Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
United States Privacy The Courts Your Rights Online

11th Circuit Eliminates 4th Amend. In E-mail 490

Posted by CmdrTaco
from the well-that's-not-very-good dept.
Artefacto writes "Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages."
This discussion has been archived. No new comments can be posted.

11th Circuit Eliminates 4th Amend. In E-mail

Comments Filter:
  • Once again (Score:4, Insightful)

    by Pojut (1027544) on Tuesday March 16, 2010 @08:36AM (#31494468) Homepage

    I've linked to it many times in the past, and it seems like a perfect time to do so again:

    http://haacked.com/images/TerroristsHateFreedom.gif [haacked.com]

  • Self Hosting (Score:3, Insightful)

    by carp3_noct3m (1185697) <slashdotNO@SPAMwarriors-shade.net> on Tuesday March 16, 2010 @08:39AM (#31494496)
    Well, I'm curious about something, how does that apply when I control and run my own domain and email, but it is hosted by a third party? I have been using dreamhost for the past 3 years and I love it, but would they have to only contact dreamhost or do they have to contact me as well? There seem to be two alternatives, one of which I am already partially implimenting, that is 1) Hosting your own email on your own server (at home) and 2) (the one I'm partially doing) Encrypting email whenever possible. People often forget that email is plain text, and unless you are encrypting it, it could be comprimised at any number of locations and generally should not be considered pragmatically private at all.
  • Encryption (Score:3, Insightful)

    by outofpaper (189404) on Tuesday March 16, 2010 @08:39AM (#31494498) Journal

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    This is why the use of encryption is a must. Sending email is like sending a postcard, except that copies of it are made and stored for perusal by government officials and ISP employees. Since most people use Firefox they should check out the amazing http://getfiregpg.org/ [getfiregpg.org]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
    Comment: Use GnuPG with Firefox : http://getfiregpg.org/ [getfiregpg.org] (Version: 0.7.10)

    iF4EAREIAAYFAkufikAACgkQmu9IBuIu3yEYOgD/dDFE5oEieIS9PWP7dUm+rOXU
    1yfiGTlXropncPeFhX0BAIaYlc1iecFMV3CE2G2w7zZXO7pNlWEVqHS0yD9J2Z3j
    =HF92
    -----END PGP SIGNATURE-----

  • by Anonymous Coward on Tuesday March 16, 2010 @08:47AM (#31494576)

    Email is more like a telegraph than a postcard.
    With a postcard (in the US) you hand it over to a government (now quasi-gov) agency that is legally bound to handle your message in confidence.

    With the telegraph system you sent a message in cleartext via a series of intermediaries [telegraph operators/mail servers] none of which were guaranteed to work for the same company. And the message was sent a a series of binary signals (dots-dashes/ones-zeros)
     

  • Re:Encryption (Score:3, Insightful)

    by gzipped_tar (1151931) on Tuesday March 16, 2010 @08:48AM (#31494608) Journal

    Unfortunately, /. sometimes sees a GPG-signed message as junk that fails to pass its bullshit "bullshit filter". Especially when you use SHA512 as the hash function.

    Filter error: That's an awful long string of letters there.

  • by MikeRT (947531) on Tuesday March 16, 2010 @08:53AM (#31494682) Homepage
    To the outrage of a number of people I've met, I've suggested that the legal profession is actually not inherently an extremely intellectually rigorous profession on the grounds that most of its "complexities" are what programmers and engineers call "hacks" and in more layman terms, "making shit up as you go along." Exhibit A:

    To see where the 11th Circuit is getting this argument, you need to know a little bit about how the Fourth Amendment protects postal mail and packages. The Fourth Amendment ordinarily protects postal mail and packages during delivery. The same rule applies to both government postal mail and private delivery companies like UPS: As soon as the sender drops off the mail in the mailbox, both the sender and recipient enjoy Fourth Amendment protection in the contents of the mail during delivery. When the mail is delivered to the recipient, the sender loses his Fourth Amendment protection: The Fourth Amendment rights are transfered solely to the recipient. In practice, this works pretty simply: Each party has Fourth Amendment protection in the mail when they’re in possession of it, and both the sender and receiver have Fourth Amendment rights in the contents of the mail when the postal service or private mail carrier is holding the mail on their mutual behalf.

    Exhibit B:

    The Supreme Court “consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”

    Now, a person of **reasonable** intelligence has to ask why the Post Office is holding it in care of the parties and an ISP is not. Even if you expand this out, each party in the routing from point A to point B of the packets of the email message is holding that data temporarily in care of party A until it reaches the email provider of party B who, in turn holds it in care of party B. The very essence of this is that each third party is acting, in a daisy chained relationship, like the Post Office with respect to the transportation of that communication.

    Mr. "I have a doctorate in law [wikipedia.org] judge Joe Shmoe" apparently doesn't have the basic sense once attributed to the peasantry to apply the existing rulings to a new scenario. It's not rocket science. There is no reason why email should be subjected to a different standard than snail mail, unless that standard is even more restrictive of the government since some email systems even go so far as to use systems like SSL to explicitly add a level of privacy expectation to the communication not readily had by the average person with snail mail.

  • by betterunixthanunix (980855) on Tuesday March 16, 2010 @09:05AM (#31494918)
    Sadly, most people see encryption as an annoyance that prevents them from checking their email on random computers. They do not frankly care about whether the government reads their mail, "I have nothing hide," etc. Convenience trumps all, always.
  • by Jenming (37265) on Tuesday March 16, 2010 @09:12AM (#31495048)

    In order for Fourth Amendment protections to apply, the person invoking the protection must have an objectively reasonable expectation of privacy in the place searched or item seized.

    I don't know about you, but when I send an unencrypted email I have no expectation of privacy from the moment the text leaves my computer.

  • Constitution (Score:1, Insightful)

    by Anonymous Coward on Tuesday March 16, 2010 @09:19AM (#31495160)

    So what does the 4th amendment of the constitution say about email? Did they even have the telegraph when that was passed? I doubt it.
    The needs to be a new set of rules written and added to the constitution for the modern electronic digital age. (And passed by elected representatives (senate, congress) and not judges who were appointed last century.

  • by Low Ranked Craig (1327799) on Tuesday March 16, 2010 @09:20AM (#31495164)
    Depends on the state. I live in Arizona and I carry a handgun anytime I feel like it, anywhere but a bank or a federal building. I don't usually, because it's not necessary. Don't try this in California unless you want to see the inside of a jail cell. Gotta love states that can arrest you and convict you for exercising your constitutional rights.
  • by bhima (46039) * <Bhima@Pandava.gmail@com> on Tuesday March 16, 2010 @09:22AM (#31495214) Journal

    Encryption can only be useful for emails when people use it for all or most of communications, so that one does not instantaneously flag communications of interest. Looking at my email habits, there are: 4 people who work for firms where encryption is specifically forbidden in company policy. 12 people who absolutely could not be taught how to use encryption... Including my mother who writes email as if she sending a telegraph and is paying per character. 2 people who could use encryption but who don't use it either, for the same reason I don't, the pool of potential recipients is too small.

  • Re:Hold on... (Score:3, Insightful)

    by bmo (77928) on Tuesday March 16, 2010 @09:30AM (#31495350)

    Bob cannot go and post an email that Alice sent to him on Facebook

    Huh?
    What?

    Name a single court case where this was true in the US. Even those "this is confidential blah blah blah delete if received in error blah blah" "warnings" are nothing but attempts at intimidation with no basis in law.

    --
    BMO

  • by Null Nihils (965047) on Tuesday March 16, 2010 @09:31AM (#31495366) Journal
    I strongly disagree. I've said it before [slashdot.org], I'll say it again: It's not like mailing a postcard, it's like sending an electrically encoded text message over a packet-switched data network where the only expected viewing point is at the intended recipient's terminal; this is how the e-mail protocol was designed to work. Sure, a malicious party can read it because it's not encrypted, but someone can easily slice open a postal mail envelope and read the contents of that, too. (You can encrypt the text of your postal-mail letters, but one already has an expectation of privacy, so few people bother. Same as e-mail.)

    The bottom line is, since a non-trivial effort has to be made to read the contents, and since the service has always been presented as a "sealed letter" (via GUI icons, ISP adverts, etc), the average user is not unreasonable in expecting privacy.

    It should be obvious that the 4th amendment applies to e-mail.
  • by AndersOSU (873247) on Tuesday March 16, 2010 @09:43AM (#31495556)

    I actually think the telegraph is a fantastic analogy for email. A message is drafted by one party, transmitted from one intermediary to another electronically, and delivered to the recipient. The intermediaries probably even keep logs of some information.

    I'm too lazy to look up the legal understanding of privacy for a telegraph, but if I were involved with this case, I think it would make a good start.

  • by demonlapin (527802) on Tuesday March 16, 2010 @09:51AM (#31495684) Homepage Journal
    Your snail mail enjoys no protection if, as on a postcard, there is no attempt to shield its contents from public view. Encrypt your email and things may change (IANAL, don't know for sure if they do - e.g., would it then be permissible to brute-force any encryption without a warrant, or does the mere act of encryption indicate an intent that something should be private?)
  • by fyngyrz (762201) on Tuesday March 16, 2010 @09:59AM (#31495826) Homepage Journal

    Any US court that tries to argue that email isn't "protected" has little to no understanding of the US constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    EMail is modern mail; and mail is one case of the "papers" mentioned in the 4th amendment. The US mail is a 100% analogy here. Sure, someone can easily can look in an envelope during its trip between parties, or at either end, but the 4th says you have the right to be secure in your papers and effects, so it is illegal to do so. EMail is precisely the same kind of communication. It isn't about the fact that someone can look; it is about your right to privacy, to expect that they shall not look, and if they do, they have harmed you.

    This covers why email is protected as a side issue of the main discussion: On Privacy [fyngyrz.com].

  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Tuesday March 16, 2010 @10:20AM (#31496172) Homepage Journal

    With unencrypted email, the communications are broadcast to the world

    No, they're unicast to a mailhost.

    and expected to pass through many different systems,

    Kind of like a letter.

    some of them managed by people with no direct relationship with either the sender or the receiver,

    I assume you mean the interim switches and routers? Because the mailhosts involved should all be operated by a person or entity with a direct relationship with the sender or receiver in the vast majority of cases.

    shouted out to an ethernet on every hop.

    Not true. Sometimes they're shouted out to a fiber ring.

    And yet, some people are expecting the same sort of legal expectation of privacy to still exist,

    Legal expectation of privacy is expected to function even when literal privacy has broken down.

    even though from a technical and common sense viewpoints, an expectation of privacy is pretty much diametrically opposite from "reasonable."

    And today, we expect to be protected from people watching what we're doing in our houses with the shades drawn, even though the technology exists to do it (e.g. backscatter X-ray.)

    Give up.

    You give up. Too bad, though. Resistance is more effective when united.

  • by Trails (629752) on Tuesday March 16, 2010 @10:21AM (#31496190)

    It's not "fair game". The constitution grants protection against unreasonable searches and seizures. Just because you leave something sitting on your porch does not give the gov't a right to walk up and grab it.

    Further, the presence of https is encryption simply between the user and their immediate provider. It has nothing to do with the format of the message on the server or in transit, hence it is irrelevant to this discussion. It is not, as you put it, "end-to-end". Something like PGP would be. That being said, the concept of having to actively add security in order to protect yourself from unwarranted search and seizure by the gov't is preposterous on its face, and certainly contrary to the spirit of the US constitution. The onus is on the government to provide just cause, not on the citizens to protect themselves from intrusive gov't measures.

  • by ElectricTurtle (1171201) on Tuesday March 16, 2010 @10:44AM (#31496540)
    Not that I'm trying to get you to switch banks or anything, but I just want to make sure you know that there are banks in AZ that are accommodating. I hear [mywowbb.com] that TruWest Credit Union has a policy to not exceed state law. Other people in that thread have noted tolerance from Chase, Bank of America, and Hughes FCU.
  • by Kjella (173770) on Tuesday March 16, 2010 @11:14AM (#31497104) Homepage

    Talking on the phone isn't encrypted, having a conversation isn't encrypted, regular envelopes are the digital equivalent of ROT-13 and only protects against casual observation. "Expectation of privacy" is not something that applies only to unbreakable cryptographic safes, if it did it wouldn't have existed until the PC age.

    You may not have any expectation of privacy from the recipient, but if you consider that "voluntary disclosure" then the fourth amendment doesn't protect any communication at all. You don't have a reasonable expectation of privacy when making a phone call because it's hard to listen in - people do that in phone conferences every day - but because you generally don't expect anybody listening in. Likewise, when you send or recieve mail I don't expect people to be reading through my mail. Sure, it's technically trivial for a mail server to BCC away a copy of everything, just like it's trivial to make every phone call a conference call with the government but that would grossly violate the privacy I was expecting.

    Of course I can provide it myself via encryption by the digital equivalent of writing coded letters, but nobody claims that the fourth amendment protection only applies to coded letters. Why then do you set a standard that is so much higher for what you must do and so much lower for the government? I understand that it's preferable to rely on yourself rather than the government, but that has limits. If the only thing the government won't do are the things it can't do you're in big trouble, because I'm fairly sure they could find a cell to throw you in. If you don't expect them to care about your right to privacy, why do ytu expect them to care about any other?

    Yes, it's possible that the contents of an unencrypted mail will end up being seen by some system administrator. But to me, that is the equivalent of a postal package being damaged in handling and the contents spilling all over the floor. Though shit, if that's kiddie porn all over the floor I fully expect you to go to jail anyway, expectation of privacy or not. But that is entirely different than a government that will open everything on purpose, that is exactly why the amendment was created. Not to stop the government from doing the impossible, but from doing the very possible act of reading your (e)mail.

  • by IndustrialComplex (975015) on Tuesday March 16, 2010 @11:16AM (#31497138)

    Email is a post card. Anyone can read it along the route. Anyone can choose to use that information. The government can request the information anywhere along the route.

    If you write a death threat on a postcard, your mail carrier may report that information to the authorities.

    So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.

    You can't just say encryption, because encryption is not trival to open like an envelope, I'd have to ensure that EVERYONE I ever wanted to send an email to has a special bit of equipment (software) that has been setup. Could you imagine if the only way your mail was secure was if you had to encase it in a metal envelope that was welded shut?

    Just because someone COULD read the message doesn't mean that it shouldn't be protected and treated as if the person just passes it along. This concept of 'sufficient' measures to ensure privacy is getting insane.

  • by Coren22 (1625475) on Tuesday March 16, 2010 @11:36AM (#31497490) Journal

    I don't know about that, Following the link provided by jdgeorge http://yro.slashdot.org/comments.pl?sid=1584520&cid=31495234 [slashdot.org], Maryland doesn't seem to have terrible laws, the 7 day waiting period and no guns for Felons makes sense, and having to watch a safety video is a good move. Were you perhaps meaning the concealed carry laws?

  • by fyngyrz (762201) on Tuesday March 16, 2010 @11:50AM (#31497710) Homepage Journal

    that's pre-9/11 thinking.

    Thank you for the complement.

  • by lwsimon (724555) <lyndsy@lyndsysimon.com> on Tuesday March 16, 2010 @12:15PM (#31498096) Homepage Journal

    Try owning a handgun in the city of Chicago, or New York City.

  • by Zerth (26112) on Tuesday March 16, 2010 @01:52PM (#31499598)

    Your mail comes in an envelope(trivial encryption).

  • Re:Case Summary (Score:5, Insightful)

    by Cytotoxic (245301) on Tuesday March 16, 2010 @02:23PM (#31500066)
    Holy crap, that was a terrifying read. Basically the appeals court found that the prosecutor and cop in the case were granted Absolute Immunity from prosecution for their actions in intentionally framing this guy for multiple felony and misdemeanor crimes. The appeals court found that the plaintiff did indeed get falsely accused, and that the prosecutor knowingly participated in presenting false testimony to get indictments - but the poor guy has no recourse.
  • by Chris Burke (6130) on Tuesday March 16, 2010 @02:58PM (#31500560) Homepage

    So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.

    Thank you.

    Too many geeks around here seem to think "privacy" is the same as "security".

    You don't encrypt your email or seal your correspondence in a tamper-proof opaque envelope because you want privacy, you do that because you want your private email to be secure against someone violating your privacy. Not to create the concept of expectation of privacy in the first place.

    If that were the case, the 4th Amendment search and seizure clause would be pointless. "You can't read someone's private correspondence, unless you can, in which case it isn't private".

"Why waste negative entropy on comments, when you could use the same entropy to create bugs instead?" -- Steve Elias

Working...