Court To Reconsider Decision On ISP Mail Snooping

thpr writes "In June, Slashdot reported that ISPs can read email (according to a decision by the 1st circuit court of appeals). In short, the court felt it was not a violation of U.S. wiretap laws. Last month, the Justice Department asked for the full court to reconsider the decision. C-Net now reports that the court will 'reconsider its June 29 decision'. Arguments are scheduled for Dec 8."

Kind of link not having curtains

[stecoop]

I would tend to agree with this ruling. I believe that an individual should protect her property as it's kind of like leaving a sofa on the curb not expecting it to be removed or like not having curtains on your windows and expecting people to not look in as the drive by. The property owner of the email should be protecting it via encryption or its there for anyone to read.

I like double rot-13; if it is encrypted and someone cracks it than I guess you should find a better encryption algorithm.

Re:Kind of link not having curtains

[garcia]

The property owner of the email should be protecting it via encryption or its there for anyone to read.

Laws like the ones are talking about will eventually cause the population to do exactly that but it's not exactly as if the criminals weren't doing that already.

You will be labelled a traitor if you protect yourself and [tinfoil warning] you could eventually be held against your will for crimes against the government for protecting your personal privacy [/tinfoil].

Remember that anyone who encrypts their email obviously has something to hide and doesn't support their government and their own freedom!

Re:Kind of link not having curtains

[stecoop]

Remember that anyone who encrypts their email obviously has something to hide and doesn't support their government and their own freedom!

There are so many sides to a coin - case in point you brought up a very good flip side.

But lets say that enough people started recognizing that email isn't *gasp* private and, visioning everyone knowing email isn't private; that all email (lets extend it to internet traffic) became encrypted. This ruling only helps the civil libertarian groups on getting the word out to protect the civil liberties at an individual level.

Re:Kind of link not having curtains

[Kenja]

So you dont mind if I go though your mail in your curb side mail box? After all, that letter from your sister wasn't encrypted, nor was your paycheck.

Re:Kind of link not having curtains

[maxpublic]

Or, let's recognize that email is just the 21st century version of paper mail, and should be treated as such. There's no logical reason why mail transmitted electronically should have less protection than mail transmitted by post.

Max

Re:Kind of link not having curtains

[rackhamh]

But you don't own the postal service mailboxes. So in that case, you don't mind if they rip open your envelope (don't worry, they'll tape it back up), to see what's inside? Maybe photocopy it and store it in their records? Share it with a few people?

I can see the utility of "wire tapping" email, but I can also see how people have an expectation of privacy when they send an email. They expect those "To" and "From" fields to mean something.

Re:Kind of link not having curtains

[KarmaMB84]

Correction, a mailbox you're paying for that someone else owns. I don't "own" the physical box at my local post office, but they aren't allowed to read all my mail on a whim either.

Re:Kind of link not having curtains

[stanmann]

it is, except that most e-mail is equivalent to a postcard since without opening the envelope it is possible to read... BTW it is legal to read a postcard addressed to someone else, it is illegal to open or even destroy a stamped envelope intended for someone else including your spouse, parents, roommates or children.

Re:Kind of link not having curtains

[Kenja]

"that mailbox is my property, and it has a door. it is not the same as an email sitting on server someone else owns."

Not true. In many instances the postal service owns the mailbox just as the garbage service owns the cans. Even if they dont, most people rent their home and so still dont own the box.

Re:Kind of link not having curtains

[stanmann]

yes, any encryption like rot13 is comparable to an envelope and demonstrates intent. ease of contravention is irrelavent making it "non-trivial" to access should be sufficient.

Re:Kind of link not having curtains

[KarmaMB84]

Post cards do not have envelopes and so can be unintentionally viewed. An e-mail would require the sysadmin or employee to actually intentionally retrieve it from their system to read it.

Re:Kind of link not having curtains

Read The Original Article.

At issue here isn't just "anyone" reading the e-mail--it's the ISP. Also, the people who were snooped were not the SENDERS of e-mail--they were the recievers. You can't encrypt someone ELSE's mail to you. Finally, this wasn't a case of "well, potentially anyone can read your e-mail," this was a case specifically of data mining e-mail for commercial purposes.

The original case had someone who ran a bookstore and also provided e-mail service to customers. He then SCANNED THEIR INCOMING E-MAIL for messages from Amazon, to see what they were reading. Not as a random snoop, but SPECIFICALLY to give himself a business advantage by knowing what his potential customers were interested in.

Consider the reprecussions if this is legal. Microsoft (or GMail or Yahoo) would be within their rights to 1.) ready your incoming e-mail, 2.) look for commercially useful data about your shopping habits or personal preferences, and 3.) act on that information.

So, under the original decision, it would potentially be available to scan your e-mail looking for, say, a confirmation for a flight you booked, then sell that information to a third party (let's say a travel provider), who could then start sending you e-mails about taking tours or booking hotels at your desitnation. As long as they copy your e-mail off a server our out of memory (read: don't intercept it DIRECTLY from the TCP/IP packets), this is LEGAL.

Re:Kind of link not having curtains

[mdfst13]

What if they read the mail while it is still in the truck? Or at the post office? What if a piece of your mail drops on the sidewalk? Can anyone read it now? The side walk is public property?

Re:Kind of link not having curtains

[the_weasel]

Hardly true. The postal service is government run - the laws that make it illegal to read sealed mail are part of the system of trust that allows us to place our private corrospondence in the hands of the government. It is part of the service you purchase when you buy your stamps.

E-Mail is not run by the government. It is run mostly by private industry - though anyone can set up thier own mail server no one can argue that private industry does not own the vast majority of hardware and resources that process and transmit the bulk of email.

So - the question to ask yourselves is - do you believe it is the governments job to legislate how a company or even private individual uses and handles data that is hosted and or transferred through their property?

I don't really have an answer, but I find it a fascinating question.

By all means - encrypt your email if you feel the need, but lets not get the government into the habit of legisating the Internet.

Re:Kind of link not having curtains

[rebel47]

Yeah, great. How would you feel if this was extended to snail mail? Think it couldn't happen....think again. How soon before the FBI etc. decides that terrorists are communicating by snail mail and seek powers to intercept and read mail from people they *think* could be, might be sending/receiving mail to or from suspected terrorists or terrorist orgnizations.

Well, if they want to snoop...

[Pig+Hogger]

All they need is to declare that the FBI is an ISP... Voilà, problem solved!

Let me get this right

[Sqwubbsy]

John Ashcroft is fighting for greater privacy for email?
Wonder how the groupthink will justify this.

Re:Let me get this right

[twiddlingbits]

The Gov't can read your email if they wish anyhow. This would prohibit private citizens from doing so by closing the loophole that said "if the read it while it's on the mail spooler and NOT right off the wire it's OK". It's a bad loophole, it should be closed and closing it doesnt hurt Homeland Security any. The Gov't is only going to be reading your email if you are a "bad guy" anyway. They are more likley to snoop on your cell phone calls than your email. Of course if you ARE a bad guy and give out your email addy on the cell phone you are in double trouble.

Re:Let me get this right

[eSims]

" John Ashcroft is fighting for greater privacy for email?"

Of course. If everyone realizes how insecure email really is then encryption will become more prevalent . More ecrypted traffic means a lower singal to noise ratio and much harder to find those conversations that the Feds want to snoop on.

Don't kid yourself. When the Federal Government wants to read your encrypted email they can. But finding what email is worth decrpyting is much harder when everyone is encrypting their email, but as it stands now so few do that an encrypted email is like a red flag saying "Hey! I am important enough to bother decrpyting!"

Re:Let me get this right

[kfg]

Wonder how the groupthink will justify this.

They wish to consolodate the power of surviellence to themselves, and themselves alone.

That way they can not only snoop on the people, but on the snoopers as well; and all without having to worry about being snooped on.

Pretty slick setup really, if they're allowed to pull it off.

KFG

Re:Let me get this right

[Stile+65]

Ashcroft was one of the lead opponents of the movement for key escrow/Clipper chip when he was a Senator. Kerry was one of the lead proponents of it.

Ashcroft had a great pro-privacy record in the Senate; now that he's AG, a different faction pulls his strings.

There's an issue here?

[CSG_SurferDude]

There's an issue here?

I read my users' email all the time, to, uh, ummmmm, help tune my, um, spam filters.

Yeah, that's it, to tune my spam filters.

Why is ISP mail readding bad?

[Theobon]

ISPs can read mail. It is rather impossible to stop them from being able to read plain text data. It is a matter of if they choose to not do so.

If I placed a confidential document on the street with no protection can I arrest you for reading it?

Allowing Email to be read would help prevent spam and other illegal activities.

If you want to protect your Email you can encrypt it using one of the many available free applications/protocals. Which I recommend you do anyways!

Re:Why is ISP mail readding bad?

[paradizelost]

How would this help prevent spam, with all the spam filters, etc... already in place, your ISP isn't going to read your email and delete all of the spam for you, especially not if it is getting past their spam filters.

it is an invasion of privacy, they are service providers, not regulators.

Either way, carnivore sees everything you do anyway, but being from a small town with a small town ISP, i'd rather not have my neighbor who works at the ISP reading my email.

Especially since there may be usernames,passwords, etc.. emailed from institutions like my bank contained in those emails, and no, the bank doesn't give the option of the emails being sent encrypted.

Re:Why is ISP mail readding bad?

[Hatta]

My question is, what makes an ISP? If I give
my roommate a shell account does it become illegal for me to view certain sectors of my hard drive? Does there have to be some sort of consideration?

Re:Why is ISP mail readding bad?

[AviLazar]

If the document was labeled confidential - yes. Poor security measures do not invalidate your right to privacy. Why?: One of the reasons for this is because some people can't afford high security measures, second security measures may fail, three security measures can be broken, and a few other reasons i cannot recall.
A great example I received from a law class I took (I am no legal expert, but my professor is) was a hypothetical situation: If I leave my car engine running, with the windows open and ten thousand dollars on the seat... Would someone who took the car and/or money be liable both criminal and civil courts? Yes.
Fast forward to computer: If I send a text email and at the top of the email it says "the following message is intended for John Schmoe ONLY", anyone reading it is in violation of privacy acts (unless they are authorized to do so by groups like the proper authorities, or contracts.)

email should have the same standard

[SpamKu]

of privacy as phones.

why sould it be that once I use a computer and/or the internet I must see my rights go down the tubes?

Hopefully, this is part of the reason why the Court is reconsidering its decision

Re:email should have the same standard

[david+duncan+scott]

Do you feel that way about your phone calls, which after all travel over phone company wires using their electrons?

Re:email should have the same standard

[shawn(at)fsu]

How about if I don't want you reading it don't read it... Why should I have to encrypt it to keep your snooping eyes away. If I have a post office box does that mean the any tom fool that works for the post office should be able to read my mail? Does that mean that the phone company can liosten to my voice mail?

What if you do encrypt it and they break the encryption? What need could you have to read
my mail, it's not like your law enforcment your a ISP. Just because it's your property doesn't give you unlimeted rights to do what you please, a business can't put up camera's in the womens lavatory and for good reason. The ISP wanting to read my email is like a digital voyorism.

And this whole spam thing is absolutly bollocks, if I have spam in my mailbox I can rpeost it to you as an ISP as spam. How do you know that it is spam anyway untill I tell you. Maybe I actually did want an email for herbal viagra.

Re:email should have the same standard

[ender81b]

To be honest, I wouldn't worry about anyone reading your email. After working at an ISP i've realized that 99.9999999% of all email is the most banal, trivial, boring shit you will ever see in your life. You would probably have a better time memorizing all the digits of PI.

Note: Obviously never read anybodys email just to snoop, usualy involving hte tech support of some kind (i.e. why won't my email work? Well you have a 9 megs of photos you're trying to pull down over a 56k modem in a rural area where the phone lines haven't been touched in 60 years..)

Re:email should have the same standard

[i_r_sensitive]

Yes but whose rights have primacy?

The ISP owns the connection, the hardware, and yes, all the files that reside therein. In the absence of some contractual obligation, they should have the right to read *any* file on their systems, including your mail. When you talk about your privacy rights you are talking about infrigning on the property rights of the ISPs.

An NA pal of mine who works for a local ISP confirms that his employer takes the same stand. But it is worthwhile noting that they have a policy in place prohibiting their staff from so doing without the customer's approval.

Really this is not something the government needs to get involved in, it properly left to the ISPs and their customers to deal with contractually. Legislation in this area is not likely to improve the "traditional" situation...

Re:email should have the same standard

[timeOday]

Insightful? Surely this was meant to be funny.

Some people will fall for any argument if you couch it as an issue of property rights.

Like when political protest was supressed this summer in the name of protecting grass.

Read my mail

I'm going to email myself the Goatse image 1000times/day from now on so whenever they read my email they get my opinions stated to them bluntly.

Seems to me...

[xstonedogx]

...using the wire-tapping law seems like trying to fit an oblong peg into a round hole. Close, but no dice.

The solution here is either to encrypt your email or to create a new law specifically forbidding ISPs from reading your email.

I prefer the former method to the latter. Laws forbidding an ISP from reading your email don't protect your email. They can act as a deterrent, but first you have to find out it occured, and then you have to prosecute. And then your email has already been read.

Re:Seems to me...

[Tyndmyr]

I don't see a reason to create a law for it at all. Sure, none of us want others snooping through our mail... encryption exists for a reason. Also, if a company gets a reputation for snooping in customers mail, what do you think that will do for their business?

Let the free market deal with it.

Re:Seems to me...

[antiMStroll]

"Let the free market deal with it."

This is a goverment canard pulled out when the issue is protecting consumers and citizens from corporations. Corporations however get shrink-wrapped EULAs and DCMAs when their 'free market rights' are endangered. http://en.wikipedia.org/wiki/Corporatism

What if you use hotmail?

[jellybear]

Or gmail? Or yahoo mail? You CAN'T send/read encrypted mail. Sure, there's husmail, but they only give 32 megs. Versus 1 gig on gmail.

Re:What if you use hotmail?

[Tenebrious1]

Or gmail? Or yahoo mail? You CAN'T send/read encrypted mail. Sure, there's husmail, but they only give 32 megs. Versus 1 gig on gmail.

Sure you can. PGP can encrypt the contents of the clipboard. It's a manual process, selecting the text, encrypting (manually selecting the recipient's key), then pasting the encrypted text into your browser, but it's easy enough to do. You can encrypt anything with this method, including posts to message boards.

Stored Communications Act?

[spiritraveller]

You can read the June opinion here.

You can read the order for an en banc rehearing here.

One of the questions they ask the parties to argue for the rehearing is "Whether the conduct at issue in this case could have been additionally, or alternatively, prosecuted under the Stored Communications Act?".

Hmmm, I wonder what the Stored Communications Act is? It seems the court might be worried that the SCA (whatever it is) already applies to email-snooping, so that the Wiretap Act should not apply.

This is a good reason why ISPs are private groups

[ShatteredDream]

Imagine if we go the route that many groups want which is to have local and state governments provide their own taxpayer-subsidized WiFi internet access, as is being talked about for Houston. It would be a disaster for civil liberties. It would be so much easier for the government to spy on you under the guise of the law and you'd have no recourse but to pray that private ISPs are still in business in your area, which they very well might not be with a cheap state-sponsored competitor.

There are of course limits that have to be placed on how private your messages are on an ISP's network. I personally have no problem with somebody that the ISP has detected has been systematically, egregiously violating state and federal laws with the ISP's resources getting spied on a bit to cover the ISP's ass. The ISP has a right, if it **happens** to find you systematically violating the law and putting it in any way at risk to see what you are up to. The only alternatives are a world where criminals have complete freedom of movement and the other is where the police actively spy on the public. I happen to like neither, but that's just me.

You also have to wonder why someone who is sending stuff that is so sensitive that they wouldn't want anyone but the recipient seeing it, wouldn't encrypt the message first. If nothing more write a little script that that scrambles the message based on some hack algorithm you come up with and send it via another email account to the recipient. It's not REALLY secure, but it's a little better than nothing.

Notice it was DOJ asking for reconsideration?

[jordandeamattson]

All -

With the tinfoil hat paranoia running at all time highs, it is interesting to note it was the DOJ, not the EFF or ACLU, that asked the full Appeals Court to reconsider this decision.

I guess that the nasty, civil rights stomping Ashcroft DOJ feels that wiretap laws apply in this situation. Curious.

Yours,

jordan

spammer approved

[slashpot]

I'm a sys admin for an ISP for the last eight years. Do I read customers' email? Yes. Every single email that comes into our servers is "read". Not personally - but by scripts and filters.

The real effect (if this is passed) would be that some spammer gets a bounce message from a spam filter, sues a major ISP for "reading his email" and wins, and then ISPs drop spam filtering to keep from getting sued for privacy violations.

GMail ads?

[theguru]

Would the affect Google's ability to scan GMail messages in order to place context ads?

The EFF WAS involved as was...

[pdcryan]

...the CDT, EPIC, and the ALA. Here's their brief (in PDF).

Re:Why is ISP mail reading bad?

[AviLazar]

While the analogy was not perfect, information "theft" happens the moment unauthorized persons read the document. Even if it was on private property (i.e. i have a confidential letter in my briefcase, and it falls out in your office) the persons finding the document do not have an inherent right to read the letter. You see cases of this when a company sends a fax, at the bottom they include the blurb should the fax be sent to someone else by accident.
While e-mails are not in a sealed container (unless encrypted) a person has to go out of their way to inspect the e-mail. They have to, at the very least, double click (opening) the e-mail. The physical aspects of it are not really the issue, so much as the intent - the right to read someones messages.
I think every person and organization should be expected to follow the same privacy rights of the end users as the telephone companies. My reasoning goes to a much simpler level then things like someones "right" to privacy...my reasoning goes to this: I do not want people to read my private letters, so I realize that people do not want me to read their private letters (unless sent to me). I guess the Golden Rule applies here (for me at least).
Now since we live in a world of crime, if the gov't needs a legitimate reason to read my letters then so be it....unfortunately "legitimate" is a negotiable term.