11th Circuit Eliminates 4th Amend. In E-mail

Artefacto writes "Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages."

What do you expect from ancient judges?

[elrous0]

Half of the court probably had to have the concept of "email" explained to them. These were the annoying pricks that wore ties to class back in law school, most of whom were out of touch even back then. Now you expect a reasonable verdict that reflects modern innovations and changing behavior out of them?

"Email. Is that what my grandkids play their tic-tac-toe games on?"

"Uh, no Your Honor, that's probably a portable gaming console."

"Can I send a Tivo with one of those things?"

"No sir, a Tivo is a Digital Video Recorder."

"So an email is a Tivo?"

"Sir, I don't even know how to answer that."

"I'm ready to rule!"

Re:What do you expect from ancient judges?

[Anonymous Coward]

Mod parent up for not reading the article, only taking into account one side of the argument when forming an opinion, and not understand how the U.S. government works.

Re:What do you expect from ancient judges?

[ircmaxell]

Agreed. But the kicker here, is if EITHER PARTY uses ISP hosted email, then the message is fair game here. So even if I run my own email server, I still probably won't be protected... Yet another right bites the dust in the name of misunderstanding...

I wonder if the same could be said for people who get snail mail delivered to a Post Office Box? It's "delivered" via a third party (albeit one sanctioned by the government)... What about phone calls that go through an intermediary (Like VOIP or forwarding services)? What about telegrams? They all rely on the same concept that the message is delivered via an intermediary, so why aren't they "fair game" as well?

Re:

[Anonymous Coward]

I'm marking all my mail as unread, right now!

Re:What do you expect from ancient judges?

[Jenming]

In order for Fourth Amendment protections to apply, the person invoking the protection must have an objectively reasonable expectation of privacy in the place searched or item seized.

I don't know about you, but when I send an unencrypted email I have no expectation of privacy from the moment the text leaves my computer.

Re:What do you expect from ancient judges?

[ircmaxell]

When I make a phone call, I don't expect privacy either. But I do expect my 4th amendment rights to be in force. So just because someone can tap in and listen, doesn't mean that the government can do so to gather evidence... And that's the subtle difference here. Just because "someone" can read what I sent, doesn't give the government the right to spy in on it.

I'll give you another example. You're in your back-yard at your house talking with a friend. Sure, neighbors can likely hear your conversation, so you don't have an unusual expectation of privacy. But, if a FBI agent is sitting in a tree 100 yards away with a sound amplifier pointed at you (and hence recording/listening in to your conversation), that would be an invasion of your 4th amendment rights. And privacy is relative (you even allude to it in your quote). The fact that "objectively reasonable" is used to qualify privacy shows that it's relative. In your back yard, you wouldn't expect someone to explicitly listen in to your conversation (unless you were yelling). Conversely, if you were on a crowded train, you wouldn't expect any type of privacy from verbal communication (But you would expect a reasonable level of privacy if you were typing on your computer on said train). That's the difference. Not if there is any form of privacy, but if there is a reasonable expectation given the circumstances...

JMHO...

Re:What do you expect from ancient judges?

[Trails]

It's not "fair game". The constitution grants protection against unreasonable searches and seizures. Just because you leave something sitting on your porch does not give the gov't a right to walk up and grab it.

Further, the presence of https is encryption simply between the user and their immediate provider. It has nothing to do with the format of the message on the server or in transit, hence it is irrelevant to this discussion. It is not, as you put it, "end-to-end". Something like PGP would be. That being said, the concept of having to actively add security in order to protect yourself from unwarranted search and seizure by the gov't is preposterous on its face, and certainly contrary to the spirit of the US constitution. The onus is on the government to provide just cause, not on the citizens to protect themselves from intrusive gov't measures.

Re:

[Zerth]

Your mail comes in an envelope(trivial encryption).

Re:

[Kjella]

Talking on the phone isn't encrypted, having a conversation isn't encrypted, regular envelopes are the digital equivalent of ROT-13 and only protects against casual observation. "Expectation of privacy" is not something that applies only to unbreakable cryptographic safes, if it did it wouldn't have existed until the PC age.

You may not have any expectation of privacy from the recipient, but if you consider that "voluntary disclosure" then the fourth amendment doesn't protect any communication at all. You do

Expectation of Privacy does not work that way!

[Chris Burke]

I don't know about you, but when I send an unencrypted email I have no expectation of privacy from the moment the text leaves my computer.

Expectation of privacy means you can reasonably expect your privacy to be respected, not that you can reasonably expect it to remain secure even in the face of someone trying to violate it!

Example: A conversation in your home is private, even though a simple glass held to your window can let someone listen in. It is reasonable to expect that people will not do this. A conversation in a restaurant is not private, because you cannot reasonably expect that nobody will listen to you -- in fact it's difficult for them not to.

Your ISP has no reason to read your email outside of the header. It is reasonable to expect that your ISP will respect your privacy in this case. It is doubly reasonable to expect that the police will respect your privacy, so long as they are obeying the law.

The interpretation that "expectation of privacy" means "how much privacy can you expect to have in the face of malicious people deliberately trying to violate it" is incorrect, and silly. It would make the 4th Amendment meaningless, because anything that someone can view is ipso-facto not private and thus not subject to the 4th.

Re:

[commodore64_love]

The European Union has this: "Article 8 -Protection of personal data. 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to contr

Re:

[AndersOSU]

I actually think the telegraph is a fantastic analogy for email. A message is drafted by one party, transmitted from one intermediary to another electronically, and delivered to the recipient. The intermediaries probably even keep logs of some information.

I'm too lazy to look up the legal understanding of privacy for a telegraph, but if I were involved with this case, I think it would make a good start.

The law is NOT silent. 4th amendment says it all.

[fyngyrz]

Any US court that tries to argue that email isn't "protected" has little to no understanding of the US constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

EMail is modern mail; and mail is one case of the "papers" mentioned in the 4th amendment. The US mail is a 100% analogy here. Sure, someone can easily can look in an envelope during its trip between parties, or at either end, but the 4th says you have the right to be secure in your papers and effects, so it is illegal to do so. EMail is precisely the same kind of communication. It isn't about the fact that someone can look; it is about your right to privacy, to expect that they shall not look, and if they do, they have harmed you.

This covers why email is protected as a side issue of the main discussion: On Privacy [fyngyrz.com].

Re:The law is NOT silent. 4th amendment says it al

[fyngyrz]

that's pre-9/11 thinking.

Thank you for the complement.

Composition of the Court

[Infonaut]

Just for sheots and giggles, I looked up the members of the US Court of Appeals for the Eleventh Circuit [wikipedia.org]. The youngest member, William H. Pryor, Jr., was born in 1962. Beverly B. Martin, the next youngest, was born in 1955. But the judges ages aren't necessarily a valid indicator of how tech-savvy they are. Alex Kozinski [wikipedia.org] of the Ninth Circuit, was born in 1950, and is well-known for, among other things, his grasp of technology.

The other thing to remember is that the onus of responsibility is on the lawyers w

Once again

[Pojut]

I've linked to it many times in the past, and it seems like a perfect time to do so again:

http://haacked.com/images/TerroristsHateFreedom.gif [haacked.com]

Case Summary

[TheMeuge]

The case can be read at:
http://www.leagle.com/unsecure/page.htm?shortname=infco20100311081 [leagle.com]

Here's a brief summary

1. A guy sent some faxes to a hospital criticizing their management and mocking them.
2. The prosecutors and police were friends of the hospital management and they investigated this as a "favor"...
3. they secured three successive indictments against the guy, all of which included felony assault against a man he never met
4. each time the indictments were dismissed by a higher court
5. but they arrested and held him anyway
6. so he sued for violation of his 4th because they got his phone records and emails without a warrant and for malicious prosecution
7. The 11th circuit dismissed ALL the malicious prosecution claims, granted the police and prosecution total immunity, and ruled that the plaintiff's rights weren't violated when his emails were turned over, because they had already been "delivered" to his ISP.

There are a lot more things wrong with this decision than just the 4th amendment violations.

Re:Case Summary

[Cytotoxic]

Holy crap, that was a terrifying read. Basically the appeals court found that the prosecutor and cop in the case were granted Absolute Immunity from prosecution for their actions in intentionally framing this guy for multiple felony and misdemeanor crimes. The appeals court found that the plaintiff did indeed get falsely accused, and that the prosecutor knowingly participated in presenting false testimony to get indictments - but the poor guy has no recourse.

Other Amendments

[pipingguy]

Is the Second still in effect?

Re:Other Amendments

[dkleinsc]

No. The only one that's really left appears to be the Third, which prevents the quartering of soldiers in private homes.

Re:

[Anonymous Coward]

And if soldiers attempt to quarter themselves in your home, there's nothing you're going to be able to do to stop them.

Re:Other Amendments

[zach_the_lizard]

I think that one may have been abused during the Civil War, so even that one has been violated. It just hasn't been continuously violated.

Re:

[ircmaxell]

No, it wasn't. The way the 4th amendment is worded, No soldiers can be quartered in any house without consent of the owner during peace times. During war, they may so long as it is done in a manner which was prescribed by law (So as long as the government passed a law with guidelines on how to do it, it is legal for soldiers to bed in a home without the consent of the owner)... At least that's how I read it...

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner,

Re:

[zach_the_lizard]

Of course, to end habeas corpus, you have to have Congress do it. Lincoln declared it on his own authority, a power not proscribed to him. The war also saw the imposition of an income tax, which was then unconstitutional, and the expulsion of many secessionists or advocates of peace in the North to Canada. Similar things went down in the Confederacy, and both sides ran terrible POW camps.

Re:

[Miseph]

That one and several others. Lincoln declared Martial law, suspended Habeas Corpus, and openly ignored huge chunks of the Constitution and US law.

If it weren't for the issue of slavery, and the fact that the South didn't behave all that much better, it would be very hard for anyone to honestly side with Lincoln and the North.

And no, I'm not a Southerner, secessionist, KKK member, or any of that nonsense.

Re:Other Amendments

[Red Flayer]

At the time, trade laws were biased heavily in favor of the north and the southern states had to pay heavy tariffs on everything we got from them

Tariffs between states did not exist at that time. Perhaps you are confusing the issue of tariffs between the states with export tariffs on agricultural goods? The tariff issue boils down to protectionist tariffs on finished goods (helping the North's industrial base), and export tariffs on agricultural goods (the North wanted the South to sell goods cheaply to them, not to sell goods overseas).

The north is in no position to take the moral high ground here. Lincoln chose to ignore the constitution he swore to uphold and should have been impeached.

Every president of the US did likewise in time of war. And each time, it wasn't quite as bad. Judge Learned Hand wrote extensively about this; Lincoln was no different (and perhaps a little better wrt rights, even) than prior wartime presidents. Rights are trampled in time of war, then peacetime review finds problems with those actions... so in the next war, rights are trampled a little less. This has held true until, arguably, the current war in Iraq.

Sherman was a war criminal who burned everything in sight just for the sake of causing damage.

You miss the purpose of his campaign. It was not for fun -- it was to demoralize the heart of the insurgency. And it worked, however nauseating it may be in hindsight.

The north invaded our lands, killed many of our people, and destroyed most of our infrastructure.

The south would have done the same were they able to. They did, after all, initiate the hostilities. The south's campaign into Pennsylvania was a good example of the south practicing a lot of the same tactics the north would later use in the south... the only reason there wasn't a lot of infrastructure damage is because the south wanted to use the north's rail systems at the front. Had the south been able to get past the front, they would have destroyed northern infrastructure.

Why do people always look down on the south?
...
Who are they to judge us?

I'm a damned yankee, and I look down on much of the south. There's ignorance and stupidity everywhere (present company excepted, of course), but the south seems to have gotten a double helping.

FWIW, I look down on much of the north as well...

Re:Other Amendments

[ElectricTurtle]

I don't disagree with any of your very pithy analysis, but the sentiment of the following is dangerous:

You miss the purpose of his campaign. It was not for fun -- it was to demoralize the heart of the insurgency. And it worked, however nauseating it may be in hindsight.

This sort of ends-justify-the-means, history-is-written-by-the-victors mentality is insufficient justification for what should have been and should still be war crimes. I'm a very hawkish, unilateral guy, but in order to have moral authority it is necessary to be 'better' than your adversary. I agree that the South is not some saintly victim, they did their own evils not least of which was Andersonville. That is not justification for more evil. You can fight for the 'right' things the 'wrong' way, which includes the carpet bombing of Dresden and other German cities, the firebombing of Tokyo and other Japanese cities, and the saturation bombing and other indiscriminant behavior in Vietnam.

It would have been better to draw out the conflict, even to a stalemate, than it is to have won by such efforts. It was a stained and sullied victory, which bred generations of continued emnity. If not for external forces (later wars) and homogenization driven in part by carpetbagging, there probably would have been another Civil War already, driven by the treatment of the South by the North (analogous in some way perhaps to the treatment of the Germans by the French after WWI being catalytic in priming German society to accept militarism and aggression leading to WW2).

Re:

[MightyMartian]

They won, the Jeffersonian-Madisonian model lost. The theory that a state had some right to secede was thrown in the dumpster of failed ideas. And whatever laws Lincoln broke and whatever mistakes he made (and he made plenty), I'd take him any day over Jefferson Davis.

Whatever the Civil War was about, the Confederacy ultimately lost because of slavery. The British government would dearly have loved to have offered its support to Confederacy, but it was political suicide by the mid-1800s for any British g

Re:

[Schadrach]

"You did not know anyone who did, as they died before you were born."

Depending on his age, that may or may not be the case. If he happens to be very old, he may have had a grandparent or great grandparent who did, and they probably died when he was very young. I mean think out the time: If he's 90, he was born in 1920, at that time, someone 18 (I know Confederate soliders were not required to be 18, but it gives us a little wiggle room) at the time it started would have been 78 at his birth. So, I mean t

Re:Other Amendments

[MattSausage]

You are thinking of the Revolutionary war. The Civil war was the war between the states. Some four-score and seven years later.

Re:Other Amendments

[ElectricTurtle]

The US Constitution was ratified in 1788 (though the Bill of Rights was not made effective until 1791, and they were not made to apply to the states in superseding state law until the 'incorporation' under the 20th century 14th Amendment interpretation explicit in cases like Gitlow v. New York), the US Civil War began in 1861. Please, please tell me that you are not a US voter.

Re:

[bsDaemon]

The sad thing is, a naturalized citizen probably has a higher likelihood of actually knowing this than most natural-born citizens under a certain age. For what it's worth, I got the highest score in my school on the US History state assessment, which I finished in about 45 minutes and still found to be harder than the AP exam, and I am a natural-born citizen... I just didn't sleep through civics class. however, I suspect the GP to be a foreigner not being sent through the ringer of the naturalization proc

Re:

[Lostlander]

You're aware of when and how U.S. laws were and are created and how they apply... You must be foreign.

Re:

[roaddemon]

Mod me -1 pedantic, but it only prevents the quartering of soldiers in private homes "without the consent of the Owner".

"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."

Re:Other Amendments

[Shining Celebi]

No. The only one that's really left appears to be the Third, which prevents the quartering of soldiers in private homes.

I know it's popular to think that the government is taking more and more of our rights away, but I don't see how that's the case. For example, in 2008, the Supreme Court dramatically broadened the scope of the Second Amendment to say that the federal government has virtually no power [wikipedia.org] to institute any kind of gun control on federal property. This is obviously an increase in freedom over what had been settled law. The Supreme Court will soon be taking up the issue of whether or not state gun control is legal. I'd say our First Amendment rights have been greatly strengthened too over time. When John Adams was President, he arrested dozens of people for saying things he didn't like. Nowadays, we can say whatever we like about a President. Not only that, it's a lot easier to get an audience, thanks to the Internet. The list goes on and on.

Can you explain how, exactly, our freedoms are less than they formerly were?

Re:

[Pojut]

Let's see...we have three legally purchased firearms in our house, each of which we could take to the range any day we please and blow through as much ammunition as we can until they kick us out.

Yeah, I would say the Second Amendment is still in effect. Stop sensationalising things.

Re:

[crashumbc]

funny, because there are MANY places in this country where you can't do that... Just because you happen to live in Texas doesn't mean the 2nd isn't being violated.

Re:

[jdgeorge]

Ahem... Dare I mention actual facts [wikipedia.org] (or as close as Wikipedia comes to them)? Oh, right, Slashdot. Never mind.

Re:

[Pojut]

Actually, I live in Maryland...which has some of the most strict gun laws in the nation. Thanks for making assumptions though, I appreciate it.

Re:Other Amendments

[lwsimon]

Try owning a handgun in the city of Chicago, or New York City.

Re:

[ElectricTurtle]

I think there is a better-than-fair chance of incorporation by the current SCotUS in the Chicago case, to which I'm looking forward with much anticipation. Also, don't forget that almost all states (44 according to wikipedia already ref'ed [slashdot.org] by jdgeorge) have state constitutional provisions that approximate/mirror the federal constitution.

Re:

[i.r.id10t]

Depending on where you live...

Re:

[Low Ranked Craig]

Depends on the state. I live in Arizona and I carry a handgun anytime I feel like it, anywhere but a bank or a federal building. I don't usually, because it's not necessary. Don't try this in California unless you want to see the inside of a jail cell. Gotta love states that can arrest you and convict you for exercising your constitutional rights.

Re:

[ElectricTurtle]

Federal property aside, I don't believe there is any part of Arizona carry law that specifically pertains to banks. Some banks may post that they prohibit carry and that posting has the effect of law (usually covered as 'trespassing'), but if a bank has no policy then there is no reason you couldn't carry there if you wanted.

I live in VA and during the summer I open carry, and I selected a bank that did not have any objections to my sidearm. It's best to look at the small, local banks (mine has three goin

Re:

[Low Ranked Craig]

That's true, however all banks that I'm aware of post no firearms allowed. If I was carrying my compact concealed I might just wear it anyway - it's not a violation of state law, and all they can do is ask you to leave, but really I only go to the bank a few times a year, and most of those trips are to the drive through.

Re:Other Amendments

[ElectricTurtle]

Not that I'm trying to get you to switch banks or anything, but I just want to make sure you know that there are banks in AZ that are accommodating. I hear [mywowbb.com] that TruWest Credit Union has a policy to not exceed state law. Other people in that thread have noted tolerance from Chase, Bank of America, and Hughes FCU.

Self Hosting

[carp3_noct3m]

Well, I'm curious about something, how does that apply when I control and run my own domain and email, but it is hosted by a third party? I have been using dreamhost for the past 3 years and I love it, but would they have to only contact dreamhost or do they have to contact me as well? There seem to be two alternatives, one of which I am already partially implimenting, that is 1) Hosting your own email on your own server (at home) and 2) (the one I'm partially doing) Encrypting email whenever possible. People often forget that email is plain text, and unless you are encrypting it, it could be comprimised at any number of locations and generally should not be considered pragmatically private at all.

Re:

[Hadlock]

I suppose in theory you could always issue all your friends webmail accounts, hosted on your server, hosting your domain. A better question might be, "does this apply only to email, or all electronic communications?" If it ONLY applies to email, your 4th ammendment rights could still be upheld by using say, private messages (PMs) on an internet forum, or any number of alternative "email" systems.
 
Does Gmail have native PGP support yet? Is there a Chrome plugin for that?

Encryption

[outofpaper]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is why the use of encryption is a must. Sending email is like sending a postcard, except that copies of it are made and stored for perusal by government officials and ISP employees. Since most people use Firefox they should check out the amazing http://getfiregpg.org/ [getfiregpg.org]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Use GnuPG with Firefox : http://getfiregpg.org/ [getfiregpg.org] (Version: 0.7.10)

iF4EAREIAAYFAkufikAACgkQmu9IBuIu3yEYOgD/dDFE5oEieIS9PWP7dUm+rOXU
1yfiGTlXropncPeFhX0BAIaYlc1iecFMV3CE2G2w7zZXO7pNlWEVqHS0yD9J2Z3j
=HF92
-----END PGP SIGNATURE-----

Email is like a telegraph

[Anonymous Coward]

Email is more like a telegraph than a postcard.
With a postcard (in the US) you hand it over to a government (now quasi-gov) agency that is legally bound to handle your message in confidence.

With the telegraph system you sent a message in cleartext via a series of intermediaries [telegraph operators/mail servers] none of which were guaranteed to work for the same company. And the message was sent a a series of binary signals (dots-dashes/ones-zeros)
 

Re:

[gzipped_tar]

Unfortunately, /. sometimes sees a GPG-signed message as junk that fails to pass its bullshit "bullshit filter". Especially when you use SHA512 as the hash function.

Filter error: That's an awful long string of letters there.

Re:

[Hadlock]

It should be trivial if it gets flagged as spam, to do a character count and see if the letters "SHA" appear anywhere in the message, and then parse the message for any strings that are the same length as a 128/256/512 hash. If that fails, just write a rule "if message contains the word(s) SHA place in inbox".

Re:

[iammani]

If that fails, just write a rule "if message contains the word(s) SHA place in inbox".

Will be abused by spammers.

Re:

[Ephemeriis]

This is why the use of encryption is a must. Sending email is like sending a postcard, except that copies of it are made and stored for perusal by government officials and ISP employees.

Yup.

I routinely have clients asking me about security and encryption and VPNs and keyloggers and all this stuff... And then they'll be sending truly critical and confidential business information in plaintext through a Hotmail account.

Had one client convinced they'd been "hacked" because some confidential information made it out into the hands of folks who shouldn't have had it... Now, some employee obviously shared that information with someone they shouldn't have... But nobody hacked anything. Turns o

Does anyone have the right to copy your mail?

[rotide]

Ok, snail mail isn't allowed to be opened and copied under federal law (exceptions such as military, etc, exist).

Sec. 1702. Obstruction of correspondence

Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both.

If only we could get the same for email. That way no copies can be made and handed off to another party.

Sadly, I doubt this will ever happen.

Re:

[v1]

You quoted the right passage without knowing it

before it has been delivered to the person to whom it was directed,

That's the stipulation they used in the ruling.

Re:

[rotide]

I take that to mean "if you pry into the business or secrets of the mail before it is delivered" then you're in violation.

Meaning, it's protected while en route. The second it's delivered it has no protection under that law and becomes a possession and protected as such.

Re:

[StripedCow]

The problem is that the government or anyone else doesn't know when it is actually delivered to you.
I.e., at any instance, the email might be still waiting in your inbox.
So, strictly speaking, they are not allowed to open it.

Re:

[mea37]

Yes. However, it's pretty clear that wasn't written to mean "it's ok to steal the mail from the post office after it's been delivered", because at that point the post office no longer has the mail for you to steal. In hindsight, knowing that ISP's do still have the message after it's delivered, the wording seems sloppy; but when applied to the technology for which it was written, it means exactly what it was intended to mean.

Sadly, "interpret the law" can mean two things. What should happen (consider the

Re:

[ottothecow]

If only we could get the same for email. That way no copies can be made and handed off to another party.

Maybe the USPO needs to start an email service?

Re:

[L4t3r4lu5]

Your email is not a letter. It is a selection of bits.

You cannot control what happens to those bits once you have hit the "Send" button any more than the BPI can control what happens to the bits of the most recently ripped JLS / Coldplay track. You're effectively suggesting that we legislate DRM for our email.

Do you know how daft that sounds?

Google?

[Fractal Dice]

Will google now pull out of the US?

I've said it before, and I'll say it again..

[hacker]

I've said this many times here before, and I'll say it again... don't let them see anything other than the delivery envelope (headers) of your email. They can't legally open your postal mail, so treat it the same: gpg/PGP-encrypt your emails; all of them.

If a recipient you email frequently doesn't know how to use encryption, teach them. There are plugins for Firefox, Gmail, Thunderbird, Mail.app, and dozens of other mail clients.

If it's someone you don't converse over email with often, then it's probably not worth protecting anyway.

Seriously...

• http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html
• http://enigmail.mozdev.org/home/index.php
• http://getfiregpg.org/s/home
• http://www.cumps.be/gpg-in-outlook-2007-outlookgnupg/
• http://www.gnupg.org/related_software/frontends.html

Learn to create, protect and use your gpg keys and your keychain. It's not that hard, and the benefits far outweigh the minutes of work and learning it takes to incorporate it into your daily workflow.

Re:I've said it before, and I'll say it again..

[betterunixthanunix]

Sadly, most people see encryption as an annoyance that prevents them from checking their email on random computers. They do not frankly care about whether the government reads their mail, "I have nothing hide," etc. Convenience trumps all, always.

Re:I've said it before, and I'll say it again..

[Perl-Pusher]

I would go further, write a haiku for your signature, register the copyright, put a copy right notice in the message and encrypt all of your mail. Decrypting a copyrighted work and making multiple copies, runs a foul of the Digital Millennium Copyright Act and other copyright laws.

Re:

[Kozz]

I think it's been clear that the obstacles to widespread adoption of email encryption are 1) ease of use, and 2) critical mass.

Yes, yes. For you and me, using encryption is not terribly difficult. We might even be able to teach our close (non-geek) friends how to use it. But you're also implicitly taking on an educational challenge. How will you convince this friend of the merits of using encryption? My guess is that for most people I would want to teach, I'd waved off and dismissed because they don't

Re:

[bhima]

Encryption can only be useful for emails when people use it for all or most of communications, so that one does not instantaneously flag communications of interest. Looking at my email habits, there are: 4 people who work for firms where encryption is specifically forbidden in company policy. 12 people who absolutely could not be taught how to use encryption... Including my mother who writes email as if she sending a telegraph and is paying per character. 2 people who could use encryption but who don't us

Just try convincing people

[Chemisor]

You obviously never tried to convince a nontechnical person to use encryption. They just get that sour look on their faces, thinking "yeah, yet another stupid techie thing I don't care about but now have to learn". Naturally, you can't ask them to set up encryption themselves. Installing gpg and enigmail is a nontrivial task even for me. And you can't even set it up transparently, because gpg evidently decided that an empty passphrase is "insecure" and not to be allowed. Of course, they don't care that if t

Re:

[hacker]

If you have a real solution to those two issues, I'd love to hear about it.

Well first, some of those Firefox add-ons actually send an encrypted blob through the web-based email system... so if you don't have the add-on, you get ascii-armored jibberish, with legible headers.

Also, the systems you mention all support IMAP and POP3, so you can use the mail client of your choice to interact with them (Evolution, Thunderbird, Outlook, OE, Mail.app, etc.)

Hold on...

[CajunArson]

I need to actually read the case, but:
1. Alice sends Bob a message
2. Bob decides to post the message on Facebook or even, the police ask Bob for the message and Bob says: Sure here you go!
3. Alice has no expectation of privacy from Bob because she chose to send him the message.

The above situation is already well established as being perfectly fine from long before the time of the Internet. The meaning of the term "Third Party" is at issue here, and third party does *not* necessarily mean your ISP. Look at the stored communications act for the rules on how email is treated by law enforcement. If you send your email to somebody (the "third party") that somebody can choose to hand it over to anyone. However, this isn't any different than sending a letter over the Pony Express and having the person you sent the letter to read it in the town square for everyone to here.
Moral of the story: If you don't trust a third party, don't send them information!

Re:

[CheshireCatCO]

Read the article, or even the summary posted here. It's not a matter of the recipient (or sender) posting the contents, it's a question of the ISP (hence: third party) revealing the information.

Now what's missing from this is that the investigators had a subpoena according to the article. I'm not clear on how this violates the Fourth Amendment, in that case. Isn't that exactly what we want the government to do and to be able to do when investigating an alleged crime?

Re:

[CajunArson]

That's the problem.. the article is slashdotted and I don't trust a summary. In a legal case the term "third party" is not necessarily what you think it means. If a plaintiff is suing a defendant then a "third party" could be anyone the plaintiff chose to send an email to.
This is from memory so it may be a little inaccurate but here is what I remember of Federal law on the subject: The stored communications act puts email in different categories depending upon whether it has been "read" or

Re:And you shouldn't trust the summary

[IndustrialComplex]

Email is a post card. Anyone can read it along the route. Anyone can choose to use that information. The government can request the information anywhere along the route.

If you write a death threat on a postcard, your mail carrier may report that information to the authorities.

So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.

You can't just say encryption, because encryption is not trival to open like an envelope, I'd have to ensure that EVERYONE I ever wanted to send an email to has a special bit of equipment (software) that has been setup. Could you imagine if the only way your mail was secure was if you had to encase it in a metal envelope that was welded shut?

Just because someone COULD read the message doesn't mean that it shouldn't be protected and treated as if the person just passes it along. This concept of 'sufficient' measures to ensure privacy is getting insane.

Re:

[Chris Burke]

So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.

Thank you.

Too many geeks around here seem to think "privacy" is the same as "security".

You don't encrypt your email or seal your correspondence in a tamper-proof opaque envelope because you want privacy, you do that because you want your private email to

Re:

[NotQuiteReal]

I read the article, and I'll quote it in full, here: "Error establishing a database connection".

That was not too enlightening. However, my question is about this "after delivery" bit.

For server based mail (web based or even Outlook, etc.) the mail stays at the "ISP" even after it has been "delivered". However, if I pull a message from a POP server, with the delete option, the message should "legally" no longer be on the server after delivery, right?

Re:

[CheshireCatCO]

I read the article, and I'll quote it in full, here: "Error establishing a database connection".

Seems clear as day to me... No, wait! The other thing: Slashdotted!

Re:

[MindStalker]

A Subpoena is NOT the same as a Search Warrent. A subpoena is a demand that one testified in court.

Re:

[sammy baby]

(IANAL)

Um... no. People can be subpoenaed to testify in court, but documents and records can also be subpoenaed. The difference is that if you are subpoenaed for documents, you are expected to turn them over, whereas if a law enforcement officer obtains a search warrant, he can go take them himself. More or less.

Re:

[MindStalker]

Yes, but a subpoena isn't intended to break your fourth amendment rights. You can contest a subpoena, this person didn't have a chance to contest the subpoena because his ISP was subpoenaed not him. A subpoena has a much much lower burden of proof than a search warrant.

Re:

[ircmaxell]

Now what's missing from this is that the investigators had a subpoena according to the article.

A subpoena is basically a "request for appearance/data to be used in court". Basically, if I subpoena you for information, that means that you must provide me with the data. The difference in this case, is that the data was taken (Which, according to US law, requires a warrant). Sure, you can be held in contempt of court if you don't abide by a subpoena, but they cannot use a subpoena to "take" data, it must b

Re:

[CheshireCatCO]

Ack, right. Too early in the morning and my brain isn't functioning well enough yet. Thanks.

Re:

[Sockatume]

That's how the Fourth Amendment works. However in this case, they've taken it to mean that if the postman were to copy the letter in transit, because it's likely to get lost for example, then it'd be okay for the government to seize that copy, so long as Bob gets his copy first.

Re:

[hacker]

If you send your email to somebody (the "third party") that somebody can choose to hand it over to anyone.

This is PRECISELY why you encrypt emails to recipients... there is absolutely no doubt that there was an expectation of privacy, when the receiver has to decrypt the email using a private key, to read it.

Re:Hold on...

[ircmaxell]

But that's not what happened in this case. What actually happened was:

1. Alice sends Bob a message
2. Bob receives the message from his ISP
3. Government goes to Bob's ISP and demands a copy of the email

So in this particular case, Bob's 4th amendment right was violated, and the data was used against Alice. So the fact that Alice's rights weren't compromised in the fetching of the data is meaningless because someone's rights --namely Bob's-- were... And that's where this ruling becomes retarded. Not because Bob chose to disclose the contents, but because the government willfully violated Bob's rights to incriminate Alice...

But there is another flaw in your argument. Bob cannot go and post an email that Alice sent to him on Facebook (well, legally at least). Even though Alice doesn't have 4th amendment rights over Bob's copy, she still does hold copyright over the message. She granted him an implicit license to read the work when she sent it to him. She did not grant a license to show that email to anyone else...

Re:

[bmo]

Bob cannot go and post an email that Alice sent to him on Facebook

Huh?
What?

Name a single court case where this was true in the US. Even those "this is confidential blah blah blah delete if received in error blah blah" "warnings" are nothing but attempts at intimidation with no basis in law.

--
BMO

Re:

[strech]

I need to actually read the case, but:
1. Alice sends Bob a message
2. Bob decides to post the message on Facebook or even, the police ask Bob for the message and Bob says: Sure here you go!
3. Alice has no expectation of privacy from Bob because she chose to send him the message.

The above situation is already well established as being perfectly fine from long before the time of the Internet. The meaning of the term "Third Party" is at issue here, and third party does *not* necessarily mean your ISP. Look at t

Re:

[strech]

Note that "wrong" refers to your comment as an analysis of the case in question. Your example is strictly accurate, it just isn't what happened in this case, either by the summary or article, and using it as the "moral of the story" is wrong.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[demonlapin]

Your snail mail enjoys no protection if, as on a postcard, there is no attempt to shield its contents from public view. Encrypt your email and things may change (IANAL, don't know for sure if they do - e.g., would it then be permissible to brute-force any encryption without a warrant, or does the mere act of encryption indicate an intent that something should be private?)

Email is like Postcards....

[EXTomar]

Email is like sending a message on a postcard. How much expectation of privacy did you have doing that? The onus is up to the sender to protect the message instead of whining about any number of people who can and will inspect the email or the back of the postcard as it goes through the system.

Re:

[tizzo]

It's worse than that actually. From when a postcard leaves your mailbox until it arrives at the mailbox of the recipient, only the postal employees who handle it have legal access. If the recipient throws it away without destroying it, then it becomes publicly accessible. But mail in transit, even postcards, are protected by law from being accessed by any but specific people. Email on the other hand is placed on a wide open, publicly accessible, shared channel. Most people don't have the interest or wh

Re:

[BetterSense]

I'm not the only one that PGP encrypts my postcards, surely? The mail delay on vacations is pretty inconvenient, but hey.

Re:Email is like Postcards....

[Null Nihils]

I strongly disagree. I've said it before [slashdot.org], I'll say it again: It's not like mailing a postcard, it's like sending an electrically encoded text message over a packet-switched data network where the only expected viewing point is at the intended recipient's terminal; this is how the e-mail protocol was designed to work. Sure, a malicious party can read it because it's not encrypted, but someone can easily slice open a postal mail envelope and read the contents of that, too. (You can encrypt the text of your postal-mail letters, but one already has an expectation of privacy, so few people bother. Same as e-mail.)

The bottom line is, since a non-trivial effort has to be made to read the contents, and since the service has always been presented as a "sealed letter" (via GUI icons, ISP adverts, etc), the average user is not unreasonable in expecting privacy.

It should be obvious that the 4th amendment applies to e-mail.

Lawyers - go figure.

[dmgxmichael]

Judges, lawyers - fools and buffoons to every last man and woman among them. They think they understand logic. They boast about their reasoning prowess. Ever tried to translate any law into code a computer can parse?

They're all a bunch of script kiddies without a computer to puke their nonsense back at them. True logic lies in the machine.

If Congress had to write laws that were held to anything remotely approaching the standard of what computers require of programmers there would be about 3 pages left.

Re:

[thePowerOfGrayskull]

If Congress had to write laws that were held to anything remotely approaching the standard of what computers require of programmers there would be about 3 pages left.

Haha, good one. That, or you must not have been programming for very long... it's amazing the twisted and convoluted ways that programmers come up with to do the simplest of things. Check out "CodeSOD" on dailywtf.com sometime.

Why the court is wron

[ral]

In TFA Volokh, a distinguished law professor, explains why he thinks the court got it wrong:

For a real-world example, imagine you write a letter and photocopy it before you put it in the mail. You file the copy in your closet and send the original. During the course of delivery, the original is protected by the Fourth Amendment; when it arrives, you lose Fourth Amendment protection. But the fact that you lose Fourth Amendment protection in the original does not mean that the Government can break into your house and read the copy you made. Conversely, the fact that the recipient of the mail does not have Fourth Amendment rights in the copy does not mean that the government can break into the recipient's house to read the original.

Re:

[geekoid]

http://www.ca11.uscourts.gov/opinions/ops/200911897.pdf [uscourts.gov]

"Rehberg does not allege Hodges and Paulk illegally searched his home computer for emails, but
alleges Hodges and Paulk subpoenaed the emails directly from the third-party
Internet service provider to which Rehberg transmitted the messages."

So there was a subpoena, and the court says when you send someone information, the receiver can share your letter with anyone.

I may have missed it, but I didn't red where the government broke into anyones home without

ALOT more to this case that is disturbing...

[Felgerkarb]

For reference, here is the text of the appellate court judgment. [leagle.com]

IANAL but, wow! I had no idea how bad this could be! The story from the judgment is that some guy sent faxes to a hospital complaining and mocking the management. As a favor, some local prosecutors investigated and set up false prosecution INCLUDING FALSE TESTIMONY to a grand jury. They subpoenaed everything including emails and phone calls.

The long and the short of it is that, because they are prosecutors, they are given absolute immunit

Re:

[lorenlal]

Sadly the intersection of that population is way too small to matter to most of the politico...

Re:Encryption

[betterunixthanunix]

It should not be limited to sensitive email for the following reasons:

• This gives the government a clue about what emails you really want to hide -- and then they will just focus on those, possibly harassing the recipients.
• Some stupid politician will see this behavior and declare that email encryption is suspicious and pass some UK/China-esque laws about it.
• You never really know what statements of yours can be used against you. I read about a case where someone saying, "My life is over..." as they were arrested was accepted as evidence of their guilt. You may think a particular message is innocent, but there is no way to tell.
• Even your truly innocent messages can be turned into data points for the government (or a third party) to construct a profile about you, which can then be used as part of a broader attack.