Slashdot Log In
Expectation of Privacy Extended to Email
Posted by
ScuttleMonkey
on Mon Jun 18, 2007 05:09 PM
from the making-it-harder-to-snoop dept.
from the making-it-harder-to-snoop dept.
An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"
Related Stories
[+]
The iPhone Meets the Fourth Amendment 505 comments
background image writes "According to Alan M Gershowitz, the doctrine of "search incident to arrest" may allow devices such as mobile phones, PDAs and laptops to be thoroughly searched without either probable cause or warrants [PDF download below abstract]. Incriminating evidence found in such searches may be used against you whether or not it is germane to the reason for the original arrest. He notes, 'Obviously, the framers of the Fourth Amendment could not have conceived of a handheld technological device like the iPhone, and courts have not yet been called upon to answer most of the difficult questions posed by such devices.' We've discussed similar search issues recently, as well as other privacy concerns related to modern technology.
[+]
Court Refuses To Rule On ECPA Warrantless E-mail Searches 32 comments
utkalum writes "After Steven Warshak's indictment and conviction on charges of mail and wire fraud, money laundering and other federal charges, he learned that key evidence in the case was obtained by the government under a 1986 law permitting no-warrant searches of email communications stored for longer than 180 days. He also learned that, despite the Electronic Communication Privacy Act's requirement that such searches be disclosed to the suspect no more than 90 days after they were commenced, the Government simply couldn't be bothered to comply. Now, the US Court of Appeals for the Sixth Circuit has refused (9-5) to hear Warshak's constitutional challenge to the Act (PDF), claiming that the question raised is 'not yet ripe' for adjudication.
It's worth noting that the court also vacated an earlier injunction against using that act to read the e-mail of other people in Warshak's district. Read on for an excerpt from the ruling.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
too bad (Score:5, Insightful)
It's just a shame that the right decision comes down on the side of the spammer.
Re:too bad (Score:4, Interesting)
Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text.
Parent
Re:too bad (Score:5, Insightful)
Nothing in the current decision suggests that, since it is about the meaning of the Fourth Amendment and therefore the limits of government power.
So are much of the the hardcopy material in which you have a reasonable expectation of privacy under the Fourth Amendment. Encryption has never been a Constitutional prerequisite to a reasonable expectation of privacy.
Parent
Re:too bad (Score:5, Insightful)
One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium. I predict in the future a huge legal case where this exactly is the crux -- the question, what is the expectation of privacy in an unencrypted email? I further predict that the result will be similar to a postcard, not a letter.
To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.
Parent
Re:too bad (Score:5, Insightful)
Encryption is like shipping your letter in a box with a combination lock on it. That may be a really good idea if the contents of the letter are extremely important, but 100% absolutely NOT required for you to have an expectation of privacy vis a vis the 4th Ammendment.
People keep confusing "expectation of privacy" with "practical feasibility of someone violating their privacy if they want to". They are not the same thing. As a techie you might think it has something to do with how difficult it is to read email, but that's really irrelevent, which is obvious if you look at every other method of communication.
I have an expectation of privacy when conversing in my home, even though just putting your ear to my window would allow you to hear.
I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.
I have an expectation of privacy when sending a letter, even though a light shone through the envelope can reveal its secrets.
Now, if you are worried about people who don't care about your expectations of privacy or the law, and your data is important, then yes you should be aware of the practical reality and take extra precautions, eg encryption, or a sound-proof booth in your home, or whatever. That is not the same as an expectation of privacy.
Expectation of privacy means you expect you will be granted privacy, not that you expect that nobody can breach your privacy.
Parent
Re:too bad (Score:4, Funny)
One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter.
But how can this situation be likened to a car? Car analogies are always the best way to explain complicated things!
Parent
Re:too bad (Score:4, Insightful)
Actually - I have a very high expectation of privacy for that postcard. Why shouldn't I? It's not on public display and at no point in its transit from sender to recipient is it ever in a state where a casual member of the public can gain acess to it to read it.
In fact, it takes abnormal conditions (mailbox fails in some manner and the postcard ends up on the ground) or deliberate malfeasance (somone reaches into the mailbox or delivery vehicle) for it to become exposed to a third party. Furthermore, a letter in an envelope has exactly the same privacy failure modes with the trivial requirement of opening the envelople required.
Precisely - regular email cannot be acessed by a third party absent accident or malfeasance.
This is precisely why your analogy fails - it's easy to sniff around if the person has privileged acess _or_ deliberately utilizes tools to perform the sniffing. Just like a physical letter (or postcard) it takes either a systematic failure or deliberate action to view the contents of an email, it is virtually impossible to do so casually.
Parent
Re:too bad (Score:4, Interesting)
Don't know how email works in your organization but here it's encrypted until it hits the first MTA. An ethernet sniffer won't get you anywhere. A postcard also cannot be removed from the mailbox by anyone other than the recipient, a representative, or through a court order. That sounds about right for email.
Just because it's realistic to say that a few people might read the postcard while handling your mail doesn't mean that the police should be able to just grab all your mail and rifle through it without a warrant.
Parent
Re:too bad (Score:5, Insightful)
The difference is that the casual observer can hear two people holding a conversation in a public place. You cannot casually observe email without explicitly trying. That is the big difference, it takes effort to look at email and that is why there is an expectation of privacy.
I've dealt with a few organizations where they've sent credit card info in an email. They are business cards with fraud protection so most people don't worry about it. Of course you must trust the recipient. Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path. In either circumstance an alternate crime has already been committed and will be dealt with. I'm not sure there has ever been a case of credit card fraud because someone sent and email with credit info and the message was intercepted. It's always the recipient of the information mishandling the data in some way.
Personally I don't care either, what I write in email I freely share with others because I use my corporate account. I'm the only one in the company authorized to go through email so I really don't have to worry, beyond that it just doesn't matter. If you speak ill of someone speak ill of them to their face. I've never been afraid of my emails being public but given that the execs often plan secretive meetings and the future of the company through email I can understand the expectation of privacy. Just because I can go through everyone's email doesn't mean that I do. I require a specific reason and only then will I move forward. I do this even when an exec asks me to pry into email accounts. If they don't have a reason then I don't do it. The company lawyer supports me in it all so I'm pretty safe.
I would agree that sending CC info in email isn't necessary the brightest thing to do but no more so than giving it over the phone to someone which also enjoys an expectation of privacy.
Parent
Telegraphs are the most analogous (Score:5, Informative)
It is basically the same things 1s & 0s (long & short dashes) transmitted over copper wires (or fiber now a days) relayed by a machine or person (depending on the tech).
And even when relayed by a machine the Admin of the machine can read any email on the server. Email passes through multiple servers, at least the sending SMTP and the receiving POP/IMAP machines. I have no control over my ISP's POP server or the Admin thereof.
I assume there was no expectation of privacy in a telegraph and there should be none in an email. It would be nice, but it ain't how it works.
And now for some commentary from a real lawyer.
http://volokh.com/archives/archive_2007_06_17-200
[Orin Kerr, June 18, 2007 at 11:49am] Trackbacks
Sixth Circuit Blockbuster on E-Mail Privacy: In an earlier blog post on a pending case in the Sixth Circuit, Warshak v. United States, I figured there was no way the court would get to the merits of the Fourth Amendment issue lurking in the case: there were no facts yet and no decided statutory law, and surely the panel wouldn't be so reckless as to presumptively strike down a federal statute in the absence of facts or law given the procedural problems with the case. I had a funny feeling things would turn out differently when I learned who was on the panel, though, and that funny feeling turned out to be justified: the panel just issued a blockbuster decision that tries to answer how the Fourth Amendment applies to e-mail (all without any facts, amazingly) based on arguments from amicus briefs that the government didn't address all in the context of an appeal from a preliminary injunction. Wow. More on the decision later today.
UPDATE: Here's the key part of the opinion:
[Start Quote]
[W]e have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP. The content of e-mail is something that the user "seeks to preserve as private," and therefore "may be constitutionally protected." Katz, 389 U.S. at 351. It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past. See Katz, 389 U.S. at 352 ("To read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.")
[End Quote]
Notably, the court's Fourth Amendent analysis combines aspects of the probabilistic, private facts, positive law and policy model (the above-quoted section being from the policy model section).
Parent
Re:Telegraphs are the most analogous (Score:5, Informative)
Why do you assume that?
Granted, by the nature of the telegraph, you had to have an operator on each end to transmit/transcribe your message. With the exception of that pair of people, why would anyone expect that their message is not private? Certainly with regards to law enforcement -- I would assume there was an expectation that the telegraph operator would not hand your missive directly over to a law enforcement officer unless that officer had a warrant, and similarly an expectation that the nobody including the police would tap the transmission line and listen in on your message.
If there was a version of the telegraph which required no operators, then there would be no reason not to expect complete privacy.
But why pick the telegraph which has an obvious privacy-related flaw when we also have the example of the telephone? This is more apt because it does not have the same flaw as the telegraph, and because these days the machinery for transmitting voice data and email data is the same. Also it serves a similar function in that it's intended as a person-to-person form of communication. Do we have an expectation of privacy in phone calls as a matter of law? Yes! So should we with e-mail? Yes!
And you have that same "expectation of privacy" even if you are using an old-school easy-as-piss to overhear cordless phone. Just because it's easy to violate your privacy does not mean it is okay for people to do so. Just like when you send a postcard you have the same expectation. Sure, someone might read it, that's a practical reality. But as a legal reality neither police officers nor private detectives are allowed to pluck postcards from your mailbox and read them.
Mail and phone both have expectations of privacy, why should not email?
Parent
Re: (Score:3, Informative)
I think it's a dumb snake-oil product with a dumb ad campaign, but "spammer" is not the correct word to use as far as I know. Spam is not used to describe TV ads that help pay for what you are watching. The OED's definition is about bulk messaging over the Internet.
Re:too bad (Score:5, Funny)
I agree.
Well, except for rich people. And pharmaceutical companies that spend more on advertising than research. AFAIK, they're first against the wall.
But yeah, equal treatment for everyone else.
Parent
Re:too bad (Score:4, Funny)
Parent
Re:too bad (Score:4, Funny)
While you collect the $20'000 for the M16, I can get 10 AK-74s and 50kg of ammo... and still have some money left over.
See - you don't need money, just some common sense.
Parent
Great! (Score:5, Funny)
Patriot act (Score:5, Interesting)
Enzyte verdict (Score:3)
My T-shirt (Score:5, Funny)
In civil cases, all your email is discoverabable (Score:5, Informative)
A magistrate judge ordered me to turn over all email requested by the other side in a federal civil lawsuit. This included email to my parents and my wife which discussed my feelings about the case, possible legal strategy, family member's health, etc.
I have come to understand that, in a civil case anyway, anything you document is discoverable (with the exception of communication between youself and an attorney and youself and an expert witness). I argued that the email was not relevant, but the courts are usually inclined to allow the other side to see it and decide for themselves. The other side got to pour over 500+ emails that have absolutely no relevant information.
details are here:vilana financial [cgstock.com]
Re: (Score:3, Insightful)
Unlikely. Slashdot comments are public by design. Webmail is simply an interface to otherwise regular email message, which this covers under the logic they are intended for an identified recipient and provided to other intermediaries on the way for delivery, much like traditional mail.
Re:Can we extend this (Score:4, Funny)
Parent
Re:wording (Score:4, Funny)
Parent
Re:Enzyte Why? (Score:5, Funny)
I never understood how Enzyte ever got that big
Apparently they use their own product ...
Parent
Re:Well... (Score:5, Funny)
Parent