Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Court Refuses To Rule On ECPA Warrantless E-mail Searches

Posted by Soulskill on Fri Jul 11, 2008 06:58 PM
from the not-yet-ripe dept.
The Courts Communications Government Privacy News
utkalum writes "After Steven Warshak's indictment and conviction on charges of mail and wire fraud, money laundering and other federal charges, he learned that key evidence in the case was obtained by the government under a 1986 law permitting no-warrant searches of email communications stored for longer than 180 days. He also learned that, despite the Electronic Communication Privacy Act's requirement that such searches be disclosed to the suspect no more than 90 days after they were commenced, the Government simply couldn't be bothered to comply. Now, the US Court of Appeals for the Sixth Circuit has refused (9-5) to hear Warshak's constitutional challenge to the Act (PDF), claiming that the question raised is 'not yet ripe' for adjudication. It's worth noting that the court also vacated an earlier injunction against using that act to read the e-mail of other people in Warshak's district. Read on for an excerpt from the ruling.
'Not only do "we have no idea whether or when" such a search will occur but we also "have no idea" what e-mail accounts, or what types of e-mail accounts, the government might investigate ... That uncertainty looms large in a debate about the expectations of privacy in e-mail accounts. The underlying merits issue in the case is this: In permitting the government to search e-mails based on "reasonable grounds," is 2703(d) consistent with the Fourth Amendment, which generally requires "probable cause" and a warrant in the context of searches of individuals, homes and, perhaps most analogously, posted mail? The answer to that question will turn in part on the expectations of privacy that computer users have in their e-mails — an inquiry that may well shift over time, that assuredly shifts from internet-service agreement to internet-service agreement and that requires considerable knowledge about everevolving technologies.'
+ -
story

Related Stories

[+] Expectation of Privacy Extended to Email 161 comments
An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"
[+] US Wants Courts to OK Warrantless Email Snooping 476 comments
Erris writes "The Register is reporting that the US government is seeking unprecedented access to private communications between citizens. 'On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. ... the position that the United States government is taking if accepted, may mean that the government can read anybody's email at any time without a warrant. The most distressing argument the government makes in the Warshak case is that the government need not follow the Fourth Amendment in reading emails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP.'"
Firehose:Court Refuses to Rule on ECPA No-Warrant Searches by utkalum (1324147)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Court Refuses To Rule On ECPA Warrantless E-mail Searches 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Bush told me... (Score:5, Funny)

    by packeteer (566398) <packeteer AT subdimension DOT com> on Friday July 11 2008, @07:02PM (#24159401)

    Its ok to break the law as long as your catching a bad guy right?

  • Bush told me.... (Score:5, Insightful)

    by Roskolnikov (68772) on Friday July 11 2008, @07:06PM (#24159437)

    This doesn't apply at the White House, apparently they don't archive their email.....or at least you can't prove that they may or may not......

  • Possession is 9 points of the law (Score:5, Insightful)

    by shanen (462549) on Friday July 11 2008, @07:12PM (#24159499) Homepage Journal

    Unless we own our personal information, we will have no privacy and no freedom. If I know *EVERYTHING* about you and have a few henchmen, then I can surely control you and eliminate your freedom. No one is perfect. You must have some weakness that can be approached. Some way to be bribed? Or surely you've made some embarrassing mistakes that could be leveraged against you? What's your hook? Gambling? Booze? Whatever it is, if I know enough about you, then I can eventually make you do whatever I want.

    Is there a solution? Yes. We must own our personal data. It cannot belong to the companies to buy and sell like oil futures and shares in gold mines. The strongest form of ownership is possession--the famous 9 points of the law. Once you have possession, then it is up to the other side to show they have some claim on your personal property (in the form of information in this case).

    If any company wants to store some information about me, they should be required to store it on *MY* computer. They can sign it so that I can't tamper with it. That's a trivial aspect. However, whenever they want to *USE* my information, they should be required to tell me why. This can mostly be automated in the form of my personal privacy preferences, and for most queries there is no reason I should stop them--but I should always be free to change my mind.

    (I only see one other alternative that preserves any personal freedom. That would be the total exposure of everyone's personal information. It would be a kind of war, but at least all of us could be on a kind of equal footing. Yet however much I would like to know the full truth about Dubya Bush, I don't think that's going to happen.)

    • Re: (Score:3, Insightful)

      by ColdWetDog (752185) *

      If any company wants to store some information about me, they should be required to store it on *MY* computer.

      OK, you keep your info on *YOUR* computer. I ask for it politely and you say, "OK" - I get some.

      Now, it's on *MY* computer. And the computer of anyone I give the information to.

      So, once the information is out there, it's out there. The only thing you can do is enforce laws that deal with information breaches and enforce them quickly and routinely. Unfortunately, that's exactly what's not

  • 'ripeness' is valid (Score:5, Informative)

    by Red Flayer (890720) on Friday July 11 2008, @07:13PM (#24159507) Journal

    Now, the US Court of Appeals for the Sixth Circuit has refused (9-5) to hear Warshak's constitutional challenge to the Act (PDF), claiming that the question raised is 'not yet ripe' for adjudication.

    Anyone who is going to tartly respond to this inflammatory statement would do well to read the link contained in the statement... 'ripeness' is an important legal concept, and it is clear that the matter is, as yet, unripe.

    In order for the 'ripeness' qualification to be met, decision on the claim must affect the outcome. It's clear from reading the link that the outcome would not be affected, since the government is unlikely to perform another ex parte search; and even if they did, it wouldn't matter, since the guy who was indicted knows full well that he is under indictment, and would be even more of a fool to leave any more emails hanging around for the government to search.

    As for the other issues, I'll not comment, since I don't think my words would bear the fruit.

    • Re:'ripeness' is valid (Score:4, Informative)

      by corsec67 (627446) on Friday July 11 2008, @07:25PM (#24159617) Homepage Journal

      This guy can't sue to prevent this from happening to other people?

      Could someone who hasn't been caught by this snooping sue?

      So, people who have been affect can't sue because it wouldn't happen again, and people who haven't been affected can't sue either?

      Or is my thinking just wrong? (IANAL, so that is easy)

    • Re: (Score:3, Insightful)

      by EdIII (1114411) *

      I am not sure I agree about "ripe". I am concerned about warrantless searches. I think there has to be a position on that, and an absolute one. The government absolutely cannot conduct any search in meat-space or cyberspace without a warrant from a Judge, who is a member of the Judicial branch of government.

      The fact that the government did not feel it had to comply with its own 90 day rule just shows how arrogant and "above the law" they feel that they are.

      In any case, if this was any more "ripe" we coul

      • Re:'ripeness' is valid (Score:5, Informative)

        by Londovir (705740) on Friday July 11 2008, @09:38PM (#24160663)

        In the same spirit of respect, I have to disagree with what you posted.

        If you read the entire opinion, the following was mentioned:

        - The government sought permission twice from a magistrate judge to gain access to the guy's email records. (So it's not a warrant, but it WAS an official court order)
        - The government had to demonstrate to the magistrate that the records they sought contained information "relevant and material to an ongoing criminal investigation" (So it wasn't a blind or frivolous fishing expedition)
        - The government was ordered by the magistrate to delay giving notice since the judge felt there was a credible chance of the guy tampering with evidence
        - The judge sealed the court orders related to the searches

        My point is, unlike other abuses of government warrantless work, at least this one had some measure of judicial review involved. That makes this case different, IMHO, than other warrantless wiretapping and such, and care should be taken to not draw conclusions about either with a broad stroke here.

        The court also felt that not only was the case "not ripe" for ruling (which has a very clear and painstakingly discussed meaning in the opinion), but that the guy partially argued on the wrong grounds. They almost suggest he MIGHT have had a shot of having his case heard if he'd argued 1st Amendment rather than 4th Amendment (since he alluded to the idea of a "chilling effect" when it comes to emails) - but he didn't, he argued 4th Amendment.

        In fact, from reading the opinion, it seems as though this guy completely "screwed up" his entire arguments. It sounds as though he sued on the grounds of future, potential searches, rather than on particular admissability of the emails that were gained during the prior 2 searches. It definitely was an issue that the guy sought to overturn ALL of 2703(d), for everyone, rather than just his particular case. The court makes great pains to state how they refuse to make a potential constitutional ruling for a general class situation where each person's particulars may be widely different.

        I'd say the court did a reasonable thing with this decision, all things considered. The guy clearly should have known from his Yahoo TOS that his emails weren't going to be fully private in the first case - and in fact it was pointed out in his own TOS that "emails will be provided to the government upon request." (That argues, possibly, that the government may have been able to get the emails from Yahoo without any court involvement at all - depending on how Yahoo wants to proceed)

        All in all, seems like nothing more to see here to me. Let's focus on FISA, where the real problems are, not on this non-case.

    • Re:'ripeness' is valid (Score:4, Informative)

      by cpu_fusion (705735) on Friday July 11 2008, @08:07PM (#24159973)

      I think you just described "mootness", not "ripeness."

      Ripeness is a prudential rule (i.e. court-created) that the court uses to basically say that not enough is understood about the pros and cons of a particular ruling for stare decisis at the appellate level.

      Sometimes the court invokes Ripeness when the counsel (or facts) are judged to be not adequate for a good decision. e.g. defense counsel sucks, or the facts suck, or whatever.

      I'm not saying either is the case here; it's just a dodge for the court.

      I think the prudential standing rules should be unconstitutional, but given that deciding constitutionality is the courts domain, I don't see them giving this power up.

    • Re:'ripeness' is valid (Score:4, Informative)

      by Free_Meson (706323) on Friday July 11 2008, @08:12PM (#24160005)
      A lot of folks here are going to complain about this decision without really understanding the case. It seems to me that this guy's lawyer made some poor decisions if he was pinning his hopes on this decision.

      It appears that Warshak asked for two things:
      -an injunction against future searches under 2703(d) without notice
      -a ruling on the constitutionality of 2703(d) on the grounds that it allows the violation of a citizen's reasonable expectation of privacy without a warrant

      On the first matter, the court's ripeness argument strikes the nail on the head. Warshak knows that he is under investigation now (indeed, he is convicted) so there's no need for judicially-delayed notification.

      On the second matter, the court points out that a citizen's reasonable expectation of privacy (REP) when using an electronic mail/data storage service will vary with the terms of service agreed upon between the citizen and the service provider. Thus, whether a citizen has a REP should be decided on a case by case basis.

      Warshak should be arguing that he had a REP and that the statute as applied to him was a violation of his 4th amendment rights. I don't think that's a winner, as 2703(d) appears to require probable cause or something like it.

      Probable cause:

      Probable cause is what would lead a person of reasonable caution and prudence to believe that a person, evidence, or contraband related to a crime is in a specific place at a specific time.

      2703(d):

      "a court of competent jurisdiction" may issue an order based on "specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

      2703(d) is slightly more broad than probable cause, as there is no need for the records or other information sought to be useful as evidence of a crime. They need merely be relevant and material. For example, a contact list from Warshak's email service provider may give investigators an idea of who to contact to discover more victims of his wire fraud scheme without itself being evidence of said scheme. In this case, though, I suspect that investigators would have had sufficient probable cause had they sought a warrant. As with a warrant, investigators had to prove to an impartial magistrate their reasonable belief that Warshak's service provider had evidence relevant to a specific criminal investigation. The principle advantage gained by using 2703(d) in this case appears to be the delayed notice provision.

  • Sorry dude (Score:3, Insightful)

    by NaCh0 (6124) on Friday July 11 2008, @07:15PM (#24159529)

    You're guilty and there is no way out of it on a technicality.

    The only concern for the rest of us is that we have so many damn laws on the books that many of them are starting to conflict.

    • Re:Sorry dude (Score:5, Insightful)

      by mabhatter654 (561290) on Friday July 11 2008, @11:23PM (#24161413)

      the other side BROKE THE LAW. How are THEY getting punished? The only remedy a defendant has is to try to get the case thrown out. The court has no remedy to sit the lawyers that chose to break the rules in jail next to him. The prosecution obviously won't arrest it's own people for breaking the law and this is where the legal system has broken down in the last 40 years or so. There is no court remedy for abuses unless the "prosecution" chooses to file the charges... that's highly unfair and not "justice".

      I'm not saying this guy shouldn't go to jail, but according to the facts of the case there should be a lawyer in jail next to him.

  • When courts refuse to enforce laws against govt (Score:3, Insightful)

    by hguorbray (967940) on Friday July 11 2008, @07:15PM (#24159531)

    this will further erode citizen respect for the rule of law

    Not to mention respect for the courts and gubmint

      -which I imagine is already pretty low given the current slide towards a fascist corporate oligarchy (I know that's a little redundant)

    -I'm just sayin'

  • After FISA, this does not surprise me at all.

    Another sad day for America.

    How will it all end?

    • Life is not fair. We hope for fairness and justice and are really let down when it doesn't happen.

      Fairness and justice are a promise we've been given as children.

      After a number of years of being told how fair things should be, we are then taught that we shouldn't quite expect that.

      How will it end? It won't be all that different than it is now. People in power will give a hard time to those they don't like, undue favour to those they do like and most everyone else will be ignored. They will just have a whole

  • hmm (Score:3, Informative)

    by nomadic (141991) <nomadicworld@NOSpAM.gmail.com> on Friday July 11 2008, @07:45PM (#24159789) Homepage
    Before everyone expends all that energy being outraged, the relevant statute is here [justice.gov].:

    While some of its aspects are kind of on the border of due process, it is not a generic "no warrant needed" law.

  • my position is: why does anyone expect communications going out on an open wire to be safe from snooping eyes? or even more absurd: why does anyone trust the government to ensure this illusion of privacy?

    if you have anything of secrecy, encrypt it, or keep it off the net

    i'm not excusing the governments behavior, but what i am saying is that the entire subject matter of privacy on the internet is absurd. at every node someone can snoop, not just the government. isps, criminal interests, corporate interests, just plain random goofballs

    its NOT like the government coming into your home and ramsacking your stuff behind a locked door. its you piling your stuff out in the middle of main street and expecting the local police to ensure no one looks at it or takes it, and then crying bloody murder when a cop looks at it. you put it out there, why do you expect privacy? i don't get it, i never understood why this subject matter works people up into such a lather

    to me, as soon as i hit send in my email box, if i haven't encrypted it, i EXPECT it to be seen by someone else

    its not like i've cynically given up on government, its rather that i recognize the technology is not securable, regardless of whether the government ensists on absolute privacy in electronic communications or is a fascist state who insists on looking at your every word. either way, i don't see how the technology of the internet confirms a position of privacy. its just better to assume someone else is going to see it, right?

    so i'm either totally crazy or way ahead of the curve, i don't know

    everyone gets so emotional about this issue, and i just don't understand the panic and hysteria over losing a protection that never existed in the first place, or ever could possibly exist, regardless of the law being ultrafascist or ultraprotectionist

  • Why were his messages even available? (Score:3, Interesting)

    by yuna49 (905461) on Friday July 11 2008, @10:20PM (#24160967)

    From the ruling:

    "The government sought permission from a magistrate judge to require Warshak's internet service
    providers--NuVox Communications and Yahoo!--to turn over Warshak's account information,
    "[a]ll [l]og files and backup tapes" and the contents of e-mails that had been "accessed, viewed, or
    downloaded" or that were more than 181 days old."

    Why were his emails still available to government in the first place? Does this mean that Yahoo maintains copies of every email sent through its system for time immemorial? Looking at both Yahoo's Privacy Policy [yahoo.com], and its policies concerning email [yahoo.com] in particular, I see nothing about archiving emails or the length of time the archives are maintained. Should I infer from this case that any email anyone ever sent to anyone on Yahoo is archived somewhere and available for government perusal at any time?

    I know there is an ongoing controversy between ISPs and the Justice Department concerning the archiving of logs containing login information, but how many Yahoo users do you think might be surprised to hear that all their email is archived, too? Why isn't Yahoo required to tell its users about these policies, which seem to raise much bigger privacy concerns than whether they might send me an "Alert" once in a while?

    • The 9th Circuit could have decided the facts presented in this case (the close opinion is proof enough of that)

      Doubtful, since the opinion was produced by the 6th Circuit.

    • Re:Everevolving technologies? (Score:4, Insightful)

      by Null Nihils (965047) on Friday July 11 2008, @08:06PM (#24159959) Journal

      There really should be no expectation of privacy in e-mail.

      Who are you to decide that? Like I said in a post on a similar topic [slashdot.org]:

      "...the canonical user interface icon for e-mail is... a sealed envelope. Even ISPs will present their e-mail services with such an image.

      In other words, the snagging point is the definition of "expectation of privacy" -- but the situation is really quite simple: The average user simply expects privacy, but the government is trying to force them to abandon that expectation, so they can then go and install ubiquitous e-mail surveillance without violating the letter of the US Constitution. The government is trying to win by arguing semantics, so what I find hardest to believe is that anyone is taking all this blatant skullduggery seriously.

      ... It's not like mailing a postcard, it's like sending an electrically encoded text message over a packet-switched data network where the only expected viewing point is at the intended recipient's terminal; this is how the e-mail protocol was designed to work. Sure, a malicious party can read it because it's not encrypted, but someone can easily slice open a postal mail envelope and read the contents of that, too.

      The bottom line is, since a non-trivial effort has to be made to read the contents, and since the service has always been presented as a "sealed letter", the average user is not unreasonable in expecting privacy."

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.