Government Has a Right to Read Your Email?

gone.fishing writes to tell us that a new lawsuit is challenging the government's right to read your e-mail. The Minneapolis Star-Tribune is reporting that a seller of "natural male enhancement" products sued after a fraud indictment based on evidence gleaned from his electronic mail. Federal prosecutors say they don't need a search warrant to read your e-mail messages if those messages happen to be stored in someone else's computer."

What part of

[Marxist+Hacker+42]

No Reasonable Expectation of Privacy in the Public Domain don't you understand?

Like it or not, the Internet was built by the Federal Government- and it very much is the public domain. Any message sent across it unencrypted is just as much fair game for prosecutuion as taking a picture of you mooning other cars on the freeway.

Re:What part of

[Mr.+Underbridge]

Like it or not, the Internet was built by the Federal Government- and it very much is the public domain. Any message sent across it unencrypted is just as much fair game for prosecutuion as taking a picture of you mooning other cars on the freeway.

That's not the argument they're making. They're arguing that since you don't own the computer the message is stored on, you have no right to privacy.

That makes no sense, however. I don't own the phone network once it leaves my house (more precisely, the NID), but I have a right to privacy as defined by quite a bit of legislation.

Like it or not, the Internet was built by the Federal Government- and it very much is the public domain

Don't know where to start with this one. First, when we talk about "public domain," we're talking copyrightable works. The internet isn't copyrightable. Second, the government doesn't own the individual links in the internet backbone.

In short, I'm having a hard time seeing why an unsecured communication between two people should be protected when it's a phone conversation taking place over, say, Verizon-owned fiber, but not if it's an email saved on a Verizon-owned hard drive.

Re:What part of

[Marxist+Hacker+42]

Different public domain. When you're talking privacy laws, the Internet is more like FedEx, UPS, or your local city park than it is like a phone line or the highly protected US Mail.

Re:What part of

[Marxist+Hacker+42]

Can emails you send be considered your "effects"? It's a good question.

I'd say NO- for the very reason put forth by the Feds. Once you send it out, that copy of the data belongs to the ISP, not you. No different than committing a crime in front of the local police station when you get right down to it.

Re:What part of

[Marxist+Hacker+42]

Yep- and just as a paper you nail to the telephone pole down the street becomes a part of the public sphere and no longer your property, so too is it with e-mail when you hit SEND. I like your analogy- you just didn't take it far enough.

Re:What part of

[jacem]

To add to your point. Letters in seeled envelopes {sp} are protected postcards are not. If I send a postcard I can't assume that only the addressed recipient will turn it over and read it. But, I can assume the the seeled envelope will arrive seeled.

JACEM

Re:What part of

[Marxist+Hacker+42]

So if I send a work I've copyrighted through email, the ISP owns it?

They own that copy- which you as the copyright owner freely gave them by ASKING THEIR E-MAIL SERVER TO MAKE A COPY!

Damn! Should the Fed have the right to open your snail mail, too?

They did with US Mail before they passed a bunch of laws making it illegal. They still have the right to open snail mail sent through FedEx, UPS, or a half dozen other private carriers.

What's the difference?

The difference is that the laws haven't been passed to make snooping on e-mail illegal. Or for that matter, UPS and FedEx packets.

Even when in public, I have a right to reasonable privacy.

Not by the Supreme Court, who ruled that you have NO reasonable expectation of privacy in the public sphere.

For instance, it's illegal to take pictures up someone's skirt. UP their skirt, you know, from ground level? If someone happens to be leaving a car and wearing no undies, that's different.

Yes, but that's a different special exception law- like the special exception of privacy in the US Mail. No such law has been passed for the Internet yet.

You seem to be making up legal precedent to suit your argument. The internet is not "the public domain." How is it different than phone lines?

The laws haven't been passed to make ISPs common carriers yet.

I mean, your phone conversation passes through many different telcos and any of them could easily listen to your conversations, but this is illegal.

Yes, but once again, special exception laws had to be passed to create that expectation of privacy in the public sphere.

How is the Internet different?

There aren't any laws creating privacy there yet.

Don't ISPs have common carrier status, and doesn't that preclude them from monitoring your communications?

No, ISPs do NOT have common carrier status- and they can do whatever the hell they want to as far as monitoring your communications are concerned.

And doesn't the government have to play by different rules anyway?

Yes, to a certain extent- but you can't smoke a joint in front of a policeman and expect not to get arrested either.

In the US, our government is bound by the Constitution which precludes them from doing certain things that a company could do.

True, but this isn't one of them, because the Internet wasn't created at the time the Constitution was. Neither were phones or the US Mail service- which is why special laws had to be passed by Congress to create privacy in that portion of the public sphere.

In short, your argument makes no sense It almost seems as if you are being contrary just to be contrary. I can say that black is no different than white, but that won't make it so any more than your claims about our legal and governmental systems make them true.

And claiming common carrier status for ISPs when no such law has been passed is just plain stupid.

Re:What part of

[Marxist+Hacker+42]

Sealed- but yes, very much so. A normal e-mail isn't a sealed envelope. A normal e-mail can contain a sealed envelope- that's what PGP is for- but since there aren't any laws protecting virtual sealed envelopes yet, you take your chance that the encryption won't be broken. They'll need a warrent to get you to give up the key though....

Re:What part of

[Fastolfe]

I suspect the parent poster is talking more about possession of the data than a transfer of your copyrights. In addition, ISPs are not considered common carriers, though they may be utilizing common carriers to send and receive your data.

If you have drugs in your car, and you loan your car to a friend, there's no law that says that they can't root around in your things, they have to be discreet about what they find, or that they can't drive up to a police station and let the cops have their way with your stuff. Your friend has lawful possession of your car, because you let them have it.

Your mail provider has lawful possession of your data, because you set up an e-mail account there. Your ISP also has lawful (though usually more brief) possession of your data, because that's the point of contracting for Internet service. You understood that by giving your data to them, they would send it over the Internet to its destination. Your ISP has business arrangements with other ISPs to make that happen. These ISPs must necessarily possess your data for a short period of time in order to perform the services you contracted with your ISP to perform. There is little (IF ANY) law that requires them to keep it confidential. (At least, that is the argument of the State.)

Even if you have some sort of contract with the friend (ISP) that says they do things to your car (data) that you don't want, there's no law that requires them to obey it. Worst case you take them to court for damages from their breach of contract. This will have no effect on the admissibility of the evidence.

Re:What part of

[rajafarian]

In the US, our government is bound by the Constitution which precludes them from doing certain things that a company could do.

True, but this isn't one of them, because the Internet wasn't created at the time the Constitution was.

Do you know what I see as being a BIG problem? The way the Constitution was originally created was that the federal government couldn't do anything unless it was expressly told so but now it effing thinks it can do anything it wants unless it's expressly told it can't.

That pisses me OFF!!!

Re:What part of

[Marxist+Hacker+42]

Do you know what I see as being a BIG problem? The way the Constitution was originally created was that the federal government couldn't do anything unless it was expressly told so but now it effing thinks it can do anything it wants unless it's expressly told it can't.

Yep, I completely agree- but what are you going to do about it? They've got the nukes.

That pisses me OFF!!!

As well it should- but guess what- the prisons are full of people pissed off that the government took away their freedom. Write your congress critter and try to get the law changed like we did for phone companies and the US Mail.

Re:What part of

Why do you think postcards being sent through the U.S. mail are not protected by the Fourth Amendment? It seems to me the only time you might have your postcard scrutinized is if in the normal course of mail sorting and delivery the non-postal service content on a postcard is inadvertently read and that leads the postal employee to suspect the content is evidence of lawbreaking, then the postcard might be forwarded to other government officials for further screening. Otherwise, I think the Fourth should protect your postcard very well. The government would certainly need a warrant to tell the postal employee to not behave as he normally would and to read every postcard a specific person sent to look for lawbreaking evidence. Similarly, the government would need a warrant to have all of your postcards diverted away from the normal course of sorting and delivery to be read by some non-postal government employee. You do have an expectation of privacy with your U.S. mail, that it won't be handled by the government in a manner specifically intended to scrutinize the communication you are making to the intended recipient. An unethical and unscrupulous government employee (or employees) might try to skirt the Fourth Amendment by reasoning you would never know they had singled out your postcards to be read even though they did not have a warrant to do so. But that is not what happened in this email case. The government very specifically went and sought to read this person's written communications without first getting the Fourth Amendment's requisite warrant.

I don't like spammers anymore than you do (I guess, unless you are one), but saying the government is free to intercept communications for specific scrutiny without a warrant is very much the madness of all of the King Georges throughout history. Part of the government's duty is to uphold the Fourth Amendment, not ignore it for convenience.

Re:What part of

[Matt+Edd]

+0 WTF?
Are you saying that e-mail is gay?

Right to read

[laffer1]

This is more of a question rather than comment. Is it legal for them to read snail mail at the post office? Its stored there until you get it delivered. If no, then this lawsuit has a point.

Liability

[omeomi]

I wonder if it's possible to (successfully) sue whatever private entity gave up your email information (i.e. the "someone else's computer")...Seems like the government should be forced to get a warrant even for your email stored at your ISP...otherwise, your ISP should be liable for not protecting your personal information.

Specific instance of a general problem

[Jerf]

This is just a specific instantiation of a general problem with computers.

With old-style non-electronic messages, there is no distinction between the contents of the letter and the physical letter itself. Hundreds of years of laws and general ethical principles were written based on the assumption this will always be true. Now it's not, and it's all breaking down, but most people don't even notice this is the root of the problem because the assumption is so deeply ingrained. Instead, they want to just hack around the problem, not noticing you really need to rethink the whole system.

Copyright has the exact same problem.

The internet privacy advocates mentioned in the article, which the general /. populace will probably view with more sympathy than the government, by claiming that email should be treated just like physical mail are really committing the same error as the government, who are basically acting as if they do have a place where they could grab a physical letter and therefore they can, just as if it were physically sitting somewhere.

The reality is that we need to sit down and really re-think the entire situation. The old model is broken.

Catch 22...

[the_skywise]

"E-mail providers also routinely screen messages for spam, viruses and child pornography. That further undermines claims to the privacy of e-mail, government attorneys say."

Good point here. If you're allowing a company to snoop your email for spam/viruses then you're already negating the privacy issue. If the judges decide that privacy wins out then the spam companies can sue to say that the big ISP's have no right to snoop their mail for spam before reaching your computer.

On the one side you've got the phone-call analogy (where the government can't eavesdrop on your phone calls even though they go through a public system) and on the other you've got the photo developing places which can turn over photos to the government if they deem something they see is illegal.

Definitely an interesting case.

What if...

[BenSchuarmer]

What if the mail in question is a post card?

It seems to me, that anyone who wants to keep their mail private, should put it in an appropriate container (aka encryption).

What moron modded you "insightful"?

[mmell]

Your assertion is not unlike suggesting that I have no expectation of privacy in postal mail because for a length of time it was in the posession of a Federal agency, the US Post Office.

In Soviet Russia...

[Kelson]

I've woken up in the Soviet Union. No, the police cannot steam open your mail without a warrant. No, they cannot tap your phone without a warrant. (Until recently of course). Why we have given up on these principles and accepted universal wiretapping for newer technologies, I cannot imagine.

Kind of makes you wonder who really won the Cold War, doesn't it?

We've obviously been doing better than Russia and most or all of the other former Soviet republics, and capitalism clearly triumphed over communism, but when it comes to personal freedoms, we're doing to ourselves what we feared the Soviets would do to us. Did we really come out on top?

"Government Has a Right to Read Your Email?"

[AK+Marc]

I read the sensationalist title, and I read the summary, and I read the article. From that, there is no one disputing the governent having the right to read your email. The title is implying that the government is reading people's emails without cause. Regardless of whether that is the case, that is not related to what is happening here. The only question is what level of paperwork the government must go through.

During the investigation, agents obtained court orders allowing them to collect thousands of Warshak's e-mails from Yahoo and another e-mail provider. A court order requires a lesser burden of proof than a search warrant.

Everyone is in 100% agreement that with a search warrant, the government may obtain the emails in question. So, the answer to the useless title is "Yes, everyone involved in this case agrees that the government may read your emails." But an accurate title wouldn't have been as sensationalist. I guess generating page views is much more important than actually being descriptive. I don't mind whoring for page views. That's the nature of the Internet. I do object to lies and misleading statements designed to generate page views. I think that Slashdot has gotten to the point where the paid editors are supposed to post dupes, bad grammar, wrong titles, and such in order to bring out the people that complain about them (unfortunately, I'm in that group).

Let me see if I've got this right

[rewt66]

Some sleazebag spammer sends me spam. I complain to the authorities. Said authorities decide that the spammer is breaking the law (fraud, spam laws, whatever). And the spammer says that the e-mails can't be used as evidence against him, because it's his private communication? That's the craziest legal theory I've heard since SCO.

You send your trash to me, I'll let the feds take it as evidence, gladly. You send several million of your trash to Yahoo, Google, and Hotmail, and they probably feel the same.

Free clue to spammers: The feds aren't the ones invading our privacy here. You are.

Difference between phone & email

In short, I'm having a hard time seeing why an unsecured communication between two people should be protected when it's a phone conversation taking place over, say, Verizon-owned fiber, but not if it's an email saved on a Verizon-owned hard drive.

Because there are very specific laws protecting phone calls.

Unencrypted email is more like a post card with no envelope than a sealed letter -- anyone who's system it passes by can see it so easily that there really is no expectation of privacy.

• If you want to send confidential material through physical mail, you put it in an envelope -- otherwise, lots of people can see it.
• If you want to send confidential material through email, you encrypt it -- otherwise, lots of people can see it.

Why more people don't use encrypted email boggles my mind.

Re:Difference between phone & email

[meta-monkey]

Why more people don't use encrypted email boggles my mind.

Probably because it requires every person you send email to or receive email from to be aware of the encryption system and how to use it, and most users of email are technically illiterate? I, for one, don't want to have to try to teach my parents how to use PGP so the government won't find out I'm planning to arrive for Christmas dinner at 2PM.

Re:Difference between phone & email

[Fastolfe]

Why more people don't use encrypted email boggles my mind.

Is there some keyboard shortcut in Google Mail that I'm missing? People don't use encrypted mail because it's not readily available. Yes, the technology has been around for decades, but until it's pointy-clicky accessible via all of the major e-mail providers, it'll never go anywhere.

Re:Difference between phone & email

Phone, where lots of legislation will protect your call unless they have a warrant or your're the target of a warrentless tap.

Although everyone these days seems to be the target of a warrant-less tap. Sure, it won't hold up in court, but you may never see a court.

Skype, where the communication is encrypted and so protected unless the government goes to skype/ebay with a warrant.

...except that the posters' parents are probably not using Skype.

Physical mail, where there are laws protecting you, and it's kinda hard to read without the tampering being detected.

Except if you have a really bright light and decent software to pull apart the folded layers of letters.

Nothing to hide...

Right now the bar may be set fairly high, but in the future, the fact that I am going home for Christmas may used as justification to persecute me. Worse, if the data is saved, it can be used against me in the future. "Nothing to hide" is just a euphemism for "doing right now what the government currently says is okay right now".

Re:Difference between phone & email

[Artifakt]

4. Nothing to hide -- if you're not expecially interesting to the government...

This is the one you CANT pick as an option. People have ended up on government watchlists for incredibly dumb reasons, such as having the same last name as another person, or being photographed in the background at a public event. Unless you know of a way to change your name to one that no one else will ever commit a crime under, or how to never be near where anything of government interest will happen, there is no guarenteed way to do option 4. Since either of those examples would take being able to predict the future, being 100% successful at it would be required - the government would be very interested indeed in a 90% successful psychic if they could catch one.

Recent studies on riots have shown that probably as many as 3 out of 4 people involved are just trying to slip away from the crowd, but want to do it gradually and casually because they fear pushing and shoving against the flow will draw the mob's attention to themselves. That fact alone means that there are lots of people currently on government watchlists who were effectively innocent of any intent. Even if we assume the police tend to concentrate on the more active leaders in a mob scenario, they are not going to be nearly 100% successful at singleing them out (if they were, they would have understood how many people just get tangled up in a riot many years ago, and we wouldn't have needed the studies).

Encryption!

Was there ever a more exemplar case for using encryption on email? People think that their correspondence is "not important enough" to encrypt. I say that if you wouldn't write it on a post card for the world to read, put in in an encrypted envelope.

Encryption is like condoms: use it or get VD^H^Ha subpoena.

(Posting anon for effect)

Re:Sure I am guilty...

Sure, all of those (funny) possibilities are important, but not when the information in question is documents. Did they hold the email under water until it changed to fit the bill? Did they kick down the door to the email's home and catch it being... an email?

Situational evidence such as you describe is a perfect example of why we need to have due process. Discovering (completely legal discovery mind you) documents that are irrefutable is not vulnerable to intimidation tactics. Sure, they could have made all of this up... but your not understanding where I am coming from. I am not talking about these documents being falsified and that is his argument, his argument has nothing to do with the validity of the information, just the (completely and totally) legal way by which it was seized.

Again... the validity of the information (your entire argument) is not in question, you imply that through intimidation tactics and shotgun investigations they happened to find this guy as guilty... What is in question is the method by which it was discovered. If the police DID walk down the street kicking in every single door and they found some guy stabbing his wife to death with an ice pick, I would want that guy arrested and thrown into the slammer without argument, and I could care less if the police kicked in 50 doors to find him. Sure, police kicking in doors is a completely separate problem that should be treated as such, a separate problem.

Judge: How did you find this information?
Sheriff: We kicked down 200 doors and we see this guy stabbing his wife.
Judge: Well... pack your crap, your fired. Wife stabbing guy... how do you plead?
Wife stabbing guy: Innocent, they didn't knock first.
Judge: if they had knocked, would you have not killed your wife?
Wife Stabbing guy: Probably not... I really wanted to stab her.
Judge: Gotcha... Pack your crap, your going to jail.

If the information is irrefutable, and is 100% accurate, how does the discovery abolish the crime?

Common Carrier (was: Re:What part of)

[Nefarious+Wheel]

And claiming common carrier status for ISPs when no such law has been passed

Good one! That's a well reasoned, and well informed argument and answer.

So, it's an easy step from here to say "let's pass a law that recognizes ISP's as common carriers".

Write your congresscritter.

And I would argue

[Sycraft-fu]

That e-mail doesn't really need the same protections. The thing is with e-mail, or indeed with any computer based communications, a solution exists: end to end encryption. When there's something you don't want someone to see, encrypt it at the sending computer and decrypt it on the receiving computer. Trust nothing in the middle. I basically assume that anything I send in cleartext my ISP can read if they feel like. Will they? No probably not, but they can and so I don't send stuff in the clear that I would mind if they saw. If it needs protecting, it's encrypted. For example I never access any system at work over an unencrypted link.

I'm not sure I'd want laws protecting it since it would likely include sysadmins as well as the government. It'd be a major problem at work if I couldn't access someone's e-mail. There are numerous occasions when a problem requires us to get in to someone else's e-mail box. It's all legal, the systems are owned by the university and we are the designated support. However if there were a privacy law saying we couldn't, that'd be problems. Or hell, imagine on a personal level. You run a little server that some friends have accounts on, including e-mail. Suppose it was similar to postal mail (federal felony) for messing with it. You'd want a situation where cating the wrong file could be a felony?

As I said, I think the answer lies in the technology. Since it is easy to use end-to-end encryption, it should be incumbent on the user to do that when the data is something that they don't want a third party to see.

Re:And I would argue

[xappax]

Since it is easy to use end-to-end encryption, it should be incumbent on the user

If it was really easy to use end-to-end encryption, that might be a reasonable expectation. But it's not really easy. The proof is that almost nobody encrypts their emails today, but if you told them that strangers were reading their emails, they'd be unhappy about it.

Compare the email situation with many other security precedents. There are phone-tap detecting devices out there that could be used to prevent eavesdropping on phone calls. It wouldn't be too hard to phone users to employ these, but there's also a law which says you can't tap people's phones (at least there used to be!). It's reasonable to expect you to lock your door, but there's also a law which says you can't trespass in someone's home, even if they don't have a lock. It's a good idea to learn self defense and carry a weapon if you're going to an area where you might be accosted, but there's also a law which says people can't attack you.

Personally, I don't trust the government to protect any of the rights they supposedly guarantee me, but that doesn't mean that they shouldn't guarantee them. At least with a legal guarantee I have some kind of recourse, and there's a deterrent for the law-abiding people or officials who might otherwise try to snoop on me.

I agree that we need easier and more powerful privacy technology, but it'd be awfully nice if I didn't have to defend my privacy by force all the time.

Re:And I would argue

[Agelmar]

Does it tell you how to get someone else's public key? Does it walk you through how finding out if the key on pgpkeys.mit.edu is really *my* key or someone else's? And please, do tell me how the hell I'm supposed to get the public key for my bank - any of the five I have a relationship with. Try calling up Bank of America and telling them that you want to send them an email about your account and need their PGP key. If you're lucky you might get someone who has a clue after five transfers, who will just tell you that "Sorry, this is not supported." That's if you're lucky. Now try to get me a key for DeutscheBank. Or, if you really want an exercise in futility, try to tell me how to get a key for Bank of .

Encryption is all well and good, and if you look on pgpkeys.mit.edu you will find my key. I drank the kool-aid a long time ago, but I certainly don't consider encrypted email to be a solved problem. Keyservers, as they are today, are basically a hack. There's no guarantee that you have the correct key. Sure, we could start reading fingerprints and hashes to each other over the phone, but that's far from ideal, and still doesn't solve the problem that if Alice doesn't already know Bob, calling who she believes to be Bob is really not doing all that much to verify any sort of real-world identity if she found Bob's phone number online (the same place she found Bob's key).

The fact that there's a "help" topic does not mean it's a solved problem.

Re:So is any encrypted message.

I've heard this "excuse" a hundred times. If you get to the point where a judge is ordering you to decrypt something it's been vetted and you've already lost. Judges aren't stupid, they won't buy your "it's just random data" excuse. Or maybe the "you don't know how to use this software" excuse. Sure, you talk tough on slashdot about how you won't hand over the keys, it's your right, whatever. It's very simple, if you have encrypted data that is part of a discovery in a case and you're ordered to decrypt it, you either decrypt it or you go to jail. You might sit in jail until you feel like decrypting it. It's pretty far into the process, if you're planning on not decrypting it or it contains your terrorist plans or whatever, you've already had ample time to flee the country.

It does ultimately come down to a judgement call there are probably a lot of variables that go in to how it comes out, not the least of which is how cooperative you have been up to that point. It's not like they just show up at your house and demand encryption keys, we're talking about charges being brought up, going through arraignment and now a trial.

Re:So is any encrypted message.

[mark-t]

If that's how the court wants to rule it, then it would be pitifully easy to frame people simply by sending them encrypted data that they don't have the keys for.

Amendment IV, United States Constitution

[the_REAL_sam]

They do so need a warrant. See: Amendment IV, United States Constitution

"The right of the people to be secure in their persons, houses, papers, AND EFFECTS, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

In any case, they still DO need a warrant to search that 3rd party server. The warrant would simply have to describe the place to be searched, and specify the things to be seized, in accord with the ammendment.

There are lots of analogies: P.O. Box, Voice Mail, Tapped phone lines, Gym locker, direct ip-ip chat (with no brokering middleman server, except routers). Each one of them has a slightly different feel, but in each case it seems clear that the RIGHT thing to do is respect the person's privacy. That the email sits on a server with a delay does not seem relevant (any more than the latent speed of light transmission time when the sound is IN the phone lines)

However, until the authorities have been duly punished for violating the man's right to privacy, it would behoove those who WANT their rights protected to run their own mail servers (either in foreign, non-extraditing countries or in their own homes.) :-)

http://james.apache.org/

If electronic communications had existed at the time of the framing of the constitution, I really doubt they would have left gaps for the government to abuse our privacy by means of raiding electronic mailboxes.

PS -- It wouldn't hurt to use pgp encrypted mail ...uh... sure.

"a-l-w-a-y-s---d-r-i-n-k---y-o-u-r---o-v-a-l-t-i-n -e" :-D