The Privacy of Email

An Anonymous Coward writes "A U.S. appeals court in Ohio has ruled that e-mail messages stored on Internet servers are protected by the Constitution as are telephone conversations and that a federal law permitting warrantless secret searches of e-mail violates the Fourth Amendment. 'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance."

future of the law now hangs in the balance

[bl8n8r (649187)]

I thought this balanced out to "States Secret", or better put, "You get privacy until we decide you don't need it"

http://www.eff.org/legal/cases/att/ [eff.org]

the cost of freedom

[SuperBanana (662181)]

I thought this balanced out to "States Secret", or better put, "You get privacy until we decide you don't need it"

"Those who give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."

The cost of freedom is the risk you take that someone will use that freedom to harm you. The payback is that you and your family live your lives free.

Re:the cost of freedom

[lupis42 (1048492)]

And it's high time we remembered that. I for one would rather see, or even be killed in, another 9/11 than see us continue as we have. We Americans have become far too cowardly when it comes to defending our own freedoms lately, particularly against our own government.

Re:the cost of freedom

[BVis (267028)]

I was going to mod you up but I decided to comment instead. I wish more people got that. While I don't think that we're at the torches-and-pitchforks, ruby-ridge-bunker stage, I can see how people would get there from here.

We're operating under the specious principle that if we restrict freedoms in the name of preventing terrorism, we will be safer. Not even a LITTLE. All this does is cause inconvenience and infringe on the civil rights that our founding fathers found so essential to the existence of our country. I took a vacation last week that took me out of the USA, and even I, not being a trained "terrorist", figured out about a dozen ways that I could have gotten a weapon/explosive on the plane. It's not helping at all. Suicide bombers are happy to be martyrs for a cause they believe in; shouldn't we be ready to do the same if we REALLY want to fight fire with fire?

Oh, wait, dying for your country is only for the poor. What was I thinking?

MOD PARENT UP, other people.

Re:the cost of freedom

[Alpha830RulZ (939527)]

On the question of airline security, I encourage you all to perform the same little experiment I do. I will often leave a golf ball mark repair tool in my pocket while going through security. This is a piece of soft steel, about 3 inches long, 1/2 inch wide, and about 1/16 inch thick, with prongs on it. In other words, it has more metal in it than a box cutter.

In my travels, this tool has -never- been detected by the metal detectors. I've run this experiment about 6 times now, through SFO, LAX, DFW and O'hare.

The laptops that flood onto planes have plenty of nooks and crannies in which blades could be secreted. A blade fits in the crevice between my battery and the wall of the case. Since this is vertical when it goes through the Xray, I have no doubt that it would pass.

The much vaunted liquid explosives that are causing us to fear sippy cups are a non-starter. Google the reaction, it starts with instructions on the order of "collect 5 gallons of ice. Mix reagents carefully, and stir for 45 minutes. " I think I can determine a more robust security procedure than forbidding water bottles.

When do we take our country back from the idiots?

Re:

[by Anonymous Coward]

When do we take our country back from the idiots?

When people like you run for political offices.

I am sure you won't. I won't either. Why? Because we would hate the job.

Be that as it may, simply voting and funding the ACLU won't cut it. So long as the lawmakers are people who represent the interests of the wealthy aristocracy rather than the general public, this sort of idiocy will continue.

Re:

[AaronBenage (812743)]

Why is this guy getting modded down? He is exactly right.

Re:the cost of freedom

[Kadin2048 (468275)]

I invite you to try this in the UK... if you like a firm frisking. Here in the UK the gate detectors are pinging on your watch strap... let alone golf tools. And just like the US, our border officials leave their sense of humour at home. Rich

They make hard plastic and fiberglass knives now, too. Not sure what the metal detectors are supposed to do about them.

Sure, they're not as sturdy as metal knives -- I wouldn't want to use one as a pocketknife, because it would get dull -- but you can make a hell of a single- or few-use stiletto out of one.

The crap at the airports is just security theater. They go around confiscating people's pen-knives and soda cups, because for some strange reason people feel safer when their pen-knives and soda cups are confiscated. The real terrorists have lots of ways of getting instruments of mayhem through, if they want to.

If we wanted real airline security, we'd stop putting all our faith in expensive gadgets and employ more (and pay substantially more, so we can stop getting idiots) human beings, so that every single passenger gets an interview before they get on the plane. People are substantially better at detecting the intentions of other people than machines are, based on many more possible factors. The Israelis have had lots of luck with approaches like this, but the fact is in the West, we really don't want security, we want the appearance of, and feeling of, security.

Re:the cost of freedom

[jrister (922621)]

James Madison had it right 200 years ago:

"If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. Of all the enemies to public liberty, war is perhaps the most to be dreaded because it comprises and develops the germ of every other. War is the parent of armies; from these proceed debts and taxes; and armies, and debts, and taxes are the known instruments for bringing the many under the domination of the few. The loss of liberty at home is to be charged to the provisions against danger, real or imagined, from abroad."

This continuous fearmongering by our government is being used to subdue our people. This mindset of "If you dont submit to this injustice or that that the terrorists win" is ruining our country. Unfortunately, by and large, the citizens of our country are too uneducated or apathetic to see it and do something about it. This constant BS about "If you are doing nothing wrong, you have nothing to hide...", people/media/govt insinuates that because people value their freedom and privacy, there must be something wrong with them, or they are terrorist agents. Thats not the case. The founding fathers didnt place caveats on the Constitution, because it was this sort of thing they were trying to get away from when they left England.

The thing that makes me so sick about this is that I remember clearly Bush saying on 9/11 that we wont let these terrorists change our way of life. But that was a bald faced lie. Because he and the rest of the government set to work to do just that. That being the case, the terrorists have already won. They have fundamentally changed the American way of life, for the worst.

If we are to win the "War on Terror" the first step is to restore Freedom and the Constitution. Then we can deal with everything else.

Re:

[BVis (267028)]

If we are to win the "War on Terror" the first step is to restore Freedom and the Constitution. Then we can deal with everything else.

Why do you hate Amer.. oh, wait. Nevermind.

The real litmus test will be in 2008, if/when the Democrats win the presidential election and martial law gets declared for the good of the country. (I seriously don't put it past this bunch of losers. Tinfoil hat? Maybe. Plausible? That's the problem, it is.) One only hopes that the military sees that for what it is, an uncon

Re:

[RealityProphet (625675)]

So, Iraqis should be ecstatic, right?

Re:

[Opportunist (166417)]

That actually opens up a very interesting question: Who says when the State Secret should better not be secrets because they are being used against the state (ya know, that "we, the people" part of it)?

Power needs control, but who controls what is to be kept secret from "the people"?

Asinine

[bconway (63464)]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard. If you want privacy, take steps to encrypt it, not unlike putting a letter in a sealed envelope (as it pertains to the law, not ease of circumvention). This will be overturned, and with good reason.

Re:Asinine

[whisper_jeff (680366)]

By your arguement, nobody should expect privacy when talking on the phone since they didn't take steps to encrypt their phonecalls so wiretapping should be enirely acceptable. Or if your arguement only applicable to emails?...

Re:

[quanticle (843097)]

By your arguement, nobody should expect privacy when talking on the phone since they didn't take steps to encrypt their phonecalls

Your analogy doesn't fit. When I make a phone call, I'm expecting a point-to-point connection, with no intermediaries to intercept or look at my communication. When I send an e-mail, I know that it will be stored and transferred across many server, and that those servers may have logging software that will store a copy of my e-mail.

However, with packet-switched phone networ

Re:

[thePowerOfGrayskull (905905)]

However, with packet-switched phone networks replacing traditional circuit switching, that distinction is becoming more blurred.

It seems to me the analogy is a valid one. Any switching means that there are multiple points where your unencrypted conversation can be intercepted. Even back to the early days of a telephone, where such interception was required via an operator in order to make a connection. You may have expectation of a point-to-point communication, but it's never actually that (obviously excluding the pioneering work).

Re:Asinine

[$1uck (710826)]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard.

I'm sorry but that is utter nonsense. Maybe not to you, and maybe not to who ever modded your comment up. I don't expect anyone to read my email other than the recipient. That's an expectation. I don't see how anyone who doesn't open my email will be able to read it.
Correct me if I'm wrong, but its not a typical part of an email server to display the contents of all messages passing through it onto a monitor somewhere is it?
No, I'd say its absolutely nothing like sending an open postcard.

If you want privacy, take steps to encrypt it, not unlike putting a letter in a sealed envelope (as it pertains to the law, not ease of circumvention). This will be overturned, and with good reason.

Yeah I don't think this is reasonable either.. thats like saying if you don't want to be searched hide your stuff better. Utter nonsense.

It is like a postcard...

[Ericular (876826)]

In many ways, a plaintext e-mail is exactly like a postcard.

When I send a postcard, I have good faith that nobody along the way (mail carrier, other postal worker, OCR systems) will read what I have written. However, if someone or something handling my postcard along its journey really wanted to read the contents, to do so would be relatively easy.

It's the same case with a plaintext e-mail. I have good faith that no system administrators or automated monitoring systems will read my plaintext e-mail along its journey, but if someone really wanted to read the contents, to do so would be relatively easy.

Preventing this requires encryption for e-mail, and for tangible mail either a sealed letter (not much of a roadblock for the determined), or by actually encrypting the text I write on the postcard.

So yeah, there are some similiarities in my mind.

Re:Asinine

[honkycat (249849)]

It's exactly like sending a postcard in that anyone who picks it up (ie whose server forwards it) can read it. It's just text. Servers can and do routinely keep stuff around, whether in the cache, hard drive or ram.

The court realized this and ruled that the ISP is a "mere custod[ian]" of the data. In other words, that data is yours and they only possess it to enable the system to work. The government cannot simply take an action because it is technically simple, it is (and should be) required to consider whether each action is ethical (and/or Constitutional). This is a fantastic ruling on that front.

And yes, if reading email is found to be illegal, then the law will simply be changed to make it legal.

Ok, I'll be waiting for that Constitutional amendment to go through. Unless this ruling is overturned (which is possible), that's what would be required.

Re:

[BKX (5066)]

And yes, if reading email is found to be illegal, then the law will simply be changed to make it legal.

Ok, I'll be waiting for that Constitutional amendment to go through. Unless this ruling is overturned (which is possible), that's what would be required.

Exactly. Although, I do expect that the Bush administration will simply continue to ignore the courts for it's own ends.

Re:Asinine

[$1uck (710826)]

No, you are simply wrong. A carrier (a human being) picking up a post card cannot help but to see the text. He may choose not to read it, but it is visible. An email passing through someone else's router is not going to be seen by human eyes by accident. It will not "flash" across a monitor, it will not be opened and read with out specifically and purposefully being opened.
It's exactly like sending a postcard in that anyone who picks it up (ie whose server forwards it) can read it Thats like saying any postal carrier can open your letter and read it (this too is true) but you don't expect it. They still have to open it unlike a postcard.

Exemptions

[phorm (591458)]

Except if they're investigating mail issues, fixing user accounts, etc. Some of this can be done with permission, which actually checking into the user account should. I've had to login to clients' email accounts myself in order to verify whether a problem is on the server (misconfiguration), the client (misconfiguration, connection issues, etc), or the user (wrong password, etc). Of course, sometimes it's just a telnet to port 110/25 in order to receive/send a test email, so I never see actual messages, bu

Re:

[Kadin2048 (468275)]

Actually, the postal model works quite well. While the gov't can't just decide to rifle through your mail, I believe there are procedures for postal services to inspected and/or open-to-inspect suspicious mail. The only problem with this in the e-world is that the volume of email in a minute amount of time might be much greater than snail-mail, which if there is a "permission" process could become a bottleneck.

It's called a warrant [1]. Antiquated concept in this day and age, but it's worked fairly well for

Re:

[honkycat (249849)]

A very very very small fraction of emails end up in a postmaster's box. That hardly invalidates the legal expectation of privacy. When an arrest is made on evidence found in a bounced email, post the story to slashdot... Grepping the mail spool? As the article points out, the courts specifically distinguished between sender/date (and possibly subject) meta-data and message content, so that's also irrelevant.

Do your job professionally. Just because you have access to something, doesn't give you any righ

Re:

[$1uck (710826)]

I don't see how either of your statements are relative. What the recipient does with received mail/email is not relevant. Of course the sender expects the person to whom the mail was addressed to open it. If the sender doesn't get the address correct they can't expect it to not be opened by the person it is addressed to. If it happened to "bounce" to an admin account, I don't see any reason thee admin would need to read it, but if the contents come up on the screen that is the fault system/software. So

Re:Asinine

[daeg (828071)]

The ruling doesn't say that e-mail is off limits. All the court said was that there is nothing special about e-mail or phone calls. They are still grounds to be seized, but those wanting the information (FBI, prosecutors, etc) must go through due process to obtain them. If they get a warrant they can seize e-mail all they want.

Re:Asinine

[CastrTroy (595695)]

Thank you. This is the point nobody seems to be getting. Nobody is saying that emails can't be used as evidence, but that in order for them to be used, the cops must go through the proper procedures. If they don't use proper procedures to obtain the email, then it is inadmissible in court. Same goes for the telephone. Just as it is trivially easy for the cops to tap your phone, they are not allowed to do it unless they go through the proper procedures for obtaining a warrant. Saying that you should just encrypt your email if you want it to stay private is the same as saying you should build a 20 foot concrete wall around your house if you don't want them doing illegal searches of your property.

yeah?

[weighn (578357)]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard. If you want privacy, take steps to encrypt it

you could always sign into gmail using ssl - gmail doesn't display your ip when sending, so only google has a co... oh, hang on...

people are so stupid

[misanthrope101 (253915)]

Your speech isn't encrypted either, but if I bug your house it's considered a violation of your privacy. I don't even have to enter your house for that--the laser microphone [wikipedia.org] will let me listen/record from the sidewalk. Since your sound waves are traveling outside your home, you must not have an expectation of privacy.

Letters in the mail? Sealed with glue. Glue. Wow. You must not have much expectation of privacy there, otherwise you would've used a more robust method of ensuring your privacy. Even your phone calls are unencryped, sent as electrical impulses over wires and cables. Is it okay to listen to and record cellphone conversations, because they are transmitted through the air? If not, why not? If people wanted security, they wouldn't have transmitted those radio waves all over the place. People are so stupid.

It's true that we have laws against most (or all) of this type of surveillance. But it's just to protect the stupid people. I think that anytime it's possible to intercept your message, everyone should be able to do so, no warrant or probable cause needed, and use it in any way they want. That's the only way people will stop being so stupid that they think they have an expectation of privacy.

Re:

[Strawser (22927)]

Your speech isn't encrypted either,

Depends on how much I've had to drink . . .

Re:

[dave562 (969951)]

But it's just to protect the stupid people. I think that anytime it's possible to intercept your message, everyone should be able to do so, no warrant or probable cause needed, and use it in any way they want. That's the only way people will stop being so stupid that they think they have an expectation of privacy.

Your post got modded Insightful but it should be modded Sad. What kind of society are we living in where you have to assume that everyone else is out to screw you and if you don't you're "stupid"

Re:

[misanthrope101 (253915)]

Well, I was being ironic, but ultimately I think it's about veneration of power. People get fed up with red tape and complication and dream of just having the power to "get stuff done." Law enforcement/military ops superficially seem to be areas where stuff most urgently needs to get done, so seem to be prime candidates for cutting the red tape and administrative overhead, including oversight. It's not for nothing that people love action movies of burly men just mowing through the bad guys, namby-pamby d

Re:

[dreamchaser (49529)]

Actually your analogy is what is asinine. A plaintext email is inside an easy to open envelope, but opening that envelope if you're not the intended recipient should still be against the law just as it is with snail mail.

That being said I agree that people should use encryption. It just makes sense. You however need to get off that high horse you're riding.

Re:

[Opportunist (166417)]

Actually it's illegal here for the postal worker to read your postcards. You could write your next terror plan onto the postcard and should the police knock down your door because of it, the postal worker is going to jail, not you (unless there's actually a real plan behind it and they find evidence for that, but let's imagine you just wanted to test how nosey the postal service is...).

Funny? Yes. Kinda awkward (because, well, how should you check whether they read your mail except in such rather dumb ways

Re:

[honkycat (249849)]

Beyond illegal, it's just plain BORING. Can you imagine how sad your life would be if you spiced it up by reading other people's frickin post cards?? I mean, it's hard to imagine being that miserable unless you're a postal wor... oh wait.

In all seriousness, don't suppose you have a link to back up the illegality of reading post cards, do you? I suspect you're right, but would just love to smack all the "but email is just a post card" schmucks with something concrete.

Re:

[Opportunist (166417)]

I ain't from the US. Don't know if it's legal for the US postal worker to read postcards. I'll ask my friend (he works there) to lend me their "big book" (with all those dos and don'ts), though I hope it's available in electronic form.

Though... knowing our postal service, I kinda doubt it. If you can't slap a stamp on it, they don't want to deal with it.

McCarthy?

[Red Flayer (890720)]

This is about overturning aspects of the 1986 Stored Communications Act. FTA:

'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance.
[snip]
Some observers warned that the ruling might hamper federal counter-terrorism efforts.
[snip]
'The USA Patriot Act broke down the wall between intelligence and law enforcement. Criminal prosecutors can now share information with the intelligence side of the house,' [McCarthy] said.

But if the ruling stopped prosecutors from gathering information, it could not be passed along. 'If you can`t get it, you can`t share it,' he said.

Is it just me, or would it have been a little smarter for the government to use a mouthpiece with a name other than McCarthy when discussing tactics for terrorist witch-hunts?

Re:

[mulvane (692631)]

First thing I thought of when I read this is how we should drop 50 nuclear bombs...I don't know where, when and how, but damn it!!! 50 nuclear bombs need to be dropped somewhere!!

Re:

[weighn (578357)]

'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance. [snip] Some observers warned that the ruling might hamper federal counter-terrorism efforts.

Oh no, they've amused some Slashdotters. That's about it, honestly, your average American doesn't know who Joe McCarthy was and has no notion of the reign of terror his inquisition brought about.

and here I was thinking that was an actual McCarthy quote until the quote came to the PatriotAct. but then, my only knowledge of McCarthy era us politics comes from the Dead Kennedys.

is this actually useful?

[iHasaFlavour (1118257)]

I have a few doubts. There are billions of emails flying about constantly. Anyone who beleives they can be effectivelly monitored has to be kidding themselves, so how useful is a law that says you can't do this?

Besides, if you are convicted, or suspected of crime, they can always obtain legal access to your mails, regardless, just as they could anything else you owned.

Perhaps I haven't had time to grow a sufficiently impressive tin foil hat, but I am given to think the whole idea is just plain silly.

You might as well pass laws that say you aren't allowed to follow the movement of a grain of silt in the Amazon.

Re:

[lupis42 (1048492)]

It's not a matter of tracking everything. Even if they only track "suspected dissidents," who will doubtless be selected by procedures as effective and precise as those that get people on to no fly lists, it's still a massive invasion of the privacy of the people who get tracked.

Re:

[Zigurd (3528)]

Don't get a false sense of security thinking that "billions" or even "trillions" of emails would make it difficult to keyword-scan them all.

If your ISP has a good spam filter, they are performing non-trivial processing of every email bound for their mail servers. There is no insurmountable scaling problem for drift-net monitoring of e-mail, SMS, and other text message traffic.

Woot

[lupis42 (1048492)]

I do like the "Where the third party is not expected to access the e-mails in the normal course of business ... the party (sending them) maintains a reasonable expectation of privacy." bit. We need more decisions like this, if we want to remain an even somewhat free society.

Andrew McCarthy

[otacon (445694)]

Wasn't he in Weekend at Bernie's?

prosecutors|police vs mere mortals

[misanthrope101 (253915)]

Yes, I can see why a prosecutor would consider the ability to read people's email without warrants, oversight, or checks/balances "very important." It makes sense that he doesn't want to have to go before a third party and demonstrate probable cause, otherwise he can't go fishing for information, target people he doesn't like for political|religious reasons, etc.

Despite the torrent of "email isn't private, and only stupid people think it is" posts that will follow, if a monkey at the local ISP took sensitive customer emails (to each other, not to the company) that he had plucked from their servers and posted them to a blog or whatever, there would be an outcry, criminal investigation, lawsuit, and (fake) apologies. If the prosecutor's own dirty emails to his wife|mistress|whatever were publicized, the prosecutor would suddenly discover that a crime had been committed.

When it comes to private parties, either communication is private, or it isn't. If it isn't, then Joe Schmoe who works at AOL or the local ISP can read customers' emails at random and post the amusing bits to a public forum. Anything Joe Schmoe can't legally do, his brother Officer Jim needs a warrant to do. If Officer Jim doesn't need a warrant to do it, that means Joe the private citizen can do it with impunity.

What we're saying is, "you have an expectation of privacy in your private affairs, unless it's a police eyeball/eardrum, and in those cases you have no expectation of privacy because your action was public and they don't need a warrant." Bullshit. Anything the police don't need a warrant for is something every single private citizen should be able to do with impunity. Anything we don't want the public doing (privacy-wise) is something the police should need a warrant to do. Otherwise you're giving police and prosecutors the power to arbitrarily target anytone they want, without any oversight at all. This isn't complicated, people. I can understand why they would ask for it, but not why we would be so stupid as to give it to them.

Re:

[Attila Dimedici (1036002)]

I think you defined a good rule of thumb on privacy: "Anything the police don't need a warrant for is something every single private citizen should be able to do with impunity." Now there may be some exceptions, but they need to be carefully srutinized.

Re:

[inviolet (797804)]

:golf clap:

Well said. You just added a compelling new idea into my standard repertoire.

May be hope yet.

[bryan1945 (301828)]

Seems like some judges are starting to understand this whole "electronic medium" stuff.

I wonder if their (grand)kids play WoW?

How does this affect Ryan McFadyen?

[vrmlguy (120854)]

To refresh your memory, think back to the 2006 Duke University lacrosse case. Sophomore Ryan McFadyen, a member of the team and an attendee of the party, sent an email [wikipedia.org] that parodied a bit from the book American Psycho, which is (or at least was) required reading in one of Duke's English Lit classes. The police got their hands on the email and threatened to release it to the press if he didn't admit to witnessing the alledged rape. To his credit [lewrockwell.com], McFayden refused; he was subseqently villified by the press and suspended by the university.

It seems to me that this ruling means that McFadyen now has an excellent chance to pursueing a case against the prosecuter's office.

Re:

[Y2KDragon (525979)]

Our Founding Fathers (and Mothers too), IMO, did not intend for the protections under the Constitution to be limited to "a select few". The words "ALL MEN" appear in this document for a reason. Therefore, not only should it apply to US Citizens, those here with Green Cards, foreign visitors, and even those here illegally, but it has to apply to everyone worldwide. Either they apply to everyone, or they apply to no one.