Slashdot Mirror

← Back to Stories (view on slashdot.org)

Appeals Circuit Ruling: ISPs Can Read E-Mail

Posted by timothy on from the odd-distinctions dept.

leviramsey writes "The US Court of Appeals for the First Circuit (covering Massachusetts, Maine, New Hampshire, and Rhode Island) has ruled that e-mail providers are not violating the law by reading users' e-mail without the user's consent. The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted. Perhaps OSDN should send the defendant, accused in 2001 of reading users emails in order to find out what they were interested in purchasing from Amazon, a T-shirt from ThinkGeek?"

14 of 527 comments (clear)

  1. Wait a minute by MoneyT · · Score: 4, Interesting

    If ISPs can read your emails, that stops them from being a common carrier anymore doesn't it? Which then means that they could be held legaly liable for any damages caused by illegal activity via email couldn't they?

    --
    T Money
    World Domination with a plastic spoon since 1984
  2. Re:Isn't it about time... by NanoGator · · Score: 3, Interesting

    ".. to start using strong crypto for our email? "

    Screw that. Use instant messaging. The reason why ISPs can read the mail is because it sits on their servers. Find an IM program that doesn't use a server to store the messages (i.e. I think that rules out ICQ...) and you're set. The only real problem then is packet sniffing.

    --
    "Derp de derp."
  3. Stored, not transmitted? Voicemail is the same... by Cytotoxic · · Score: 4, Interesting

    I don't think the judge understood what he was saying. In ruling that email messages are being stored, not transmitted he completely ignores the fact that the only reason that email is sent to an ISP is so that it will be transmitted. The asynchronous method of delivery really shouldn't enter into it. However, if that is the language of the law, then that is that...

    This ruling would also mean that you voicemail at your cellphone provider is wide open to being listened to as well... Nice...

  4. This is insane by 0x0d0a · · Score: 4, Interesting

    Wow. This is a huge, huge, huge deal.

    Among other things, this means:

    * Email, the dominant form of online communication, which most of us have regarded as fairly secure, is now grabable by federal authorities or police *without a warrant*.

    * Your employer may now read all your email -- previously, he had to at least inform you that he was going to monitor your network traffic ahead of time (admittedly, including such a clause in the usage policy was depressingly common, but still).

    * Free email providers like Yahoo, Microsoft, and Google now are free to do anything they want with all the mail that you've ever sent or has been sent to you.

    I'm sure that the EFF is scrambling to try and do something at the moment -- it'll be their most important case yet.

    *IF* this is not overturned, it means that it is *impossible* to have legal privacy protection for any form of communication that is asynchronous across hosts. This affects a vast number of potential protocols.

    This means that voicemail systems are *not* protected by federal wiretapping law. If you *ever* leave a message for anyone, your privacy protections are out the window.

    It's debatable over whether or not this applies to web caching -- if police and federal agents can now swipe the content of your ISP's web cache (yeah, the transparent proxy that your cable ISP uses, even though you don't think you're using a proxy), they can obtain web browsing data without warrant.

    This is the biggest argument I've seen yet for use of PGP. If you are not using PGP, you *have* no privacy.

    --
    May we never see th
  5. Re:Two words by matth · · Score: 3, Interesting

    I see nothing wrong with this. You are paying the provider to use their mail server. You are storing your mail on THEIR machines. It is THEIR machine they may do whatever they like with it. It's like when you rent a house, the landlord may come by at any point and perform an inspection of the property. It is a private network. Likewise they are completely within their bounds to block mail from say all of AOL or EARTHLINK. Customers may not like it, but it's a PRIVATE NETWORK that you have payed for access to.

  6. Seems like it applies to phones too by RhettLivingston · · Score: 4, Interesting

    What about analog signal delay chips? What about digital phone systems that temporarily store signals in RAM? And if volatile memory is considered transmission instead of storage, what if they used MRAM in the future?

    Others summed it up with "stupid", but "stupid" just doesn't seem to come close.

    I'll bet some ISPs are madly looking at what they have that they could market to the tabloids. Anyone out there have some Senators or Representatives as clients? Publishing all of their email might get a law out quicker than you can say "stupid".

  7. Re:Two words by 0racle · · Score: 3, Interesting

    E-Mail is less of a letter and closer to a postcard since a letter is sent sealed and a postcard is a message sent in the clear. It wouldn't surprise me in the least if a postcard was read by every person that it comes in contact with.

    --
    "I use a Mac because I'm just better than you are."
  8. Okay Thunderbird, time to step up to the plate by Nom+du+Keyboard · · Score: 4, Interesting

    Okay Thunderbird, here's your chance to shine. Make sending and receiving of encrypted e-mail as easy as regular e-mail is now.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  9. And the REAL comedy is... ISPs should HATE this! by ChiefPilot · · Score: 3, Interesting

    I wonder if ISPs can now be held responsible for what passes over their network? An interesting collision between their Common Carrier status and their ability (perhaps implying responsibility) to read email.

  10. Re:How about VOIP providers? by Jay+L · · Score: 3, Interesting

    How about VOIP providers? (Score:2, Interesting)
    by phr2 (545169) on Wednesday June 30, @05:04PM (#9575331)
    VOIP packets are temporarily stored in ram at the different routers they visit as they travel the network. Does that mean that VOIP providers can listen in on phone conversations?
    And what about the ECPA provision on unauthorized access to stored communications (Steve Jackson case)? Don't they apply here?

    I'm fairly sure they do - we always assumed we were bound by ECPA at AOL. It wasn't even questioned.

    I wonder if they just prosecuted the guy under the wrong law - wiretap instead of ECPA.

  11. Re:HIPAA by iammaxus · · Score: 3, Interesting

    There are things they can do to oppose a subpoena and a contract they sign with their customer may require them to do whatever they can to keep information private. If they don't try, they may be in breach of contract.

  12. Re:Two words by Anonymous Coward · · Score: 3, Interesting

    Agreed, I administer several webmail systems (not any of the biggies) and it is necessary to sometimes go into people's mailboxes if they are suspected of spamming/scamming etc. Naturally this is in the T&Cs at sign up.

    We have two things that trigger an account check, one is if lots of emails with lots of recipients are sent in one session (particularly if they put lots of addresses in the BCC field) we will check that they aren't spamming. The other trigger to check an account is when someone complains.

    While will come across to many as a privacy invasion it is sadly the only way to catch and prevent spammers and scammers. We must have deleted over 200 people trying to do Nigerian scams over the past few months. Normally we replace their account with an auto-response so anyone responding to the scam gets a message from us explaining the con.

    It could be worse, we could be like Hotmail and delete accounts without even checking they have been used for abuse.

    One guy tried to get us to delete an account claiming it was being used by someone to bid on Ebay auctions without paying. A quick inspection of this mail account revealed it was being used by an Ebay scambuster, and thanks to him the guy complaining had all of his scam auctions closed. :)

  13. Re:Two words by AJWM · · Score: 3, Interesting

    Email doesn't need to be "handled" by anyone - the software can do it all.

    Except when the software doesn't, and then someone (usually read as "sys admin") may have to look at it to see what the problem is. Which happens rather more often than, say, the Post Office having to open a letter to figure out the addressee (or sender) because the front of the envelope smeared. (Had to do that today, as a matter of fact -- a bunch of undelivered messages stuck in the mail queue.)

    Furthermore, "the software" can -- and frequently does -- also scan all the email looking for items of interest before reporting same to its human master(s). This could be something gov't mandated like Carnivore, or benign like a virus filter, or questionable like a corporate-mandated scan of outgoing email for certain keywords (trade secrets, spam, pr0n, whatever), but it happens. (In the latter case, encrypted email might just be blocked except from certain authorized users.)

    --
    -- Alastair
  14. Re:Two words by TRACK-YOUR-POSITION · · Score: 3, Interesting

    The post office probably doesn't do that. Employees of the telephone company, on the other hand, are permitted to listen to any call for maintainnance purposes, and generally have a lot of discretion in determining exactly what maintainance is.