slashdot.org/comments.pl?sid=1424201&cid=29918707 [slashdot.org]
Re:Stop using FedEx (Score:2, Insightful)
Yes, and if the police show up and say "we wanna open this package" FedEx will say "I've gotta see a warrant or I'll be liable for you violating someone's 4th amendment rights"
That's not true at all. It is well known that FedEx and UPS can and will search packages on a whim. There are no laws protecting anyone there because these are commercial companies and they have full legal access to your stuff. In fact, that's how many packages of contraband are seized. Most often it's through one of the commercial carriers because it's easy for law enforcement to do their searches due to the fact they can search anything they want without a warrant. Of course the shipping companies cooperate because they don't want the government coming down on them too.
The US mail is the one protected by laws and can't be searched unless there is probable cause.
Re:Not the same, in several aspects (Score:4, Insightful)
I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.
That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.
By this logic (Score:2, Insightful)
By this logic it would seem two things happen that law enforcement might not like. First since it is not in your possession how can you be compelled to provide a key for decryption of something that is not 'yours' Further providing that key might even be a violation of law since you are cracking an encrypted piece of software.
Though the original logic actually makes sense from a law enforcement perspective what of general access. If you have no expectation of privacy could an ISP open every piece of email and sell the contents?
Re:Not the same, in several aspects (Score:3, Insightful)
This isn't new, and there isn't anything to stop your ISP from siphoning your emails in transit. Many companies are required to keep all email communications stored for an amount of time and have systems in place that capture and store for later discovery. Even deleting the message doesn't mean that it's really gone. The cold hard fact is that while your data is in transit on a system not owned by you, you don't own it. It's like your trash on the curb, the sanitation workers can (and probably do) go through it if it looks interesting enough. The best you can do is make it look boring.
I have a t-shirt (that I got from thinkgeek) that reads "I read your email" and it's absolutely true, in more than one respect. As an administrator for an ISP, the mail server, all accounts and subsequently all data stored in those accounts is in within my sphere of influence. I can legally read any message present on the server. Included in those numbers are mail accounts for several city and county governments as well as many businesses that host their domains on our server. As a forensic examiner, I also am given access to much information and many email messages, so I do indeed read your email.
At this point in the explanation of my t-shirt, is where I explain my personal ethics.
It is because I have no faith in the ethical boundaries of others that I have a private server for my personal email.
One note about one of the potential options listed above. Storing mail in an encrypted folder would be a great idea if the mail server didn't have to read and write to the mailbox. If the server doesn't have the key, then the incoming messages cannot be encrypted. You could always use PGP though.
Re:ok (Score:3, Insightful)
no, the proper analogy would be to telephone, where the information travel on infrastructure owned by a third party. They also have the technological mean to listen to your conversations, but elect not to. Your isp could (technologically) read your e-mails, but he elects not to.
There is also no technological means to keep a postal employee from opening an envelope and examining its contents, as it is a trivially simple task. The restriction is a legal one, not a technological one, but despite that, senders of mail in sealed envelopes have a reasonable expectation of privacy.
Re:Not the same, in several aspects (Score:3, Insightful)
The only expectation to privacy I have handing a package over to the postman is that if i can PROVE he opened it, i can sue.
The EXACT SAME is true of e-mail. They CAN NOT access it, even on a public server, without a warent or subpeona, both of which require an active litication in front of a judge to execte.
it does not:
1) prevent information from being opened and read by unauthorized parties
2) does not protect me from accidental opening (ever have a package damaged in shipping, or a backup that had to be restored, no different, someone's eyes other than you and the recipient can equally come upon it).
3) tampering can still happen, in either case of physical or electronic it;s near impossible to prove, even harder for electronic in most cases
4) mis-delivery
5) mail sent you YOU from someone else under active investigation would bring your inbox under scrutiny as well.
I could come up with a DOZEN reasons.
Anything not in my hands, and not bound by lock/key/(encryption) is NOT guaranteed private.
it is not wether or not you personally believe e-mail to be secure and private, it is wether a reasonable person presented with scenarios to the contrary would understand it was not truly private. Near everyone has heard of data encryption, secure e-mail, or seen a disclaimer in a message saying "if this was misdelivered please be nice and discared and not redistribute the contents." Certainly you've gotten e-mail meant for someone else, or sent a message to the wrong person (or reply all instead of reply). This alone indicates a failure of complete privcy, and thus the government knowing that still needs a subpeona, but they can get one without required 4th amendment noitification (you can still defend the findings in civil or criminal court if they did not have probable cause, or to exclude certain findings).