Appeals Circuit Ruling: ISPs Can Read E-Mail

leviramsey writes "The US Court of Appeals for the First Circuit (covering Massachusetts, Maine, New Hampshire, and Rhode Island) has ruled that e-mail providers are not violating the law by reading users' e-mail without the user's consent. The decision finds that the Wiretap Act does not cover interception of communications where the communications are being stored, not transmitted. Perhaps OSDN should send the defendant, accused in 2001 of reading users emails in order to find out what they were interested in purchasing from Amazon, a T-shirt from ThinkGeek?"

It's Already Pretty Easy

[StormyMonday]

Just browse over to Thawte for a free S/MIME cert (your choice of Outlook or Mozilla), install it, and start sending encrypted e-mail. (Yeah, S/MIME has Closed Source Cooties. Tough. It works.)

There are three reasons that more people don't encrypt their mail:

1. Some mailers won't handle S/MIME, and behave badly when they come across it (refusing to let you read a signed message, for example).

2. People's e-mail rituals don't include signing/encrypting mail. They don't do it because they don't do it.

3. Security mavens tend to run in full Paranoid Nazi mode. They tend to insist on solutions that are only needed if you insist on full anybody- to- anybody communication with a guarantee of no man in the middle. They also seem to think that "security" is synonymous with "how many times can we make the user type in his password?"

Because of #2 above (the real killer) nothing will be done until businesses start insisting on using secure mail. If I remember correctly, Microsoft Exchange has the capability to enforce this, as well as generating certs. No excuse for not using it.