11th Circuit Eliminates 4th Amend. In E-mail 490
Artefacto writes "Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages."
Once again (Score:4, Insightful)
I've linked to it many times in the past, and it seems like a perfect time to do so again:
http://haacked.com/images/TerroristsHateFreedom.gif [haacked.com]
Self Hosting (Score:3, Insightful)
Encryption (Score:3, Insightful)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is why the use of encryption is a must. Sending email is like sending a postcard, except that copies of it are made and stored for perusal by government officials and ISP employees. Since most people use Firefox they should check out the amazing http://getfiregpg.org/ [getfiregpg.org]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Use GnuPG with Firefox : http://getfiregpg.org/ [getfiregpg.org] (Version: 0.7.10)
iF4EAREIAAYFAkufikAACgkQmu9IBuIu3yEYOgD/dDFE5oEieIS9PWP7dUm+rOXU
1yfiGTlXropncPeFhX0BAIaYlc1iecFMV3CE2G2w7zZXO7pNlWEVqHS0yD9J2Z3j
=HF92
-----END PGP SIGNATURE-----
Email is like a telegraph (Score:2, Insightful)
Email is more like a telegraph than a postcard.
With a postcard (in the US) you hand it over to a government (now quasi-gov) agency that is legally bound to handle your message in confidence.
With the telegraph system you sent a message in cleartext via a series of intermediaries [telegraph operators/mail servers] none of which were guaranteed to work for the same company. And the message was sent a a series of binary signals (dots-dashes/ones-zeros)
Re:Encryption (Score:3, Insightful)
Unfortunately, /. sometimes sees a GPG-signed message as junk that fails to pass its bullshit "bullshit filter". Especially when you use SHA512 as the hash function.
Filter error: That's an awful long string of letters there.
Comment removed (Score:5, Insightful)
Re:I've said it before, and I'll say it again.. (Score:4, Insightful)
Re:What do you expect from ancient judges? (Score:5, Insightful)
In order for Fourth Amendment protections to apply, the person invoking the protection must have an objectively reasonable expectation of privacy in the place searched or item seized.
I don't know about you, but when I send an unencrypted email I have no expectation of privacy from the moment the text leaves my computer.
Constitution (Score:1, Insightful)
So what does the 4th amendment of the constitution say about email? Did they even have the telegraph when that was passed? I doubt it.
The needs to be a new set of rules written and added to the constitution for the modern electronic digital age. (And passed by elected representatives (senate, congress) and not judges who were appointed last century.
Re:Other Amendments (Score:3, Insightful)
Re:I've said it before, and I'll say it again.. (Score:3, Insightful)
Encryption can only be useful for emails when people use it for all or most of communications, so that one does not instantaneously flag communications of interest. Looking at my email habits, there are: 4 people who work for firms where encryption is specifically forbidden in company policy. 12 people who absolutely could not be taught how to use encryption... Including my mother who writes email as if she sending a telegraph and is paying per character. 2 people who could use encryption but who don't use it either, for the same reason I don't, the pool of potential recipients is too small.
Re:Hold on... (Score:3, Insightful)
Bob cannot go and post an email that Alice sent to him on Facebook
Huh?
What?
Name a single court case where this was true in the US. Even those "this is confidential blah blah blah delete if received in error blah blah" "warnings" are nothing but attempts at intimidation with no basis in law.
--
BMO
Re:Email is like Postcards.... (Score:4, Insightful)
The bottom line is, since a non-trivial effort has to be made to read the contents, and since the service has always been presented as a "sealed letter" (via GUI icons, ISP adverts, etc), the average user is not unreasonable in expecting privacy.
It should be obvious that the 4th amendment applies to e-mail.
Re:What do you expect from ancient judges? (Score:3, Insightful)
I actually think the telegraph is a fantastic analogy for email. A message is drafted by one party, transmitted from one intermediary to another electronically, and delivered to the recipient. The intermediaries probably even keep logs of some information.
I'm too lazy to look up the legal understanding of privacy for a telegraph, but if I were involved with this case, I think it would make a good start.
Re:Why the law is so hard to understand... (Score:3, Insightful)
The law is NOT silent. 4th amendment says it all. (Score:5, Insightful)
Any US court that tries to argue that email isn't "protected" has little to no understanding of the US constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
EMail is modern mail; and mail is one case of the "papers" mentioned in the 4th amendment. The US mail is a 100% analogy here. Sure, someone can easily can look in an envelope during its trip between parties, or at either end, but the 4th says you have the right to be secure in your papers and effects, so it is illegal to do so. EMail is precisely the same kind of communication. It isn't about the fact that someone can look; it is about your right to privacy, to expect that they shall not look, and if they do, they have harmed you.
This covers why email is protected as a side issue of the main discussion: On Privacy [fyngyrz.com].
Re:Don't worry about this (Score:2, Insightful)
With unencrypted email, the communications are broadcast to the world
No, they're unicast to a mailhost.
and expected to pass through many different systems,
Kind of like a letter.
some of them managed by people with no direct relationship with either the sender or the receiver,
I assume you mean the interim switches and routers? Because the mailhosts involved should all be operated by a person or entity with a direct relationship with the sender or receiver in the vast majority of cases.
shouted out to an ethernet on every hop.
Not true. Sometimes they're shouted out to a fiber ring.
And yet, some people are expecting the same sort of legal expectation of privacy to still exist,
Legal expectation of privacy is expected to function even when literal privacy has broken down.
even though from a technical and common sense viewpoints, an expectation of privacy is pretty much diametrically opposite from "reasonable."
And today, we expect to be protected from people watching what we're doing in our houses with the shades drawn, even though the technology exists to do it (e.g. backscatter X-ray.)
Give up.
You give up. Too bad, though. Resistance is more effective when united.
Re:What do you expect from ancient judges? (Score:5, Insightful)
It's not "fair game". The constitution grants protection against unreasonable searches and seizures. Just because you leave something sitting on your porch does not give the gov't a right to walk up and grab it.
Further, the presence of https is encryption simply between the user and their immediate provider. It has nothing to do with the format of the message on the server or in transit, hence it is irrelevant to this discussion. It is not, as you put it, "end-to-end". Something like PGP would be. That being said, the concept of having to actively add security in order to protect yourself from unwarranted search and seizure by the gov't is preposterous on its face, and certainly contrary to the spirit of the US constitution. The onus is on the government to provide just cause, not on the citizens to protect themselves from intrusive gov't measures.
Re:Other Amendments (Score:4, Insightful)
Re:What do you expect from ancient judges? (Score:3, Insightful)
Talking on the phone isn't encrypted, having a conversation isn't encrypted, regular envelopes are the digital equivalent of ROT-13 and only protects against casual observation. "Expectation of privacy" is not something that applies only to unbreakable cryptographic safes, if it did it wouldn't have existed until the PC age.
You may not have any expectation of privacy from the recipient, but if you consider that "voluntary disclosure" then the fourth amendment doesn't protect any communication at all. You don't have a reasonable expectation of privacy when making a phone call because it's hard to listen in - people do that in phone conferences every day - but because you generally don't expect anybody listening in. Likewise, when you send or recieve mail I don't expect people to be reading through my mail. Sure, it's technically trivial for a mail server to BCC away a copy of everything, just like it's trivial to make every phone call a conference call with the government but that would grossly violate the privacy I was expecting.
Of course I can provide it myself via encryption by the digital equivalent of writing coded letters, but nobody claims that the fourth amendment protection only applies to coded letters. Why then do you set a standard that is so much higher for what you must do and so much lower for the government? I understand that it's preferable to rely on yourself rather than the government, but that has limits. If the only thing the government won't do are the things it can't do you're in big trouble, because I'm fairly sure they could find a cell to throw you in. If you don't expect them to care about your right to privacy, why do ytu expect them to care about any other?
Yes, it's possible that the contents of an unencrypted mail will end up being seen by some system administrator. But to me, that is the equivalent of a postal package being damaged in handling and the contents spilling all over the floor. Though shit, if that's kiddie porn all over the floor I fully expect you to go to jail anyway, expectation of privacy or not. But that is entirely different than a government that will open everything on purpose, that is exactly why the amendment was created. Not to stop the government from doing the impossible, but from doing the very possible act of reading your (e)mail.
Re:And you shouldn't trust the summary (Score:4, Insightful)
Email is a post card. Anyone can read it along the route. Anyone can choose to use that information. The government can request the information anywhere along the route.
If you write a death threat on a postcard, your mail carrier may report that information to the authorities.
So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.
You can't just say encryption, because encryption is not trival to open like an envelope, I'd have to ensure that EVERYONE I ever wanted to send an email to has a special bit of equipment (software) that has been setup. Could you imagine if the only way your mail was secure was if you had to encase it in a metal envelope that was welded shut?
Just because someone COULD read the message doesn't mean that it shouldn't be protected and treated as if the person just passes it along. This concept of 'sufficient' measures to ensure privacy is getting insane.
Re:Other Amendments (Score:2, Insightful)
I don't know about that, Following the link provided by jdgeorge http://yro.slashdot.org/comments.pl?sid=1584520&cid=31495234 [slashdot.org], Maryland doesn't seem to have terrible laws, the 7 day waiting period and no guns for Felons makes sense, and having to watch a safety video is a good move. Were you perhaps meaning the concealed carry laws?
Re:The law is NOT silent. 4th amendment says it al (Score:4, Insightful)
Thank you for the complement.
Re:Other Amendments (Score:4, Insightful)
Try owning a handgun in the city of Chicago, or New York City.
Re:Safe Deposit boxes? (Score:3, Insightful)
Your mail comes in an envelope(trivial encryption).
Re:Case Summary (Score:5, Insightful)
Re:And you shouldn't trust the summary (Score:3, Insightful)
So how the hell do you seal that post card in an envelope that is trivial to open. Mail envelopes CAN be opened by ANYBODY (Even the carrier if they wanted to) That doesn't mean it is legal to do something just because you can. Email should be the same way.
Thank you.
Too many geeks around here seem to think "privacy" is the same as "security".
You don't encrypt your email or seal your correspondence in a tamper-proof opaque envelope because you want privacy, you do that because you want your private email to be secure against someone violating your privacy. Not to create the concept of expectation of privacy in the first place.
If that were the case, the 4th Amendment search and seizure clause would be pointless. "You can't read someone's private correspondence, unless you can, in which case it isn't private".