Slashdot Mirror
Appeals Circuit Ruling: ISPs Can Read E-Mail
leviramsey writes "The US Court of Appeals for the First Circuit (covering Massachusetts, Maine, New Hampshire, and Rhode Island) has ruled that e-mail providers are not violating the law by reading users' e-mail without the user's consent. The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted. Perhaps OSDN should send the defendant, accused in 2001 of reading users emails in order to find out what they were interested in purchasing from Amazon, a T-shirt from ThinkGeek?"
More words: This most certainly has to be overturned on a privacy bill of some sort. Imagine the widespread mail-reading that is now determined -at least in the mentioned juridstictions- to be legal. I wonder what ever happened to the privacy laws and how they match up to this new ruling (the ones that say a conversation is deemed to be confidential and cannot be disclosed outside of the circle in which it originated?)
I completely agree with "And he acknowledged that "the line that we draw in this case will have far-reaching effects on personal privacy and security."
... to start using strong crypto for our email? The technology has been available for free for years now, so what's stoping us? Why this inertia?
We don't need to say that this is like opening postal mail, or that RAM holding the email temporarily is like a modem caching the data. We don't need to compare this to anything to explain it.
It is plainly and utterly stupid and wrong.
Enough said.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
google isn't an ISP :D
If ISPs are not breaking any laws reading users stored email without consent, then why was there a huge fuss about Google using a parsing engine to do the same?! I would have thought that a parsing engine was more in line with privacy than someone reading your mail!!
I feel a tremendous schizm forming within the ranks of the American Legislature over this, with one side determined to force restrictions upon 'publicised' companies in an effort to make names for themselves, while the other side making rulings like this that will bearly make the main press. Something tells me not everyone is singing off the same hymnsheet.
Something died a little today. That something was common sense.
Email is plain text. clear text. not encrypted. Now if this covered IPS right to read their users mail if it were encrypted, then that would be something else.
It's clear text though, what do you expect?
encrypt it
I think it may be a good time for people to start looking into ecryption.
Even the samurai
have teddy bears,
and even the teddy bears
get drunk
http://gnupg.org
Most email clients support it nowadays (thunderbird and Mail.app both have free extensions) and the only reason not to use it is the initial cost of collecting keys for everyone you want to talk to. Well, think again!
The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted
So now the loophole is telecomms carriers can store messages, and by storing messages they're allowed to listen to them.
Of course, it's no use just to listen to a message to get info on what a subject is up to, it has to be stored for later use, so simply the fact of listening in to a phone conversation and recording it for later use makes it legal to listen to and store for later use.
bah
And to those who think encrypting your email is the answer - it's not. The email sent to you can still be read, and many sites like Amazon, which is mentioned in the article, send automated emails to whatever address you provide them, making your communications easy pickings for unscrupulous ISPs.
Of course, on the other hand, I'm sure some people here won't be surprised, and will in fact welcome such intrusion into their email, as evidenced by the enthusiasm here and elsewhere in geek circles for Google's Gmail service, which at least as intrusive and does the exact same thing with a user's emails (i.e. reads them for the purposes of marketing other products they think the user would be interested in). I'm still not sure what causes this cognitive disconnect in the technical community, but it is both puzzling and worrisome.
Software piracy is victimless theft.
grep -i -n -A 3 username * > password_list
thanks for that
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The US Court of Appeals for the First Circuit (covering Massachusetts, Maine, New Hampshire, and Rhode Island) has ruled that e-mail providers are not violating the law by reading users' e-mail without the user's consent.
In a way, I suppose, this ruling is a good thing, because it underscores the need for a comprehensive privacy and data retention law.
What's needed is something along the lines of The European Union's privacy law: that is, something that is explicitly mandated, rather then the "penumbras" of privacy that some judges can, and some judges won't, see lurking between the lines of the Ninth Amendment.
We can hope that this defeat in the courts can be -- with our hard work -- turned into a victory in the U.S. Congress.
Opinions on the Twiddler2 hand-held keyboard?
I'm speaking here about an average user, rather than the tech-saavy crowd that populates Slashdot.
Software piracy is victimless theft.
Wow, that got me thinking. ISPs are not held liable for piracy, hacking, etc, because they are a "common carrier." Common carriers have no knowledge of the traffic they carry, they are simply moving things from point A to point B. That limits their liability.
Now, though, the court (in those jurisdictions) has ruled it is legal for ISPs to, at the least, read e-mail. Since it is ruled legal, and they are able, does that confer some responsibility to them?
Thinking this through to conslusion, what are the odds that the ISP defending itself in reading the e-mail, has in fact increased its liability in all things its customer's do and have done to them?
Sarcasm and hyperbole are the final refuges for weak minds
Lets try to be a little rational here. I know that everyone is going to scream in the typical slashdot style about "invasion of privacy!!!!!", but lets really look at the problem.
The first thing is to understand what the Judicial Branch's job is. It is to interpret the meaning of existing laws! And looking at the law, it seems that they did a pretty good job of this.
So does this mean that I want my ISP's reading my email? Of course not!
The problem is that the legislative branch is not creating laws that keep up to speed with the ethical problems presented by technology. Lets not get on the Judges' cases for the ISPs reading our email, get on the LEGISLATORS.
In fact, I want to congratulate the judges in this case for making the ruling. Even though it is obvious that it is absurd that the ISPs are reading people's email, the judge did not overstep his authority by trying to create laws, rather than interpret them. This is one of the largest tyrannies that happens in US Politics, judges effectively creating legislation.
So here is a call to all legislators: GET ON THE BALL! New technology has created many new ethical dillemas, and we need the legislators to start dealing with them.
The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted.
That's nice. So now they can use this precedent to listen to your voicemails.
And if we move to VoIP on the telecom's backbone, then they can listen to your conversations... since it is being stored in the router's buffers alone the way.
so is there anyone out there who actually thinks your email to me is actually private and won't be read by an admin of a server that queues it for delivery somewhere along the way??
it's email. there should not be any real expectation of privacy. deal with it.
"We are not tolerant people. We prefer drastically effective solutions"
There's a minor problem with your argument. ISP's are not common carriers
http://www.cctec.com/maillists/nanog/historical/00 10/msg00012.html
which most of us have regarded as fairly secure
True, if by "most of us" you mean "those of us who happen to be morons." Guess why nobody sends credit card numbers over e-mail?
Your employer may now read all your email
Most already do.
Free email providers like Yahoo, Microsoft, and Google now are free to do anything they want with all the mail
It's a free service. They should be able to do whatever the hell they feel like. Read the usage agreement.
they can obtain web browsing data without warrant.
If you think an ISP wouldn't cooperate with the FBI without a warrant, then you are a moron. If you happen to piss off the FBI, they can (after obtaining the warrant) seize all your computers and network equipment for analysis. This will pretty much mean the ISP won't exist anymore -- they generally take a few months to a few years to return the stuff.
At all points in a digital communication the packets composing the message are stored in the memory of the devices involved in transmission (albeit for a short period of time). So does this mean that the wiretap law does not apply to any form of digital communication other than point-to-point where the end-points are owned by the communicating parties? It's fun when non-technical people create laws about technology....
I tell you, if a company discloses any personal info of mine even with a subpeona involved, they can expect one heck of a long and vicious lawsuit.
Why would you do that? They're doing what they have to do, if a subpeona is involved. They cannot legally turn down the request.
I mean, I can see why if no subpeona was issued, they shouldn't be giving out jack shit, but when there's one, there's nothing they can do. If you bring a lawsuit against them, you will lose, and because of the frivolousness of your suit, you will be paying their legal fees.
anyone with some sence has their own domain name (even dyndns would work here, static ip's ya know)
and their mail delivered to a box THEY own, in THEIR house, and encrypted whenever possible.
We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
Worse than that, where do you draw the line for 'storage'? IP uses packets. Between receiving a packet on one interface and sending it out another, a router STORES packets. Does it have to be non-volatile storage? Does that mean a mail server with a ramdisk spool isn't subject to this ruling? How long does a piece of information need to sit in one place during transit to be 'stored'?
Looks like you're out of luck unless you've got a switched circuit all the way through to your destination.
Let's hear it for analog...
I actually agree with the ruling, for several reasons.
1: This will bring more attention to privacy tools like any OpenPGP-compatible program, such as the GNU Privacy Guard, than any law preventing law-abiding citizens from thumbing through your emails.
2: The ISP is providing a service using their own equipment. While laws might help, remember that it IS their OWN damn equipment, and if they choose to, there's little you can do if you're not aware of it.
3: The ISP is not the only point in which any mail can be read. Any number of mail backbones can also store a message for perusing later. This is especially true in the case of those undeliverables that are logged for later review. To focus the blame on an ISP is a fallacy.
Personally, I think that people should have little fire lit under them to get themselves protected. I will admit that it's a bit of a bother now, but as soon as vendors see the market value of such systems, how long until it's easy enough for aunt Maude?
The Penguin Producer
Keep in mind that it is the job of the court to interpret the laws that already exist, not to "legislate from the bench" (which, unfortunately, happens all too often). As outrageous as it is for an ISP to be able to read email, don't bash the court -- bash the legislators for not fixing the law.
I actually know the defendant in this case, Brad Councilman, personally (although it's been quite a few years since I've had any significant contact with him.) He's a good guy and he pretty much had his life torn apart for several years by overzealous prosecutors looking to make a name for themselves by looking tough on "computer crime." What he did wasn't necessarily right, but he certainly didn't deserve to be treated as a criminal for it. I'm not going to get into a debate with anyone about this right now - I doubt I'm going to change anyone's minds, but think about this: if this guy had the words "accused hacker" before his name in these headlines, how many of you would be rallying to his defense instead of looking to crucify him? If his name were Kevin Mitnick, how many of you would be complaining about how this country is turning into a police state instead of acting like some sysadmin reading your e-mail is a human-rights violation on a par with the Rodney King beating?