Forgot your password?
typodupeerror
Privacy Communications The Courts United States Your Rights Online

Federal Judge Says E-mail Not Protected By 4th Amendment 451

Posted by timothy
from the persons-papers-and-effects dept.
DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."
This discussion has been archived. No new comments can be posted.

Federal Judge Says E-mail Not Protected By 4th Amendment

Comments Filter:
  • Stop using FedEx (Score:5, Interesting)

    by QuantumG (50515) * <qg@biodome.org> on Thursday October 29, 2009 @07:59PM (#29918549) Homepage Journal

    Wow, best to stop using FedEx and other *private* companies to send mail then.

    • by Yobgod Ababua (68687) on Thursday October 29, 2009 @08:11PM (#29918707)

      It's not about transportation, it's about destination.
      Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

      There are options, potentially, for the more privacy minded:
      * POP email with "delete from server" active will limit how much of your mail your ISP has access to.
      * Run your own mailserver.
      * Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

      That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...

      • Re: (Score:3, Informative)

        by drinkypoo (153816)

        * Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

        We have this already, it's called PGP. ECHELON already reads the To:, From: and Subject: lines of all email sent over any significant hops, so you don't really need to secure those.

        • PGP (Score:4, Insightful)

          by Yobgod Ababua (68687) on Thursday October 29, 2009 @08:27PM (#29918925)

          Oh certainly, if everyone you get email from uses PGP, you're already good.

          I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.

          • Re:PGP (Score:4, Interesting)

            by Brian Gordon (987471) on Thursday October 29, 2009 @08:33PM (#29918987)

            I thought Hushmail did something like that. Like they store your email encrypted and your password decrypts it when you need access, so they can't read your mail even if they get a subpoena. I think it even sends it to your browser in its original encrypted form and the client decrypts the data.

        • by BitZtream (692029) on Thursday October 29, 2009 @09:50PM (#29919637)

          Yes and the spy sats can see through your roof and read what you are typing on your comp00ter right now!

          Seriously, get a grip, they aren't watching you. REALLY, they aren't. If Echelon were reading those, don't you think it would be exactly the thing to obsfucate if you've got something to hide? And thats done with SSL, not PGP.

          If you're going to suggest something for encryption, PGP is entirely not it on any number of levels. There are several reasons why only geeks use it, first being its obnoxious to keep your key data up to date, even with the key servers. This is a prime example of why the 'OMG DECENTRALIZEDQ%!@%!@%' crap people go for is retarded. You decentralize it, then add back centralized servers so you can make it usable again, but not usable enough that everyone is on the same page.

          S/MIME is far more useful in the general sense of email since there are 3rd party 'trusted' stores for validating certificates AND revoke them.

          PGP users are too into the idea of a decentralized web of trust which is fine for geeks who have 4 friends and thats the end of it, for those of us who communicate with others outside of our basement it falls apart. It was a great first implementation of encryption for the masses, but we're past that now, will you geeks please get over it. Its not going to take over the world, the general public isn't going to bother, hell I'm a geek who writes encryption software and I don't deal with PGP.

          • by loxosceles (580563) on Thursday October 29, 2009 @11:33PM (#29920321)
            That's backwards.

            S/MIME is easiest to use within, or between, large organizations. Large companies can afford to give all their employees s/mime keys. S/MIME scales within an organization in a way that PGP does not. While individuals can get s/mime keys for free from a few places (NOT Thawte any longer), they're a pain to administer.

            There's a reason everyone and their dog uses pgp keys, and not s/mime keys. e.g.
            http://w2.eff.org/Misc/EFF/?f=pgpkey.eff.txt
            http://www.kernel.org/signature.html
            http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

            The trusted 3rd party broker and revoker offered by S/MIME is meaningless for most email communications, because Verisign and other CAs cannot cost-effectively vet individual email senders. PGP acknowledges this difficulty and offers an infrastructure for people to be as paranoid or as trusting as they want to be of others' keys.
      • by klingens (147173) on Thursday October 29, 2009 @08:15PM (#29918761)

        It's not about transportation, it's about destination.

        Every PO-box is then unprotected under 4th amendment too?

        • by Volante3192 (953645) on Thursday October 29, 2009 @08:23PM (#29918847)

          I was thinking the same thing about safety deposit boxes.

          • by digitalunity (19107) <digitalunity@yahoo . c om> on Thursday October 29, 2009 @09:25PM (#29919423) Homepage

            I run my own mail server. Would this precedent then not apply to me? I have a reasonable expectation that I alone have access to my mail server.

            This is a bad precedent regardless. When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery. When you make a cell phone call, you are giving data packets representing your voice to a 3rd party for delivery. Extrapolating the argument further, would then the only way to have a reasonable expectation of privacy in your communication is when you are speaking face to face with the intended recipient?

            The intentions of the 4th amendment need to be upheld in a rapidly changing world. Most people have only a minuscule understanding of the technology they use and most people DO expect their emails to be private communication. Precedent like this might move people to explore encryption, which I think law enforcement can overwhelmingly agree will make their job much more difficult.

            • Re: (Score:3, Interesting)

              by rohan972 (880586)

              When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery.

              I'm curious how US courts regard postcards. It seems to me that unencrypted email is more similar to a postcard than a package. I don't expect privacy for emails, not because I know how the law in my country treats that issue, but because I send them over a public network in plain text. Even if the law says it's private it still isn't.

              A post under TFA: quotes "The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their pa

          • by Shadow of Eternity (795165) on Thursday October 29, 2009 @09:35PM (#29919499)

            I rent an apartment, am I fucked as well?

            Occasionally I am just absolutely struck fuck-dumb by the sheer level of pants on head retardedness displayed in decisions like this. Then I realise the 1st and 2nd amendments come into play.

      • by wizardforce (1005805) on Thursday October 29, 2009 @08:24PM (#29918871) Journal

        Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

        So does the phone company regarding your phone calls. That doesn't mean that there isn't a reasonable expectation of privacy.

      • by whoever57 (658626) on Thursday October 29, 2009 @08:28PM (#29918941) Journal
        Let's say I send an email from my home mail server to a family member using gmail.

        The email leaves my home network is sent to my personal mail server. This transfer uses TLS.

        My mail server sends it to GMAIL. This transfer uses TLS.

        Gmail stores it. Google promises to only disclose my information with my permission or with other controls on dissemination. See Google's privacy policy [google.com] and the Gmail privacy policy [google.com]

        I have ensured my family members use https/pops to download from gmail.

        How do I not have an expectation of privacy in that transaction?
        • by whoever57 (658626) on Thursday October 29, 2009 @08:50PM (#29919153) Journal
          Replying to my own post, but I see from RTFA that the judge addressed the privacy policies. However, he seems to have read them differently to me. He says that Gmail uses agree to google disclosing the information in response to a lawful request (ie, a subpoena) and somehow reads from this that users dont have any expectation of privacy. Personally, I would think that expecting disclosure to require a warrant was pretty much an expectation or privacy. Otherwise, we can never have an expectation of privacy. Perhaps he means that because Google employees can read the emails, there is no expectation of privacy, but this is using a black and white test where is it not appropriate. I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.
          • by Attila Dimedici (1036002) on Thursday October 29, 2009 @10:42PM (#29920013)

            I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

            That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.

            • by whoever57 (658626) on Thursday October 29, 2009 @11:12PM (#29920207) Journal

              That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.

              And, following that logic, my banking details are not private because bank employees can read them, my medical details are not private because insurance company employees can read them, my phone calls are not private because telephone company employees can listen to them, etc..

              • by Sandbags (964742) on Friday October 30, 2009 @11:53AM (#29924753) Journal

                No, there are explicit laws protecting that information through targeted legislation. That's actually part of the argument on why the CAN access your e-mail this way (if it's on a cental 3rd party system).

                But, in contrast, they CAN subpeona your medical records, phone records, and more.... They do that every day!!!! This only extends that to e-mail. The difference is, you have no expectation of guaranteed privacy of e-mail as you do with medical records as those are protected by such targeted legislation and regulation, so they can subpeona access to it, and they don't have to provide you protection notice under the 4th amendment (though it does have to pass a judge's scritiny for them to get that subpeona). In other words, It;s not that they could not already get your e-mail through a court order, this just gives them the abiltiy to do so without first having to issue your lawyer notice (you can still fight to have the contents kept from a court case, it;s not public record, you still have rights).

      • Re: (Score:2, Insightful)

        No it is about notification. The judge has ruled that the government should notify the ISP and not the person who uses the email. IMHO, the obvious flaw is that the judge rules that for the 4th Amendment to take effect, it has to be in your home.
      • by erroneus (253617) on Thursday October 29, 2009 @09:51PM (#29919647) Homepage

        Tacit approval? I cannot agree. Most people consider their email to be the same as their real mail. There is no reasonable cause to consider the technical details of the email process as the common user has no knowledge of such details and typically believes his email is secure whether or not that is actually the case.

        This judge is simply wrong to assert that the technical details disqualifies email from having 4th amendment protection.

        FedEx has the same access to the contents of the mail as an email host provider has to read a user's email. One has but to access it. We "trust" FedEx not to tamper with or damage our mail. We "trust" email service providers not to tamper with or damage our email. I see no cause for technical details to play as a factor primarily because the constitution makes no qualifications for protection and it is not for legislators, judges or presidents to add qualifications that aren't stated. I believe it is unconstitutional to attempt to do so.

        • Re: (Score:3, Insightful)

          by Sandbags (964742)

          The only expectation to privacy I have handing a package over to the postman is that if i can PROVE he opened it, i can sue.

          The EXACT SAME is true of e-mail. They CAN NOT access it, even on a public server, without a warent or subpeona, both of which require an active litication in front of a judge to execte.

          it does not:
          1) prevent information from being opened and read by unauthorized parties
          2) does not protect me from accidental opening (ever have a package damaged in shipping, or a backup that had to be

      • Re: (Score:3, Informative)

        by CoderBob (858156)

        Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail,

        Seeing as I accidentally replied to the wrong post...

        Yes, there is. When you get a shipping account from FedEx, you explicitly allow them to open and inspect any package at any time for any reason.

      • Re: (Score:3, Insightful)

        This isn't new, and there isn't anything to stop your ISP from siphoning your emails in transit. Many companies are required to keep all email communications stored for an amount of time and have systems in place that capture and store for later discovery. Even deleting the message doesn't mean that it's really gone. The cold hard fact is that while your data is in transit on a system not owned by you, you don't own it. It's like your trash on the curb, the sanitation workers can (and probably do) go th

    • Re: (Score:3, Interesting)

      by JordanL (886154)
      I was going to say... doesn't the US Postal Service also take temporary possession of your messages?

      I guess the 4th Amendment doesn't apply unless there is an unbroken chain of ownership between private parties.
    • by WarJolt (990309)

      Those types of deliveries are protected by law. 5 years in prison I believe. There are no laws that apply to e-mail. Easy solution is to encrypt all your e-mails you expect to be private.

      • by rtb61 (674572) on Thursday October 29, 2009 @08:38PM (#29919037) Homepage

        Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.

        Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.

        Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.

        • Re: (Score:3, Informative)

          by tunapez (1161697)

          it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved.

          Not necessarily. In "One Party" states, only 1 party(the recorder) in the conversation must have knowledge of the call being recorded. I've recorded a convo w/ a "2 Party" state business(o-line retailer) who's number was toll free and I was "unaware of their location at that time". Man she was super-pissed when I called out her lies. She threatened to press charges and created quite a stink! Management refunded my monies and then some. I doubt she works for there anymore.

          States Requiring One Party Notificat

      • Ok, I didn't RFA. I'm too upset already...

        The judge is trying to change the guidelines: http://www.usdoj.gov/ [usdoj.gov]—s&smanual2002.htm

        I forget the court case, but I distinctly remember a case where the result was the "reasonable expectation of privacy" was enough to consider your papers to be private. I am not sure it was supreme court or not that did this. Many older cases without computers do apply to computers; yet for some reason we need to rehash resolved issues because of widespread computer ignor

    • Other cases (Score:2, Interesting)

      by phorm (591458)

      Just out of curiosity, what are the privacy rights on say,a storage facility.Can the cops just walk on in and open things up, or do they need a warrant?

  • ok (Score:3, Insightful)

    by nomadic (141991) <nomadicworldNO@SPAMgmail.com> on Thursday October 29, 2009 @08:00PM (#29918557) Homepage
    I cannot see how this won't be overturned on appeal. People have a general expectation of privacy in regards to their e-mail, and the fact that it's being physically hosted somewhere doesn't defeat that.
    • Re:ok (Score:4, Insightful)

      by JoshuaZ (1134087) on Thursday October 29, 2009 @08:04PM (#29918619) Homepage
      Agreed, the appropriate analogy would be to physical mail where people have a clear expectation of privacy. Unfortunately, the attitude among judges frequently seems to be that "oh wow. That has do with that complicated internet-thingy. That must function in a completely different way. Never mind that we've had no problem seeing how new technologies fall under the Constitution before. This time it is clearly different. Besides, that web thing scares me."
    • Do you have an expectation of privacy when you send a postcard?

      • by JoshuaZ (1134087) on Thursday October 29, 2009 @08:31PM (#29918959) Homepage
        A postcard isn't a good analogy. If I send a postcard, lots of people might see what is on it by simple chance. For example, the mail carrier might see it when they pick it up. In order for someone to read an email they need to go out of their way to access it in some form. That such access is easy doesn't say much. It is easy for someone to access physical mail often when people use a physical mailbox in the suburbs. Moreover, anyone in the postal service can easily access the internal contents of your mail without getting caught (steaming open a letter is really easy and hard to notice). That doesn't mean that the government has a right to read all my physical mail without a warrant. Just because something is possible doesn't mean that it is considered either normal or acceptable practice.
    • Re:ok (Score:5, Insightful)

      by dgatwood (11270) on Thursday October 29, 2009 @08:26PM (#29918901) Journal

      More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.

      This will definitely get overturned on appeal unless the lawyers involved are inept.

      • Re:ok (Score:5, Informative)

        by Jeremiah Cornelius (137) * on Thursday October 29, 2009 @08:35PM (#29919013) Homepage Journal

        Funny, in the UK we had police smash into almost 7,000 safe-deposit boxes.

        More than 500 officers smashed their way into thousands of safety-deposit boxes to retrieve guns, drugs and millions of pounds of criminal assets. At least, that's what was supposed to happen."

        It was a warrant-expansion, from one of those "seizure of criminals assests" laws, that were started first in the States. Gone ALL wrong, 'tho'.

        "Many of the clientele were families who had fled turmoil, pogroms, coups and wars and long had a cultural preference for locking away money and jewels, building up a vehement distrust for the integrity of traditional banks. Here, stepping down the spiral staircase at the back to the darkened boxes below, they felt reassured that their most important possessions were safe."

        Read more: http://www.dailymail.co.uk/home/moslive/article-1222777/The-raid-rocked-Met-Why-gun-drugs-op-6-717-safety-deposit-boxes-cost-taxpayer-fortune.html [dailymail.co.uk]

  • by Mrs. Grundy (680212) on Thursday October 29, 2009 @08:02PM (#29918589) Homepage

    It's a real shame that email encryption never really hit the mainstream.

    • Re: (Score:3, Insightful)

      by JonTurner (178845)

      This is precisely the sort of action that could lead to encryption taking hold.

      • by shaitand (626655)

        The only thing that will make e-mail encryption take hold is an advance in the technology or at least the clients.

        When using e-mail encryption is as simple as checking a box (or better yet, enabled by default) and the key generation, registration, retrieval, etc are completely automatic it might catch on.

        So far I've yet to see a client that does this in a successful and consistent way.

    • Re: (Score:3, Funny)

      by Haxzaw (1502841)
      The only tool around this story is the judge.
    • by dpilot (134227) on Thursday October 29, 2009 @08:08PM (#29918671) Homepage Journal

      The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.

      Of course another option would be to get common carrier status for the internet, at least within the US.
      Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.

      • by whoever57 (658626)

        The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it.

        ISPs are increasingly supporting smtp-tls. That means that the transfers are encrypted between mailservers. To send an email to another party requires that the email goes through a limited number of mailservers, but the ISPs whose role is providing connectivity between those mailservers can't read the emails.

    • Key management is a hassle for most folks. I still think people can be trained, though. Just need simple enough metaphors.

      Meanwhile, here's an easy Thunderbird plug-in: http://en.wikipedia.org/wiki/Enigmail [wikipedia.org]

    • No it's great: that's why it's still legal.

  • by atlasdropperofworlds (888683) on Thursday October 29, 2009 @08:03PM (#29918593)

    As a bit of an aside, does it matter if you try to make the data private via encryption?

    There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?

  • by Stormwatch (703920) <rodrigogirao@@@hotmail...com> on Thursday October 29, 2009 @08:03PM (#29918595) Homepage
    Mossman is a traitor.
  • and communicating in person with people who don't for quite some time now ;)
    • People are only so willing to not have webmail, and they are not always available in person. Forget trying to explain to people how to carry crypto keys around on a thumb drive; that is about as useful as explaining why only encrypting emails that they think are sensitive enough to require encryption is not a good strategy. Basically, the FBI won the battle -- we were so bogged down with fighting their efforts to thwart email encryption that we missed the mark and the masses never adopted it.
      • by siddesu (698447)

        People are only so willing to not have webmail, and they are not always available in person.

        Their loss.

  • If you're staying in a hotel room, are you entitled to privacy there? Can that room be searched without a warrant, because it's not your home? Curious.

  • by alispguru (72689) <bane&gst,com> on Thursday October 29, 2009 @08:04PM (#29918609) Journal
    The Government does have to get a warrant to open your mail. Don't they?
    • Postal mail privacy is a tradition that predates the current era of American politics. In the new, digital age, you do not have the expectation of privacy, unless you are one of those crazy paranoid hacker types who uses encryption.
      • by lgftsa (617184)

        crazy terrorist paranoid pedophile hacker

        You left a few things out. I'm sure there's more to add, too.

  • By this logic... (Score:5, Insightful)

    by TrebleJunkie (208060) <ezahurakNO@SPAMatlanticbb.net> on Thursday October 29, 2009 @08:04PM (#29918611) Homepage Journal

    ...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.

    • Re:By this logic... (Score:5, Informative)

      by DaveV1.0 (203135) on Thursday October 29, 2009 @08:21PM (#29918827) Journal

      Actually, they are private because there is a law saying they are private.

    • Re: (Score:2, Insightful)

      by jwilty (1048206)
      Although I may agree with the concept, the analogy is only possible due to the HIPAA law. Their privacy is not a guaranteed constitutional right. Medical records are treated separately under the law and therefore cannot be used to justify treating other information in the same way. Could we pass a law that explicitly states that electronic communication is personal regardless of the route? Sure, but we don't have one. One could also make a similar analogy to cell phones and voicemail. I assume (IANAL)
  • Does this mean... (Score:4, Insightful)

    by Anonymous Coward on Thursday October 29, 2009 @08:04PM (#29918613)

    when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?

  • and I'll stay out of law.

    deal?

    I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.

    hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?

    I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.

    • Re: (Score:3, Insightful)

      by srothroc (733160)
      While I can understand where you're coming from, I think it's a bit arrogant to look down on them like that. Judges are just people doing their jobs to the best of their ability with the information given to them. You also see judges ruling in areas as diverse as medical issues, building codes, traffic codes, food safety, and so on, yet I doubt all of those judges are doctors, architects, civil engineers, or chefs. There's a reason judges have expert witness testimonies and amici curiae. If you want to impr
      • Re: (Score:2, Insightful)

        Judges are just people doing their jobs to the best of their ability with the information given to them.

        sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.

        don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.

        given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it

        • Re: (Score:3, Insightful)

          by nomadic (141991)
          ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

          He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.

          Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.
          • Re: (Score:3, Insightful)

            by digitalunity (19107)

            There is no way to escape having your email stored by a 3rd party. I run my own mail server and even I cannot guarantee there are no 3rd parties who will have storage of my email.

            The reasoning is simple. Companies often use 3rd parties to store or filter their email. For example: I send an email to a friend. His company's mail server routes all mail to Messagelabs and they filter out the spam and route it back. Messagelabs, being a 3rd party has access to my email and reads the contents of it to make a deci

  • by www.sorehands.com (142825) on Thursday October 29, 2009 @08:15PM (#29918759) Homepage

    Recently in the second Circuit, it has been ruled that gmail users do have an expectation of privacy in their e-mail account. http://online.wsj.com/public/resources/documents/Bear1.pdf [wsj.com]. Here the Court ruled that the warrant was too broad since it didn't restrict the inspection of e-mails that were unrelated to the investigation.

    In light of both rulings, it may not prevent the government inspection, but could be grounds to suppress. Furthermore, the Stored communications act prohibits a warrant for this type of information unless, "offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

  • by MikeD83 (529104)
    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Papers and effects? The founding fathers were smart enough to protect email. This ruling is a disgrace.
  • ECPA (Score:5, Informative)

    by Anonymous Coward on Thursday October 29, 2009 @08:17PM (#29918787)

    I see that the electronic communication privacy act of 1986 is being ignored once again.

    http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

  • How is this any different then making a phone call? My voice still has to go through the Phone Companies equipment. They still need a warrant to tap my phones (well, maybe not thanks to the Patriot Act).

    If this ruling stands, it's going to open up a whole new can of worms. Email should be considered PRIVATE if there is only one recipient, just the same as if I make a call to a single individual.

     

  • Consequences (Score:3, Insightful)

    by SlipperHat (1185737) on Thursday October 29, 2009 @08:24PM (#29918887)

    By that logic, that judge's emails should be open to being searched.

  • 3rd-party doctrine (Score:5, Insightful)

    by MobyDisk (75490) on Thursday October 29, 2009 @08:24PM (#29918889) Homepage

    When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP

    Yes, just like:
    - Mail
    - Safe deposit boxes
    - Bank accounts
    - Voice mails
    - Telephone conversations
    - Storage units

    As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!

    • by BitZtream (692029) on Thursday October 29, 2009 @09:39PM (#29919529)

      You would be wrong.

      Most those things have separate laws to cover them. Well some of them due, I do not think there are any such protections for safe deposit boxes other than the providers of said boxes have a reputation to maintain if they want people to use them. There aren't to my knowledge any such protections for storage units, although it may be covered as if it were your home by a different law.

      Phones and mail have laws specific too them to protect them, nothing to do with the 4th admendment other than spirit and intention.

      We're just going to have to get off our lazy asses and demand the same coverage for internet related communication.

      The main difference with phones is historically, there has not been a recording of the call stored outside the persons home. The phone company doesn't record every conversation for you to listen too later. If they did, you'd be in a different arena. Its much easier for law enforcement to get records of your calls than it is to wire tap your calls, the records are already stored so you can be billed, and you and I demanded the phone company do so, as we expect detailed billing.

      With email, ISPs DO record it for later, as part of the service, thats the way it works. Your email ISN'T private and its rather retarded that you think something stored on someone elses hard drive is private to you, regardless of the law.

  • I think this ruling is just fine as long as they extend analogy with the physical world further. I.e. if e-mail and information stored on the 3rd party servers are not "private", then e-mails and information stored locally on servers in my home should be protected by the 4th amendment.

    As long as that's the way they read the law (applying "home" boundaries literally rather than as a way to define a set of "things that belong to a person") - fine with me. It's not upholding the spirit of the amendment but rat

  • Netzero? (Score:2, Funny)

    by Rude Turnip (49495)

    Get with the times, man...Juno is the ISP of the future!!!

  • Considering that many people already are not using their ISP's e-mail server, is this likely to become the death knell of publicly provided e-mail services?

    I can see this being a significant issue for gmail, msn, yahoo and AOL (almost had SOL there, interesting) and their customer relations. For me it's a 5 min process to move my own services back onto my own computers. And as part of that I can advise friends and people I am going to exchange personal e-mail with to use an encrypted platform.

    I don't know t

  • by DaveV1.0 (203135) on Thursday October 29, 2009 @08:35PM (#29919017) Journal

    The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.

    Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.

    I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".

  • by Dunbal (464142)

    Time to encrypt, bitches. I'll show you a "private space".

  • Bush Appointee (Score:2, Informative)

    by DigMarx (1487459)

    Not to get all ad hominem or anything, but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.

    Zo

  • by Nkwe (604125) on Thursday October 29, 2009 @08:46PM (#29919111)
    The fine article refers to a ruling that says you don't have to be notified if your email is accessed. It doesn't talk about if it is legal or not to access your email. I guess the theory being that if your mail is stored "publicly" at an ISP and that someone has the legal right to look at your mail, they don't have to tell you that you have been snooped on.

    The article doesn't seem to make the distinction between mail at rest (on a mail server) and mail in transit (passing on the wire) so I don't know if running your own mail server makes any difference here or not. It would at least reduce the exposure time for "snapshots" to be taken and disclosed. If your mail was on your own server you would at least have to be approached by a court with a subpoena or similar that demands access, which you would probably notice.

    Encryption is of course, the answer.
  • This is nothing new (Score:4, Informative)

    by jc42 (318812) on Thursday October 29, 2009 @09:37PM (#29919517) Homepage Journal

    We've seen this sort of "logic" before, and often. The general principle is "When a computer becomes involved, all precedent is forgotten, and centuries of hard-learned lessons must be learned all over again." I've forgotten who first pointed this out, but it's a useful thing to remember.

    It took many centuries, and many deaths, for the freedoms that most of the "first-world" countries have were encoded in their laws. But over and over, we've found that the courts don't apply those laws to anything that involves a computer. It takes a good list of horror stories about the actions of ISPs and other people in positions of power, plus new laws, to get the older Real World laws applied to anything involving a computer. This is just one example of many.

    It's sorta funny that computers, which are the ultimate in relentless, unforgiving, mechanical logic, have an effect on humans that can be characterized as destroying our ability to use logic as simple as saying that everything we knew before still applies when there's a computer in the vicinity.

    In most of the First World, it's illegal for a postal or other delivery employee to open a package and make notes on the content. There are good historic reasons for this. It's interesting to read the history of the concept of "common carrier", and understand why it came to be. People did literally die before these rules went into effect, as the result of people opening and reading the contents of messages in transit, and selling the information to interested parties. This history isn't a secret. But when its a computer transferring messages, the carriers are permitted to inspect the contents and sell the information to interested parties. This will eventually lead to laws applying the common-carrier rules to computerized communications. But this will only happen after the same sort of disasters that led to the common-carrier rules for written, printed and analog telephone communications.

    The only scheme that's stable over the long term is that "carriers" of messages should not be allowed to use the contents of the messages for any purpose. In exchange for this, the people in power agree to not punish the carriers for the contents of any delivered messages. Anything else will eventually be a disaster for the people in power, when they learn too late that the carriers have made "commercial" use of the contents of messages to/from powerful people.

    This isn't a hypothetical scenario; it is exactly what led to the common-carrier laws in the past. Things like this court decision just shorten the time until such disasters occur. And it's all due to our mysterious inability to remember and apply historic precedent when there's a computer involved.

  • by steve buttgereit (644315) on Thursday October 29, 2009 @09:50PM (#29919629) Homepage

    The original author of the blog in the story has revised his analysis thus:

    "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers. I missed this because the reasoning closely resembles the argument for saying that the Fourth Amendment doesn’t apply at all, and I didn’t read the earlier section closely enough. That’s obviously a much narrower position, and I apologize for misunderstanding it the first time in the quick skim I gave it. Sorry about that: The fault is entirely mine."

    http://volokh.com/2009/10/29/opinion-on-fourth-amendment-and-e-mail/ [volokh.com]

Computers will not be perfected until they can compute how much more than the estimate the job will cost.

Working...