PA Supreme Court Decides if Reading Email==Wiretap

An anonymous reader noted that "Excite is reporting that the Pennsylvania Supreme Court is taking up a case to decide the question may police look at a suspect's email and instant messages without first obtaining a court order. The defendant, a former police officer, is also claiming his Fourth Amendment privacy rights were also violated. The outcome will only affect Pennsylvania but the issues at hand may eventually reach the US Supreme Court." Umm... Duh?

duh???

[craigeyb]

This is by no means an obvious case. The difference between intercepting Internet communications and, say, communications on a phone line, is that the Internet is inherently unsafe, and information is publicly available. Every packet you send can be examined along each router through which is passes.

Re:duh???

[Amarok.Org]

I believe the "duh" was in reference to "The outcome will only affect Pennsylvania but the issues at hand may eventually reach the US Supreme Court."

Since both sides have such an important stake, it's likely that the loser will appeal it to the US Supreme Court. It will also affect other states even if it doesn't reach the US Supreme Court, since other states and entities will use (at least in part) the findings of Pennsylvania to support their own cases.

Re:duh???

[GreyPoopon]

It's even worse than that. I can't believe that the PA Supreme Court is willing to hear the case. The prosecution got their evidence FROM THE GIRL. Let's put it into the proper light. Pretend that you are a 15 year old girl. Let's also pretent that I continuously send you mail through USPS with a nude photograph of myself (*shudder*) and I keep trying to get you to send me nude videos of yourself and engage in illegal sexual contact with me. If you take the mail I send you to the police, and they arrest me, would I be able to complain about violation of my privacy? Give me a break. If you want something to be private, don't send it in an email to someone else you can't trust.

Although the press may be making this case out to be a landmark "reading email == wire tapping" case, it really isn't. It would have been different if the police were intercepting his email before it got to its recipient, or using spyware to read it from his computer.

Re:duh???

[Rupert]

The (somewhat weak) defence argument is that IMs are transitory, like phone calls, and you can't log them without the permission of all parties involved.

Since anyone who knows anyone who uses IM knows that messages are routinely logged, this argument is basically a legal appeal against reality.

Oh, and I hope he loses.

Re:duh???

[monkeydo]

From the article:

Proetto claims police violated the state's wiretapping law by looking at the messages without first obtaining a warrant. Proetto also claims his Fourth Amendment privacy rights were violated.

The defence will argue that:

Since PA law requires the consent of both parties for private recordings the transcripts were not lawfully obtained by the girl. If the girl could not legaly record the conversations then the police would need a court order to do so. So sayeth the 4th Ammendment. The defence can also argue that the girl was acting as an "agent" of the police when collecting the evidence.

The prosecution may argue that the Police would not have needed a court order to intercept the email, making the "two-party" issue irrelevant.

It seems the question at hand is if the PA "two-party" law applies to email, if it does then there is indeed a search and seizure issue and the evidence possibly gets thrown out. If the PA court finds that it doesn't apply, or that it does apply but still admits the evidence you will see this case in the Supreme Court.

Depends on how the IMs were acquired.

[base3]

The article doesn't make clear whether the instant messages that are being used at trial were made available by the girl (or her parent/guardian). The Slashdot headline seems to want to lead us to think that the police were sniffing the defendant's wire.

If that's not the case, then no "wiretap" has taken place--a party to the conversation turned over the logs to the police, and they are admissible at trial.

Re:Depends on how the IMs were acquired.

[Gaijin42]

I started out agreeing with you, however on further reflection :

I believe the two party rules talk about if you are allowed to record a communication or not (As was the case with linda tripp). However, with Email, or IM, a recording is inherent in the process. (Well, ICQ automatically saves history, others may as well)

In this case, no two party permission would be required to record, because it is implicit in the medium. Rather like sending a letter, of course you have a copy.

Then the argument turns to if turning over a legally made recording is okay. I again refer to the snail-mail metaphor. If you mail me something, is it mine to show to whoever I want? (Assuming there isn't an NDA or something around - and in this case, an NDA would be voided, because a contract which prevented diclosure of illegal acts would be void) I believe the answer is yes, once a recording exists from a legal source, any one in possesion of that recording can show it to whoever they want.

Therefore the emails can be turned over wihtout any issues.

Re:Depends on how the IMs were acquired.

[Rogerborg]

• The article doesn't make clear whether the instant messages that are being used at trial were made available by the girl

It's a good point, but it reads as being most likely that they were obtained by the entrapping agent, after the victim's emails were handed over.

In either case, the messages were submitted to law enforcement and then as evidence after reaching the intended recipient. No third party tap took place. As you say, this isn't a wiretap issue. It's arguable that you might have a reasonable expectation that an IM (but not an email) would not be recorded. Given that most IM clients have one click session logging though, it's rather stretching the argument. If the guy asked if the "girl" was logging it, and the agent lied, then he's got a good chance, but I doubt very much if he did.

It'll be interesting to see what the court makes of the IM's, but email simply has to be viewed as persistent. The recipient gets a persistent copy, you know they do, and you really can't have a beef about it being submitted as evidence. Hopefully the conviction can stand just on the email evidence, regardless of how they rule on the IM.

Re:Depends on how the IMs were acquired.

[Tackhead]

> If that's not the case, then no "wiretap" has taken place--a party to the conversation turned over the logs to the police, and they are admissible at trial.

IMNSHO, the article makes it pretty clear that the cops didn't sniff anything. The girl called the cops and turned over the logs.

The scumb^H^H^H^H^Hdefendant then pulled the same stunt chatting to a detective posing as another girl. Even if the initial logs weren't admissible, the logs of this conversation, IMNSHO, would be, as they were part of an investigation. (It ain't entrapment, since Joe Scumbag wasn't asked to solicit sex from the detective - Joe did it all by himself. Yes, I'm presuming a basic level competence on the part of the cops here. "How not to entrap" is something they teach in Cop School 101.)

The only reason I can think of that the first logs wouldn't be admissible is because (unlike phone messages) IM logs can be trivially forged (think "5 minutes with a hex editor", if not "30 seconds with a text editor", and might constitute "hearsay" and thus be inadmissible.

If (very plausibly!) the girl didn't know how to forge the logs, and/or she testified that the logs weren't forged, I'd say there's still enough to get a court order to ask the IM server if, indeed, messages were sent.

So we pick up the trail from there. Maybe the IM server only knows that a message went from IP address xx.xx.xx.xx to yy.yy.yy.yy on a certain date/time (and knows nothing of the content of that message). But if all of those entries match the date/timestamps on the girl's logs, and if the ISPs, when asked (via another court order) "which of your users had these IP address at these times" answer "Joe Scumbag was on xx.xx.xx.xx at that date" and "Jane Doe was on yy.yy.yy.yy at that date", and Joe's ISP says "The radius logs show that xx.xx.xx.xx was logged into via his account and his phone number, and the phone company's logs confirm that someone from his house called his ISP at that time", I'd say you have a pretty open-and-shut case.

To summarize, saying "I got an ICQ message" might not be admissible.

Saying "I got an ICQ message, AOL's logs confirm it, the ISP's logs tell me who it was, and where he called from, and the phone company's logs confirm it" is another kettle of fish entirely.

Under some circumstances, I might have reasonable doubt that someone forged an ICQ message.

But I cannot fathom anyone 31337 enough to forge an ICQ message, an ICQ-message-sent log on AOL's server, steal Joe Scumbag's password to dial in to an ISP using his account, hack the ISP's Radius server logs to reflect Joe Scumbag's phone number instead of 37337-h4x0r's number, and then hack the local phone provider's logs to make it looks like Joe Scumbag was on the phone to his ISP at that time.

I'm not alleging that the trail of evidence in this case is anywhere near as bulletproof as in my extreme hypothetical example. All I'm saying is that anyone who thinks an IM log can be dismissed as hearsay is... well, not thinking far enough ;-)

(Next up -- when can we expect law enforcement to apply the same treatment to Joe Spammer? Surely sending spam for "HOT BEASTIE WOMEN" to 15-year-old girls is just as bad. You listening, Mr. Spammer in Dallas-Ft.Worth and Michigan?)

The law doesn't discriminate against "easy"

[drew_kime]

"Every packet you send can be examined along each router through which is passes."

And every phone call you make can be examined at any of the TELCO offices through which it passes. Your point being?

Oh, maybe you thought that just because it is somewhat easier to snoop internet traffic that it is therefore OK. The whole point of protections against unwarranted search and seizure is to say that the authorities aren't even allowed to try.

fry 'em

[Hooya]

WTF? sounds like the girl submitted the conversation to the police (smart girl.). + the pedafile solicited sex with a police officer posing as a 15 year old. what wiretap? don't tell me soliciting sex with a 15 year old is free speech either.

But in Penn

[OctaneZ]

The article states that:

Though federal law only requires the consent of one person before a telephone call or Internet communication can be recorded, Pennsylvania and 11 other states require the consent of all parties.

So it is not simply that one participant alowed the police to view the logs. Unless we are taking as a presuming that everyone assumes that all conversations are recorded/logged by both parties. While agree that the topic may be a little misleading, this is also going to be an interesting case to follow.

An interesting turn would be if the court ruled that the girl logging (if that is in fact what was turned over) was a violoation of the other users privacy right as he did not consent to her logging the conversation.

-OctZ

Re:But in Penn

[Daniel+Dvorkin]

Degree degree degree. Forcible rape and statutory rape are two different (though obviously related) crimes, and are (appropriately) punished differently.

I got curious enough about this that I looked it up. In Pennsylvania, forcible rape is a first degree felony, with an additional ten year prison penalty above and beyond that normally provided for first degree felonies (if I read the statute right) while "statutory sexual assault" is a second degree felony with no additional penalties.

That still seemed a little harsh to me, so I decided to compare it to my home state. In Colorado, as far as I can tell from reading the not-terribly-clearly-worded statutes, forcible rape is a Class 3 or Class 4 felony depending on the degree of force and/or coercion used, while sexual assault of the sort the perpetrator in this case apparently intended to commit is a Class 1 misdemeanor. That seems a little more reasonable.

BTW, the jumping-off point for this information is here, a service of Cornell Law. It seems to be an excellent resource for legal research of this sort.

Duh?

[Rogerborg]

Duh? In what way? To me this looks pretty clear cut: this evidence - in this case - was 100% admissible, because it's not a wiretap. And here's why.

When making a phone call, you have a reasonable expectation that it is not being recorded. That's why law enforcement needs a wiretap order.

When sending a snail mail letter, you do not have a reasonable expectation that there will be no record of it after it has been received, nor that the recipient will not give it to law enforcement of their own free will, after they have received it. You have a reasonable expectation that it will not be intercepted in transit, but once it reaches the recipient to which you sent it, it's in their possession, you know it's in their possession, and it's fair game.

Pop quiz: do emails that you receive:

• A: Automagically evaporate after you have read them?
• B: Remain on your machine as long as you want them to?

Given that you've ever received an email and know the correct answer to this, do you have a reasonable expectation that an email that you have sent will not be used by the recipient as evidence?

Perhaps Slashdot editors could consider taking a minute to read the article before kneejerking a commentary. I know it's a common lament, but this case is open and shut. The guy sent emails soliciting sex from a minor. The emails that he sent were given by the intended recipient to law enforcement after they were received. There was no wiretap. Perhaps the sender really was dumb enough to expect that there would be no record of his emails after they were received , but that was an unreasonable expectation, given that he was clued enough to send an email.

It's an interesting case, but it's really not about wiretapping or privacy or the evil feds. It's about a child abuser who was really dumb and got caught. The fact that it involves emails is neither here nor there - he might as well have been sending snail mail letters.

Are we all quite clear on that now? Please, please, please, read the news story before responding.

Re:Question

[Pedersen]

I wonder if these 12 states consider a defendant giving permission to recording phone calls or releasing IM logs to be a sort of self-incrimination, thus violating the 5th Amendment?

Note that the 5th Amendment only states that you are not required to testify against yourself, not that you are not allowed to do so.

As such, a defendant giving such permission is simply waving his 5th amendment rights. Which makes the laws make even more sense. After all, if you don't know you're being recorded, aren't you possibly being tricked into testifying against yourself, and thereby being forced to give up your 5th Amendment rights?

Re:A no brainer

[nanojath]

I think you're judging the merits of a different question. Unfortunately this article is not really clear. But I believe from the wording that the real issue under discussion is whether someone can make internet communications available to the police without obtaining consent from the other participant in the conversation.

In most places the question is moot. You have a legal right to record an electronic communication with or without the other participant's knowledge or consent. An UC cop can record conversations or pose as a 15 yr-old in a chatroom, this does not require a warrant (I don't know if the cops need a warrant to send in someone wearing a wire. Anyone?)

In PA, on the other hand, you cannot record a telephone conversation without the consent of the other party - it is a technical wiretap even if the recording party is not a cop. Mr. Pedophile X-Cop is arguing that his e-mails and chats to the girl and UC cop are under the same protection. Prosecution is saying bullshit, anyone knows that by its very nature e-mail and IM is "recorded" - that a non-ephemeral record of the conversation exists by default.

Personally, I agree with the state. I don't think there is a reasonable expectation of the privacy of communication of this nature, if one of the parties involved chooses to make that communication public. If the cops were siezing this information from the ISP, or Mr. Pervert, or the 15-yr-old without warrant or consent, it would be a different story.

So with all due respect, I think you're wrong. This is just another ped asshole trying to sleeze out from under just consequences on a technicality.

define the problem...

[supernova87a]

Upon reading this thread further, I've also changed my mind about the wiretapping definition. Wiretapping, it seems to me, is something that records a conversation neither party expected to keep a record of, or give others easy access to. Voice conversations clearly fall into this area, because as soon as they are spoken, they're understood to evaporate. But most people know that email is not priviliged communication (as shown by employers monitoring/reading employees' emails, and text of emails being subpoenaed for various purposes).

Many people here seem to be surprised that whether this is wiretapping is even a question -- as if it should obviously be classified as wiretapping. But if we take the approach that whatever you do on the internet may be public information (no guarantee of privacy), then reading someone else's public messages might not be infringing on privacy -- there was no expectation of it to begin with! Just because someone hears or sees you do something, doesn't mean that your privacy was invaded!

However, I am interested in seeing what the courts have to say about this, as my interpretation is only a casual one. As people come to expect more privacy from the internet, will the law extend the privacy people expect? Are encrypted email messages entitled to special protection? I wonder what instant messages between cellphones will be classified as? Will these be priviliged "wire-tappable" communications?

The story is missing some details

[Sabalon]

The story has more holes in it than most hollywood plots of late.

It sounds like the girl went to the police about it, then the police posed as a 15 year old to catch the guy.

I don't see where any wiretapping or anything similar went on. Obviously the girl went to police after the fact, so they couldn't tap into that. Perhaps she brought a printout of the conversation - it doesn't say. And then when the police posed as the 15 year old, they caught him in the act.

About the closest is says is that the police looking at the messages should be subject to wiretap procedures - however, I'm guessing that the girl took the messages to the police. Nothing was recorded by the police - this is akin to the witness saying the defendant said such and such in a phone conversation with me, but with photographic memory.

I could see his complaint if the police had intercepted the messages in real-time by tapping into the line of communication (a sniffer at the ISP or something like that).

I suppose he could have claimed the girl modified the content of the messages in the printout if one existed, but since he got caught red-handed...oh well.

Re:More Stupid Judges Making Stupid Analogies

[Rogerborg]

• A show of hands please...who here has to log into their answer machine to get messages

You're missing the point. When you send a message - particularly an email - you have to expect that the intended recipient will have a copy of it.

• The very notion that anything I e-mail to someone is available for downloading/printing by anyone but the receipient is a huge privacy violation.

Spot the guy who didn't even bother reading the story. If you bother to read it, you'll find that the email was submitted as evidence by the intended recipient, a 15 year old girl, and the IM's by the intended recipient, a law enforcement agent posing as a minor. At no time did law enforcement make a 3rd party interception or recording. The guy sent the messages. The intended recipients got them. The intended recipient submitted them as evidence. No wiretap. No interception. Go to jail, go directly to jail, do not pass go, do not collect $200.

Moderators, you might also want to read the story before applying your mod points. This is an important and emotive issue; let's be sure we have the facts before getting all riled up and picking the wrong side.

Fascinating Questions

[werdna]

The legal status of review and interception of unencrypted communications is a deep and fascinating inquiry. Virtually all these questions come down to the simple-sounding issue of whether the communicating parties had a "reasonable expectation of privacy."

The fundamental difference between telephone lines and internet communications derives from its "party line" nature -- interception isn't necessarily interception per se. Indeed, e-mail is in many respects much more like a postcard than a sealed envelope, and it is well-settled that postcard communications are NOT "private," although entering land to open a mailbox to see it WOULD be a violation.

But such analogies are fruitless, for they are always flawed. This is neither a postcard nor a sealed envelope nor a proprietary switching network -- it is an internet communication. There are separate laws that govern conduct on such networks, and these laws are different from general wiretap laws.

Lawyers have been battling over the question whether the use of unencrypted e-mail for attorney/client discussions constitutes breach of attorney/client privilege or the attorney's obligation to maintain a client's confidentiality. Unsurprisingly, the issue comes down to the same basic question -- reasonableness of the conduct and a reasonable expectation of privacy.

The vast majority of ethics rulings (non-binding administrative opionions published by state bars and the ABA) seem to treat e-mail the same as telephone communications, because there exist laws, in particular the ECPA and the CFAA that criminalize interception of transmissions. But those opinions may not be the law -- and certainly they were based upon a severely flawed (that is, oversimplified) understanding of both the relevant laws (which do not apply to many third parties, such as ISPs and the police in particular) and the technology itself.

This case may hit on those questions as they necessarily address "reasonable expectation of privacy." It will be fun to watch. Hopefully something useful will result.

Re:Not quite as cut-and-dried as it seems

[arkanes]

I feel obliged to play a bit of devils advocate here and point out that a 15 year old hardly falls under "pedophilia", except of course in the strict legal sense (and even then, not in all states) - a 15 year old is (usually) sexually mature, hence, it's not abnormal or un-natural to be attracted to one.

Statutory rape, emotional maturity, blah, blah, blah all aside - this is not pedophilia. Maybe a bit perverted, but not as much as a few rightous people would like to think.

Re:Misleading headline

[arkanes]

It has EVERYTHING to do with Internet privacy/wiretapping laws - because this decision will affect whether we legally consider Internet communcations to be telecommunications (and thus covered by wiretap laws) or physical communications (and thus not).

In both cases, existing law provides for signifigant protection on data in transit, so all the people blathering about how since you can snoop any packets coming over your router it's the same as broadcasting on CNN might want to perk up as well. (BTW, there's a large difference between scanning headers and whatnot with automated scrips to route packets and actually having a live human or heuristic algorithm to store/redirect them based on content)

Different (earlier) coverage, more explanation

[John+Murdoch]

Hi!

The AP wire article that Excite quotes was written by a reporter in Philadelphia, presumably after reading this story which ran in the Allentown Morning Call five days earlier. The AP writer makes a couple of mistakes, and misses a significant point--a point that is made well in the Morning Call piece.

• Proetto (the perp) is not in danger of going to prison over this. He has already been convicted, and is nearing the end of a six-months probation sentence.
• Proetto is bringing this action to avoid getting labeled as a "sex offender"--because sex-offender rules in most states have all kinds of onerous restrictions.
• Proetto lives in Whitehall Township, which is in Lehigh County, but works (or worked--whether he's still employed as a policeman appears to be in question) for the Colonial Regional police force in Nazareth--which is in Northampton County.

differences.

[Catbeller]

- Hackers don't kick your door in.
- Hackers don't publicize your name as a "suspect", thus destroying your reputation.
- Hackers don't pauperize you with legal costs.
- Hackers aren't prosecutors concerned with obtaining as many convictions as possible.
- Hackers cannot put you in prison.
- Hackers cannot shoot you dead if you try to get away.
- Hackers don't joke about your future rape schedule in their prison.
- Hackers can't hold you indefinitely in an undisclosed location without counsel or contact.
- Hackers can be a nuissance, but they rarely destroy your life.
- Hackers aren't your government.

Read the article people!

[Aexia]

It has nothing to do with wiretapping laws. Let me repeat.

THERE IS NO WIRETAPPING OF ANY KIND INVOLVED IN THIS CASE.

The defendent is arguing that since the e-mails and IMs were recorded by the intended recipient without his consent(necessary by PA Law), they are inadmissable.

The prosecution argued (and the lower courts agreed) that the defendent had no expectation that the e-mail messages and IMs would *not* be recorded by the intended recipient because of the very nature of the two mediums.

That is the issue at hand. The police weren't sniffing packets or intercepting e-mails. The intended recipient of the e-mails and IMs voluntarily turned them over to the police. If he had snail-mailed the solicitations to the girl, he wouldn't even be bothering appealing.