Expectation of Privacy Extended to Email 161
An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"
too bad (Score:5, Insightful)
It's just a shame that the right decision comes down on the side of the spammer.
Re:too bad (Score:4, Interesting)
Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text.
Re:too bad (Score:5, Insightful)
Nothing in the current decision suggests that, since it is about the meaning of the Fourth Amendment and therefore the limits of government power.
So are much of the the hardcopy material in which you have a reasonable expectation of privacy under the Fourth Amendment. Encryption has never been a Constitutional prerequisite to a reasonable expectation of privacy.
Re:too bad (Score:5, Insightful)
One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium. I predict in the future a huge legal case where this exactly is the crux -- the question, what is the expectation of privacy in an unencrypted email? I further predict that the result will be similar to a postcard, not a letter.
To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.
Re:too bad (Score:5, Insightful)
Encryption is like shipping your letter in a box with a combination lock on it. That may be a really good idea if the contents of the letter are extremely important, but 100% absolutely NOT required for you to have an expectation of privacy vis a vis the 4th Ammendment.
People keep confusing "expectation of privacy" with "practical feasibility of someone violating their privacy if they want to". They are not the same thing. As a techie you might think it has something to do with how difficult it is to read email, but that's really irrelevent, which is obvious if you look at every other method of communication.
I have an expectation of privacy when conversing in my home, even though just putting your ear to my window would allow you to hear.
I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.
I have an expectation of privacy when sending a letter, even though a light shone through the envelope can reveal its secrets.
Now, if you are worried about people who don't care about your expectations of privacy or the law, and your data is important, then yes you should be aware of the practical reality and take extra precautions, eg encryption, or a sound-proof booth in your home, or whatever. That is not the same as an expectation of privacy.
Expectation of privacy means you expect you will be granted privacy, not that you expect that nobody can breach your privacy.
Re: (Score:3, Informative)
No you don't. From here [ufl.edu] (among other places):
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
My understanding of the phrase "expectation of privacy" is that it means that any evidence that is collected via your packet sniffer would not be admissible in court unless it was obtained with a warrant. This doesn't make the tool illegal, or likely even illegal to use, just that it would not be admissible evidence.
If my reading of this is correct this is probably a good thing.
Re: (Score:2)
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:3, Interesting)
How much leeway does the U.S. government have with the postal service to begin with
Re: (Score:2)
Re:too bad (Score:4, Funny)
One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter.
But how can this situation be likened to a car? Car analogies are always the best way to explain complicated things!
Re: (Score:2)
A postcard, or a plaintext email, is like the front seat of your car: you have very low expectation of privacy because it's in plain public sight. A cop who pulls you over for a minor infraction will see your drugs sitting in the passenger seat and ask you about them.
A sealed letter, or an encrypted email, is like the trunk of your car: you have a high expectation of privacy because it's hidden from sight and locked. A cop who pulls you over needs consent or probable cause to search
Re: (Score:2)
So you're saying that if your ISP lets a cop root through all the user mail, maybe because he really needs to get that url so he can get some viagra, that if he accidently looks at your mail and sees something, he can take action. Somehow this
Re: (Score:2)
Re:too bad (Score:4, Insightful)
Actually - I have a very high expectation of privacy for that postcard. Why shouldn't I? It's not on public display and at no point in its transit from sender to recipient is it ever in a state where a casual member of the public can gain acess to it to read it.
In fact, it takes abnormal conditions (mailbox fails in some manner and the postcard ends up on the ground) or deliberate malfeasance (somone reaches into the mailbox or delivery vehicle) for it to become exposed to a third party. Furthermore, a letter in an envelope has exactly the same privacy failure modes with the trivial requirement of opening the envelople required.
Precisely - regular email cannot be acessed by a third party absent accident or malfeasance.
This is precisely why your analogy fails - it's easy to sniff around if the person has privileged acess _or_ deliberately utilizes tools to perform the sniffing. Just like a physical letter (or postcard) it takes either a systematic failure or deliberate action to view the contents of an email, it is virtually impossible to do so casually.
Re:too bad (Score:4, Interesting)
Don't know how email works in your organization but here it's encrypted until it hits the first MTA. An ethernet sniffer won't get you anywhere. A postcard also cannot be removed from the mailbox by anyone other than the recipient, a representative, or through a court order. That sounds about right for email.
Just because it's realistic to say that a few people might read the postcard while handling your mail doesn't mean that the police should be able to just grab all your mail and rifle through it without a warrant.
Re: (Score:3, Interesting)
At my office we just got an email from a customer and she included her credit card number in the EMAIL! No we didn't tell her to send it but I hope like heck that she doesn't read this story and think that it is alright to do in the future!
Re:too bad (Score:5, Insightful)
The difference is that the casual observer can hear two people holding a conversation in a public place. You cannot casually observe email without explicitly trying. That is the big difference, it takes effort to look at email and that is why there is an expectation of privacy.
I've dealt with a few organizations where they've sent credit card info in an email. They are business cards with fraud protection so most people don't worry about it. Of course you must trust the recipient. Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path. In either circumstance an alternate crime has already been committed and will be dealt with. I'm not sure there has ever been a case of credit card fraud because someone sent and email with credit info and the message was intercepted. It's always the recipient of the information mishandling the data in some way.
Personally I don't care either, what I write in email I freely share with others because I use my corporate account. I'm the only one in the company authorized to go through email so I really don't have to worry, beyond that it just doesn't matter. If you speak ill of someone speak ill of them to their face. I've never been afraid of my emails being public but given that the execs often plan secretive meetings and the future of the company through email I can understand the expectation of privacy. Just because I can go through everyone's email doesn't mean that I do. I require a specific reason and only then will I move forward. I do this even when an exec asks me to pry into email accounts. If they don't have a reason then I don't do it. The company lawyer supports me in it all so I'm pretty safe.
I would agree that sending CC info in email isn't necessary the brightest thing to do but no more so than giving it over the phone to someone which also enjoys an expectation of privacy.
Re: (Score:2)
Expectation of privacy != secure
Expectation of privacy really matters when the police are involved. Beyond that, replacing a switch with a hub isn't going to do anything but cause an outage, ARP poisoning is impossible unless you've compromised a router and wireless networks are only locally vulnerable. Capturing the traffic is an extreme circumstance and cannot be done unintentionally. Furthermore, the only time it can lawfully be captured is by a representative of the owner of the network or by law enfor
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
It is clear text."
Except for the fact that you cannot read someone's email as a routine matter of simly handling it, as in a mail carrier. It takes extraordinary effort to access/read someone's email, akin to steaming open an envelope. Ergo, your assertion is wrong.
Re: (Score:2)
Counterpoint: Wireshark [wireshark.org]. Reading someone's plaintext email with off-the-shelf hardware, for either ethernet or WiFi, does not take "extraordinary effort." It hardly takes effort at all. If you ever want to try it out, be warned: it'll scare you.
In contrast, sniff
Re: (Score:2)
The vast majority of people are not technically inclined. They barely know what encryption is, much less know how to use it. Imposing a burden of technical knowledge on the masses is not acceptable.
Re: (Score:2)
Re: (Score:2)
Or, running a sniffer to troubleshoot a network issue? Which could have you, completely accidentally, with copies of hundreds of "private" emails. So are we going to have to get a warrant to fix our own networks, now? Or is it only the police that will need a warrant to fix their own?
Telegraphs are the most analogous (Score:5, Informative)
It is basically the same things 1s & 0s (long & short dashes) transmitted over copper wires (or fiber now a days) relayed by a machine or person (depending on the tech).
And even when relayed by a machine the Admin of the machine can read any email on the server. Email passes through multiple servers, at least the sending SMTP and the receiving POP/IMAP machines. I have no control over my ISP's POP server or the Admin thereof.
I assume there was no expectation of privacy in a telegraph and there should be none in an email. It would be nice, but it ain't how it works.
And now for some commentary from a real lawyer.
http://volokh.com/archives/archive_2007_06_17-200
[Orin Kerr, June 18, 2007 at 11:49am] Trackbacks
Sixth Circuit Blockbuster on E-Mail Privacy: In an earlier blog post on a pending case in the Sixth Circuit, Warshak v. United States, I figured there was no way the court would get to the merits of the Fourth Amendment issue lurking in the case: there were no facts yet and no decided statutory law, and surely the panel wouldn't be so reckless as to presumptively strike down a federal statute in the absence of facts or law given the procedural problems with the case. I had a funny feeling things would turn out differently when I learned who was on the panel, though, and that funny feeling turned out to be justified: the panel just issued a blockbuster decision that tries to answer how the Fourth Amendment applies to e-mail (all without any facts, amazingly) based on arguments from amicus briefs that the government didn't address all in the context of an appeal from a preliminary injunction. Wow. More on the decision later today.
UPDATE: Here's the key part of the opinion:
[Start Quote]
[W]e have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP. The content of e-mail is something that the user "seeks to preserve as private," and therefore "may be constitutionally protected." Katz, 389 U.S. at 351. It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past. See Katz, 389 U.S. at 352 ("To read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.")
[End Quote]
Notably, the court's Fourth Amendent analysis combines aspects of the probabilistic, private facts, positive law and policy model (the above-quoted section being from the policy model section).
Re:Telegraphs are the most analogous (Score:5, Informative)
Why do you assume that?
Granted, by the nature of the telegraph, you had to have an operator on each end to transmit/transcribe your message. With the exception of that pair of people, why would anyone expect that their message is not private? Certainly with regards to law enforcement -- I would assume there was an expectation that the telegraph operator would not hand your missive directly over to a law enforcement officer unless that officer had a warrant, and similarly an expectation that the nobody including the police would tap the transmission line and listen in on your message.
If there was a version of the telegraph which required no operators, then there would be no reason not to expect complete privacy.
But why pick the telegraph which has an obvious privacy-related flaw when we also have the example of the telephone? This is more apt because it does not have the same flaw as the telegraph, and because these days the machinery for transmitting voice data and email data is the same. Also it serves a similar function in that it's intended as a person-to-person form of communication. Do we have an expectation of privacy in phone calls as a matter of law? Yes! So should we with e-mail? Yes!
And you have that same "expectation of privacy" even if you are using an old-school easy-as-piss to overhear cordless phone. Just because it's easy to violate your privacy does not mean it is okay for people to do so. Just like when you send a postcard you have the same expectation. Sure, someone might read it, that's a practical reality. But as a legal reality neither police officers nor private detectives are allowed to pluck postcards from your mailbox and read them.
Mail and phone both have expectations of privacy, why should not email?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not anymore. Your landline is only analog to the phone station, and if you use a modern cell phone it's never analog at all.
Telephone: Real time instantaneous communication
Real-time yes, instantaneous no. Not necessarily any faster than email.
Telephone: Audio only
Not since the first modem. We use bits to represent audio, and audio to represent bits.
Telephone: Switched communication no copies saved even temporarily
Not anymore. They use a "virtual circuit" to make it look like an old-scho
Re: (Score:2)
19th century writers (and early 20th) such as Jules Vernes and Edgar Rice Burroughs at least expressed the feeling that telegraph communications were considered private. Granted, that's not anywhere near a SCOTUS citation, but whatever the law said, chances are the people expected privacy, and telegraph workers were bonded.
Re: (Score:2)
Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text.
Bzzt...
My phone line isn't encrypted either, and in fact physically available for tapping to anyone in the building, yet I have a high degree of expectations of privacy.
Before cell phones went digital, anyone with a television tuned to a UHF channel could listen to cell phone conversations, but yet there was still an expectation of privacy from government taps.
You seem to think just
Re: (Score:2)
I encrypt my postcards, you insensitive clod!
Re: (Score:2)
Re: (Score:3, Informative)
I think it's a dumb snake-oil product with a dumb ad campaign, but "spammer" is not the correct word to use as far as I know. Spam is not used to describe TV ads that help pay for what you are watching. The OED's definition is about bulk messaging over the Internet.
Re: (Score:2, Insightful)
Everyone deserves the same rights and treatment under the law.
Re:too bad (Score:5, Funny)
I agree.
Well, except for rich people. And pharmaceutical companies that spend more on advertising than research. AFAIK, they're first against the wall.
But yeah, equal treatment for everyone else.
Re:too bad (Score:4, Funny)
Re:too bad (Score:4, Funny)
While you collect the $20'000 for the M16, I can get 10 AK-74s and 50kg of ammo... and still have some money left over.
See - you don't need money, just some common sense.
Re: (Score:2)
I'd rather have a semi-automatic, thanks. Fully-automatic is a waste of bullets.
Re: (Score:2)
However, for my use of a rifle, fully-auto isn't necessary. Not until paper targets and beer cans become sentient anyway...
Re: (Score:2)
Yeah, if you're going at 1,000 yards or something. As a SAW gunner in the Army you may have never been trained to do this, but I (a civilian with extensive rifle practice) would have no trouble making a single lethal shot anywhere within 100 yards, and
Re: (Score:2)
Um, having never been in the army myself, I'll bite. You have to define "most effective". As the GP pointed out, unless you're trying to get 1 kill per bullet, it's a different situation entirely. If I were the one defining "most effective" in terms of fighting a battle and a war, I'd define it as "lowest cost in lives, lowest cost in money, victory is required". So without victory, your effectiveness is very poor, near 0. lowest cost in lives includes both sides, so you kill the minimum amount of enem
Re: (Score:2)
Re: (Score:2)
A lot of that lack of clarity you're talking about depends on many external factors. The Army trains to fight in large groups against large groups, Marines train for different missions, and I'm sure we could argue all day long about how useful battlefield snipers are, shooting the heads of the snake and all. My only point was that in many cases, filling the air up with bullets meets the definition of effective that I gave. You are correct that good shooting, aiming for the ideal 1:1 shot:kill ratio will
Re: (Score:2)
Password-protected (Score:3, Insightful)
That's the whole point of passwords! I'd say that's a pretty straightforward expectation.
Not too bad! (Score:2, Insightful)
This is often the case - think of all the free speech cases involving Nazis and white supremicists in this country. It has a good side - it reassures us in the rule of law. If these rights apply to an alleged spammer, then we can be assured that they apply to everyone.
So hold up a beer for this guy, who has accidently helped further all of our rights. And let's hope the police get a proper search warrant and put him away fo
Great! (Score:5, Funny)
Re: (Score:2)
However, if someone knew about the open nature of the SMTP / POP3 / IMAP protocols and didn't use encryption, I wonder if the courts would find that the smarter user did not have an expectation of privacy.
Patriot act (Score:5, Interesting)
Re: (Score:2)
but i doubt it.
Enzyte verdict (Score:3)
wording (Score:2)
Re:wording (Score:4, Funny)
How is email privacy currently violated? (Score:2)
(You'd want to document this with several third-parties first, of course, in case you get arrested.)
Anyone ever explored this?
Re: (Score:2, Informative)
That's dangerous. (Score:2)
Re: (Score:2)
You'll never see court. (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
I posted a bunch of messages to usenet, emailed them to myself and even posted a sample here that contained hate speech, random government acronyms (NSA to ATF to USDA), JFK, MLK, a mention of Aaron Burr, and random digits (binary lines, hex lines and a few decimal lines).
Oh, and words like assassinate, explosion, what have you. More or less the message looked like jibberish, but had a somewhat bogus PGP signature (I really signed it, just with an alias e-mail and name).
Nothing ever happened, but
Re: (Score:2)
Re: (Score:2)
Tell that to the two clowns who simulated a terrorist attack in Montréal, some months ago, and who are now rotting in jail, charged with the crime of simulating terrorism...
Does anyone else see this as a bad thing? (Score:2)
Re: (Score:3, Insightful)
Did similar past decisions regarding public phones and postal mail compel telecoms and the USPS to encrp
Re: (Score:3, Interesting)
Extending 4th amendment privacy rights to e-mail has nothing to do with your employer. It only restricts government action.
It's about time (Score:3, Interesting)
Finally, we are getting some rights restored/extended rather than taken/curtailed.
Re: (Score:3, Interesting)
Also, how does this work with State requirements that we (as a company) keep copies of everything sent over e-mail?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It doesn't, because the 4th amendment protection against unreasonable search and seizure restricts government actions not the actions of private individuals.
IANAL.
Re: (Score:2)
This isn't much to get excited about (Score:2)
The 6th Circuit Court encompasses Kentucky, Michigan, Ohio and Tennessee
The other circuits may look at this decision as part of their deliberations,
but it isn't binding anywhere except those four states.
Let me know when it
A) gets to the Supreme Court or
B) becomes Federal Law
then I'll get excited
Re: (Score:2)
Re: (Score:3, Informative)
Courts are irresponsible (Score:3, Insightful)
Yet the courts took 20 years to figure this out. People seem to accept it -- that's just 'the way it works' -- but it's a travesty, and an injustice to 20 years of defendants. The Judiciary is responsible for delivering justice, yet all they deliver is process. If their process doesn't work -- for 20 years -- to hell with justice for all the people that are screwed in the meantime; we'll get it right eventually. They're like the most incompetent, hide-bound business, delivering nothing profitable, committed not to outcomes but to long-established procedures.
If I took 20 years to adjust to some change in IT and deliver on my responsibilities, I'd have been fired 19 years 6 months ago. There is no accountability for the Judiciary -- I suppose that's intended, to preserve its independence -- but what frustrates me most is that the Judiciary takes no responsibility on its own, and that people are blind to it and just accept it, like Windoze users who just accept whatever was given them.
Re: (Score:3, Insightful)
You could call it a problem with the system that technically it i
Re: (Score:2)
My T-shirt (Score:5, Funny)
About Fucking Time (Score:2)
In civil cases, all your email is discoverabable (Score:5, Informative)
A magistrate judge ordered me to turn over all email requested by the other side in a federal civil lawsuit. This included email to my parents and my wife which discussed my feelings about the case, possible legal strategy, family member's health, etc.
I have come to understand that, in a civil case anyway, anything you document is discoverable (with the exception of communication between youself and an attorney and youself and an expert witness). I argued that the email was not relevant, but the courts are usually inclined to allow the other side to see it and decide for themselves. The other side got to pour over 500+ emails that have absolutely no relevant information.
details are here:vilana financial [cgstock.com]
No legal expectation of privacy (Score:3, Insightful)
Re: (Score:2)
There. No need to guess what it says, only what it means. In this case, I think "papers and effects" might cover email, given when the document was written.
Reminder: Donate to the EFF (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Unlikely. Slashdot comments are public by design. Webmail is simply an interface to otherwise regular email message, which this covers under the logic they are intended for an identified recipient and provided to other intermediaries on the way for delivery, much like traditional mail.
Re:Can we extend this (Score:4, Funny)
Re: (Score:2, Interesting)
you know, when I first saw those ads, I thought they were some promo for a new comedy show or something. But as time went on, it became apparent that they were actually selling a "product". Those ads are so over the top ludicrous, I don't know whether to be amused at that company's boldness to sell such a product or pity the folks who buy it thinking it will work. Then again, there may be folks who buy it for a joke or as a gag gift for someone els
Re:Well... (Score:5, Funny)
Re: (Score:3, Interesting)
Re: (Score:2)
Re:Enzyte Why? (Score:5, Funny)
I never understood how Enzyte ever got that big
Apparently they use their own product ...
Re: (Score:2, Insightful)