Expectation of Privacy Extended to Email

An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"

Can we extend this

[LiquidCoooled]

Cos if we can get webmail onto the list, maybe there is a chance we can get slashdot comments done as well.

private todo list:
1) buy gimp mask
2) ?
3) Profit.

Re:Can we extend this

[DragonWriter]

Cos if we can get webmail onto the list, maybe there is a chance we can get slashdot comments done as well.

Unlikely. Slashdot comments are public by design. Webmail is simply an interface to otherwise regular email message, which this covers under the logic they are intended for an identified recipient and provided to other intermediaries on the way for delivery, much like traditional mail.

Re:Can we extend this

[shellbeach]

Can we extend this That's what Enzyte was for ...

too bad

[mchale]

I agree wholeheartedly with the court's findings -- people have an expectation of privacy when sending (hardcopy) written correspondence, and it makes sense to extend that privelege to the digital realm as well.

It's just a shame that the right decision comes down on the side of the spammer.

Re:too bad

[LWATCDR]

Yea so you can go to jail for just having an Ethernet sniffer!
Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text.

Re:too bad

[Jeff+DeMaagd]

It's just a shame that the right decision comes down on the side of the spammer.

I think it's a dumb snake-oil product with a dumb ad campaign, but "spammer" is not the correct word to use as far as I know. Spam is not used to describe TV ads that help pay for what you are watching. The OED's definition is about bulk messaging over the Internet.

Re:too bad

[mastershake_phd]

It's just a shame that the right decision comes down on the side of the spammer.

Everyone deserves the same rights and treatment under the law.

Re:too bad

[UbuntuDupe]

Everyone deserves the same rights and treatment under the law.

I agree.

Well, except for rich people. And pharmaceutical companies that spend more on advertising than research. AFAIK, they're first against the wall.

But yeah, equal treatment for everyone else.

Re:too bad

[DragonWriter]

Yea so you can go to jail for just having an Ethernet sniffer!

Nothing in the current decision suggests that, since it is about the meaning of the Fourth Amendment and therefore the limits of government power.

It is clear text.

So are much of the the hardcopy material in which you have a reasonable expectation of privacy under the Fourth Amendment. Encryption has never been a Constitutional prerequisite to a reasonable expectation of privacy.

Re:too bad

[Vancorps]

Don't know how email works in your organization but here it's encrypted until it hits the first MTA. An ethernet sniffer won't get you anywhere. A postcard also cannot be removed from the mailbox by anyone other than the recipient, a representative, or through a court order. That sounds about right for email.

Just because it's realistic to say that a few people might read the postcard while handling your mail doesn't mean that the police should be able to just grab all your mail and rifle through it without a warrant.

Re:too bad

[mastershake_phd]

Everyone deserves the same rights and treatment under the law.
I agree.

Well, except for rich people. And pharmaceutical companies that spend more on advertising than research. AFAIK, they're first against the wall.

But yeah, equal treatment for everyone else.
 
Your right about the rich, for instance the rich can buy expensive lawyers to get them out of trouble. They can even afford automatic weapons, which because of the artificial scarcity caused by various gun laws, only they can afford. Could you afford to pay $20,000 for an automatic M16?

Re:too bad

[Constantine+XVI]

Only if you don't run it through PGP or some other encryption program first

Re:too bad

Mailed letters are almost always clear text as well. Does that mean there should be no expectation of privacy?

Let's not forget that email is also wrapped in an envelope of a sort and is not human readable without the aid of computer software (the analog to a 'bright light').

The only real difference between email and a physical letter is that the email is transmitted via the same medium as a lot of other information - information which is not illegal to intercept.

Re:too bad

[TFGeditor]

"Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text."

Except for the fact that you cannot read someone's email as a routine matter of simly handling it, as in a mail carrier. It takes extraordinary effort to access/read someone's email, akin to steaming open an envelope. Ergo, your assertion is wrong.

Re:too bad

[TFGeditor]

Uh, I dunno where you buy your weapons, but if you paid $20k for an M16, I have some ocean front property in Arizona I'd like to discuss with you.

Re:too bad

[LWATCDR]

I agree that email should require a court order for the police to search it however just as two people holding a conversation in a public place have no expectations of privacy the same is true of email.

At my office we just got an email from a customer and she included her credit card number in the EMAIL! No we didn't tell her to send it but I hope like heck that she doesn't read this story and think that it is alright to do in the future!

Re:too bad

[TheMeuge]

Well, you can go ahead and try to find $20'000 for an M16 (which is not fully automatic by the way, and only fires 3-round bursts, unless modified or the A1 version, which nobody would ever want anyway).

While you collect the $20'000 for the M16, I can get 10 AK-74s and 50kg of ammo... and still have some money left over.

See - you don't need money, just some common sense.

Re:too bad

[Vancorps]

The difference is that the casual observer can hear two people holding a conversation in a public place. You cannot casually observe email without explicitly trying. That is the big difference, it takes effort to look at email and that is why there is an expectation of privacy.

I've dealt with a few organizations where they've sent credit card info in an email. They are business cards with fraud protection so most people don't worry about it. Of course you must trust the recipient. Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path. In either circumstance an alternate crime has already been committed and will be dealt with. I'm not sure there has ever been a case of credit card fraud because someone sent and email with credit info and the message was intercepted. It's always the recipient of the information mishandling the data in some way.

Personally I don't care either, what I write in email I freely share with others because I use my corporate account. I'm the only one in the company authorized to go through email so I really don't have to worry, beyond that it just doesn't matter. If you speak ill of someone speak ill of them to their face. I've never been afraid of my emails being public but given that the execs often plan secretive meetings and the future of the company through email I can understand the expectation of privacy. Just because I can go through everyone's email doesn't mean that I do. I require a specific reason and only then will I move forward. I do this even when an exec asks me to pry into email accounts. If they don't have a reason then I don't do it. The company lawyer supports me in it all so I'm pretty safe.

I would agree that sending CC info in email isn't necessary the brightest thing to do but no more so than giving it over the phone to someone which also enjoys an expectation of privacy.

Re:too bad

[kristopher_d]

Having worked in Pharma-Research, I can say without a doubt, much much much much much more is spent on research than advertising. The cost of failed research arms is rarely included in the propaganda that suggests otherwise. Just remember, if you don't like the price of drugs in the US, blame Europe. This is the only country on the planet that allows pharmas to charge more than manufacturing costs for drugs. So we're the only ones on the planet paying for R&D.

Re:too bad

companies that spend more on advertising than research.

Like Apple?

Re:too bad

[AdamKG]

Except for the fact that you cannot read someone's email as a routine matter of simly handling it, as in a mail carrier. It takes extraordinary effort to access/read someone's email, akin to steaming open an envelope. Ergo, your assertion is wrong.

Counterpoint: Wireshark. Reading someone's plaintext email with off-the-shelf hardware, for either ethernet or WiFi, does not take "extraordinary effort." It hardly takes effort at all. If you ever want to try it out, be warned: it'll scare you.

In contrast, sniffing SSL traffic is for most practical purposes neigh-impossible. It's so nice how public-key encryption gives us this wonderful, thick solid line to be drawn between "private" and "not private" communications... now if only legislators would stop trying to modify this seemingly perfect, clearly drawn boundary, etched in the universal laws of mathematics.

Re:too bad

[UbuntuDupe]

Oh, come on, if you couldn't get a patent on the successful drugs, wouldn't you STILL invest at least as much in research, and still produce wonderdrugs at the same rate??? [/typical slashdotter posting about pharma patents]

Re:too bad

[AuMatar]

THat line will work absolutely perfectly- as soon as every form of electronic communication supports encryptes or unencrypted mode out of the box, defaults to encrypted, and requires the user to specificly set unencrypted.

The vast majority of people are not technically inclined. They barely know what encryption is, much less know how to use it. Imposing a burden of technical knowledge on the masses is not acceptable.

Re:too bad

[Myopic]

Aha, but there you are wrong. If you send a postcard, you have very low expectation of privacy. However, if you put your letter inside an envelope, then you have an expectation that the envelope will only be opened by the intended recipient. Regular email as we mostly know it is like a postcard, but you can put your postcard into an electronic envelope by encrypting it, which would give you a greater expectation of privacy. Sure, a person can still break your encryption, but that person could also just open your envelope. We would recognize these actions as crimes, preserving your privacy.

One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium. I predict in the future a huge legal case where this exactly is the crux -- the question, what is the expectation of privacy in an unencrypted email? I further predict that the result will be similar to a postcard, not a letter.

To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.

Re:too bad

[honkycat]

Effort doesn't need to be extraordinarily sophisticated to qualify as extraordinary effort. You don't often *accidentally* read someone else's email in the process of ordinary use of the internet. You have to make a special effort to do so. Consider the parent's physical example -- steaming open an envelope. This requires a bit of care and physical access, yet few would consider it exceptionally difficult. Still, we consider the envelope and mail process to provide sufficient security to give us the expectation that it will not be intercepted by otherwise well-intentioned bystanders. That's really the test that ought to be used in this case. Yes, the police COULD make a concerted effort using only moderate technical sophistication to intercept your email, but that's not the point. The point is they are bound by the Constitution NOT to make that effort without court order.

Re:too bad

Everybody I know already encrypts their emails using rot13 twice.

Re:too bad

[Ptero+Duck]

It's about time the issue of email privacy was settled. I'm glad to see it.

@LWATCDR: No, you wouldn't be breaking any laws by having an Ethernet sniffer, nor would you be in trouble for reading anyone's unencrypted email by any other method. The 'expectation of privacy' simply means that you cannot divulge the contents of a private email you read, or materially benefit from its contents. It's the same as listening to a private telephone conversation on a party-line or intercepting any other electronic communication (such as those from the older model cordless telephones) that are transmitted in the clear. Such laws have been on the books for years, as implemented by the F.C.C. And, it may surprise you, the same expectation is true of post cards: while, indeed, they are readable by anyone, there still exists a legal 'expectation of privacy' regarding them, and you cannot divulge the contents of personal correspondence to a third party.

Re:too bad

[KozmoKramer]

Well, if you have an Ethernet sniffer, and you use it to spy on someone else, then yes you are guilty of a crime, and you should pay the price, be you a government lackey, or a nosey civilian hacker/ cracker punk.

Re:too bad

[Chris+Burke]

Regular email is like a snail-mail in an envelope -- it is trivial to read it, but it requires conscious effort to do so. A postcard could fall on the ground text-up and be read by random passers by who just happened to glance at it. Unless there is something serious going wrong, someone else's email is not going to just pop up on your screen. You have to make a conscious effort to read someone else's email, and yes I'm including using a packet sniffer.

Encryption is like shipping your letter in a box with a combination lock on it. That may be a really good idea if the contents of the letter are extremely important, but 100% absolutely NOT required for you to have an expectation of privacy vis a vis the 4th Ammendment.

People keep confusing "expectation of privacy" with "practical feasibility of someone violating their privacy if they want to". They are not the same thing. As a techie you might think it has something to do with how difficult it is to read email, but that's really irrelevent, which is obvious if you look at every other method of communication.

I have an expectation of privacy when conversing in my home, even though just putting your ear to my window would allow you to hear.
I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.
I have an expectation of privacy when sending a letter, even though a light shone through the envelope can reveal its secrets.

Now, if you are worried about people who don't care about your expectations of privacy or the law, and your data is important, then yes you should be aware of the practical reality and take extra precautions, eg encryption, or a sound-proof booth in your home, or whatever. That is not the same as an expectation of privacy.

Expectation of privacy means you expect you will be granted privacy, not that you expect that nobody can breach your privacy.

Re:too bad

[Vellmont]

Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.
It is clear text.

Bzzt...

My phone line isn't encrypted either, and in fact physically available for tapping to anyone in the building, yet I have a high degree of expectations of privacy.

Before cell phones went digital, anyone with a television tuned to a UHF channel could listen to cell phone conversations, but yet there was still an expectation of privacy from government taps.

You seem to think just because you understand the technology, you understand the law. You're wrong.

Re:too bad

[Khaed]

Could you afford to pay $20,000 for an automatic M16?

I'd rather have a semi-automatic, thanks. Fully-automatic is a waste of bullets. :)

Re:too bad

[imgunby]

I don't believe your analogy (which we've all beaten to death here) is entirely accurate though. Certainly, I will concede that the email headers are like the postcard; no reasonable expectation to privacy, any more than the addressee is "secret." However, I believe that there is sufficient reason to presume that the body of the message is reasonably "private" since normal internet equipment does not need to examine that information to route it across the web. And for the "difficulty" in sniffing that "secret" body content... I'd guess it's about as hard as it is to open someone's physical mailbox and open what's inside. Not hard, but not legal either. Having the ability to do something doesn't make it right or legal, why should packets in the ether be any different?

imgunby

Re:too bad

[packeteer]

Aha, but there you are wrong. If you send a postcard, you have very low expectation of privacy. However, if you put your letter inside an envelope, then you have an expectation that the envelope will only be opened by the intended recipient. Regular email as we mostly know it is like a postcard, but you can put your postcard into an electronic envelope by encrypting it, which would give you a greater expectation of privacy. Sure, a person can still break your encryption, but that person could also just open your envelope. We would recognize these actions as crimes, preserving your privacy.

To me there are 3 levels of protecting mail (electronic or not). The first level of privacy is a postcard or a plaintext email. These are both trivial to read and you can accidentally read them without any intent to do so. In the normal duties of a sys admin or a postal worker they will run into your mail.

The next level is minor obscurement of the mail. I would say the putting your email in an envelope is like compressing your email. Compression or an envelope does not try very hard to hide your mail but it means someone will have to deliberatly attempt to open your mail. Anyone can agree that making a choice to open someone's mail is wrong and illegal. The exception to this of course would be a postal worker or sys admin in some type of unusual duty that involved safety such as anthrax in the mail or a viras on the internet. The law is pretty clear that safety concerns trump privacy concerns whether you like it or not.

The last level of course would be actual encryption of your mail, electronic or not. You can encrypt both and the only way to undo it would be to intentionally break the encryption or get a court order forcing someone to give other their keys. By the way if a judge says you have to give over the keys you do or else you are held in contempt of court. The same thing applies with keys for a safe or a storage unit you lease/own.

Re:too bad

[DamnStupidElf]

To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.

How much leeway does the U.S. government have with the postal service to begin with? Are postcards considered "in plain sight" during transit, for instance? What about when they arrive? You have to open an envelope and pull the letter out to read it, but cops with a generic search warrant or who are invited in can almost certainly glance at the postcards you have taped to your fridge.

I think what Congress really needs to do is specify that sending things over the Internet is equivalent to broadcasting them with radio waves in terms of privacy; there is none. Encrypt, or suffer the consequences.

Re:too bad

[Krazy+Nemesis]

I beg to differ. I was a SAW gunner (essentially an M16 on crack) in the US Army infantry for a couple years, and the most efficient (i.e. cheap in terms of training, maintenance an operation) way of killing someone is to quickly throw as many bullets down-range as possible. An M16 (A1 or otherwise) would never cost anybody, but a fool, $20k -- even with the best of training included. If you're going for one shot one kill, however, your going to need the money for a decent 338 or 50cal rifle with at worst a 0.5MOA (I personally wouldn't go with less than .25) and a whole lot of sniper training, which would definitely cost upwards of $20k.

Re:too bad

[mcrbids]

One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter.

But how can this situation be likened to a car? Car analogies are always the best way to explain complicated things!

Re:too bad

[digitalchinky]

Domestically yes, though if you want to stick a load of electronics in your basement that can intercept 'foreign' communications, the laws are exactly the opposite to what you have said.

This is good for 3 letter agencies and those companies with a corporate espionage department, though not so good for people going overseas that want to call home to family and friends, discuss business deals, or anything that would be otherwise considered confidential and private on home soil.

Re:too bad

[pauljlucas]

I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.

No you don't. From here (among other places):

[I]n United States v. Smith, while conceding that nearly half of all American households use cordless telephones, the Fifth Circuit held that "pure radio communications" are not afforded the same Fourth Amendment protection as communications carried by land-based telephone lines because "broadcasting communications into the air by radio waves is more analogous to carrying on an oral communication in a loud [p138] voice or with a megaphone than it is to the privacy afforded by a wire."

Re:too bad

[Myopic]

Excellently argued. I hope courts follow your reasoning. Still, if applied to criminal law, that would make packet sniffers criminal tools, which I hope won't happen.

Re:too bad

[Myopic]

how the heck is that modded as a troll?

Re:too bad

[Myopic]

Not as hard as you think.

A postcard, or a plaintext email, is like the front seat of your car: you have very low expectation of privacy because it's in plain public sight. A cop who pulls you over for a minor infraction will see your drugs sitting in the passenger seat and ask you about them.

A sealed letter, or an encrypted email, is like the trunk of your car: you have a high expectation of privacy because it's hidden from sight and locked. A cop who pulls you over needs consent or probable cause to search there.

Re:too bad

[Khaed]

I will defer to an expert opinion. And thank you for your service.

However, for my use of a rifle, fully-auto isn't necessary. Not until paper targets and beer cans become sentient anyway...

Re:too bad

[The+One+and+Only]

Kind of like locksmithing tools, old credit cards, stethoscopes, Slim Jims, crowbars, and coat hangers are all criminal tools which are highly regulated?

Re:too bad

[The+One+and+Only]

If you're going for one shot one kill, however, your going to need the money for a decent 338 or 50cal rifle with at worst a 0.5MOA (I personally wouldn't go with less than .25) and a whole lot of sniper training, which would definitely cost upwards of $20k.

Yeah, if you're going at 1,000 yards or something. As a SAW gunner in the Army you may have never been trained to do this, but I (a civilian with extensive rifle practice) would have no trouble making a single lethal shot anywhere within 100 yards, and beyond that (I'd say up to 200-300 yards) is possible too. Hell, talk to any deer hunter. Just because the Army can afford bullets easier than it can afford training doesn't mean spray and pray is the most effective method.

Re:too bad

[number11]

A postcard, or a plaintext email, is like the front seat of your car: you have very low expectation of privacy because it's in plain public sight. A cop who pulls you over for a minor infraction will see your drugs sitting in the passenger seat and ask you about them.

So you're saying that if your ISP lets a cop root through all the user mail, maybe because he really needs to get that url so he can get some viagra, that if he accidently looks at your mail and sees something, he can take action. Somehow this seems like an implausible scenario. No, it's not "in plain public sight". The Electronic Communications Privacy Act makes that quite clear. I can't look over your way and just happen to see your email. Do ISPs let cops randomly paw through user mail in pursuit of "a minor infraction"? Well, aside from ATT, who apparently handed them the keys and said "take what you want".

Re:too bad

[hitmanWilly1337]

...M16 (which is not fully automatic by the way, and only fires 3-round bursts, unless modified or the A1 version...

Actually, the A3 went back to full auto. The A4 then went back to the 3-round. Offtopic, I know, but interesting nonetheless.

Re:too bad

[fucksl4shd0t]

Um, having never been in the army myself, I'll bite. You have to define "most effective". As the GP pointed out, unless you're trying to get 1 kill per bullet, it's a different situation entirely. If I were the one defining "most effective" in terms of fighting a battle and a war, I'd define it as "lowest cost in lives, lowest cost in money, victory is required". So without victory, your effectiveness is very poor, near 0. lowest cost in lives includes both sides, so you kill the minimum amount of enemies required to win the battle and sacrifice the minimum amount of friendlies.

That said, I once read somewhere that it takes $1 million to make a soldier in the Army. That's basic training, ship him to the front. I'm willing to wager that 1 million bullets comes out less than that price. So obviously it's cheaper in terms of money to use bullets rather than losing soldiers. That has the added and very important benefit of saving your own soldiers' lives, since lowest cost in lives is part of the definition.

Re:too bad

[Myopic]

I was thinking more of transmitting your email unencrypted over an unencrypted line, like sending email from free wifi in the park. Someone watching the bits go by will see your email. Searching your ISP email box doesn't follow the metaphor; that would definitely require a warrant. But on the other hand, having your email stored on a server is what gives you the expectation of privacy. That would be more like receiving a postcard in the mail, and then putting it in your filing cabinet. The police need the warrant to get into your filing cabinet, but if they see the postcard/email while its in the mail/flowing over a public line, then I can see that being reasonable.

Re:too bad

[The+One+and+Only]

There's a point where more training will make a soldier more effective, depending on your intended use for the soldier. Marines, as an example, are taught (and held to) better marksmanship than most soldiers, because Marines are supposed to be shock troops. It's possible that some parts of the Army do the same thing. It's not the clear distinction between "spray and pray" and "1,000 yard sniper" that SAW-man makes it out to be.

Re:too bad

[jb.cancer]

It's just a shame that the right decision comes down on the side of the spammer. if you accept that such rights do exist, then you also have to accept that they are applicable to all people. You can't selectively turn on/off rights, which would be as good as 'no rights'.

Re:too bad

[fucksl4shd0t]

A lot of that lack of clarity you're talking about depends on many external factors. The Army trains to fight in large groups against large groups, Marines train for different missions, and I'm sure we could argue all day long about how useful battlefield snipers are, shooting the heads of the snake and all. My only point was that in many cases, filling the air up with bullets meets the definition of effective that I gave. You are correct that good shooting, aiming for the ideal 1:1 shot:kill ratio will also meet the definition of effectiveness that I gave in many other cases. It's quite telling that the Army (and the Marines, etc) employ both "spray and pray" and snipers on the battlefield. :)

Re:too bad

[hcdejong]

Really people should have the same expectation of privacy in an email as they do with a postcard. None at all.

I encrypt my postcards, you insensitive clod!

Re:too bad

[DerekLyons]

Aha, but there you are wrong. If you send a postcard, you have very low expectation of privacy.

Actually - I have a very high expectation of privacy for that postcard. Why shouldn't I? It's not on public display and at no point in its transit from sender to recipient is it ever in a state where a casual member of the public can gain acess to it to read it.
 
In fact, it takes abnormal conditions (mailbox fails in some manner and the postcard ends up on the ground) or deliberate malfeasance (somone reaches into the mailbox or delivery vehicle) for it to become exposed to a third party. Furthermore, a letter in an envelope has exactly the same privacy failure modes with the trivial requirement of opening the envelople required.
 
 

Regular email as we mostly know it is like a postcard

Precisely - regular email cannot be acessed by a third party absent accident or malfeasance.
 
 

One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium.

This is precisely why your analogy fails - it's easy to sniff around if the person has privileged acess _or_ deliberately utilizes tools to perform the sniffing. Just like a physical letter (or postcard) it takes either a systematic failure or deliberate action to view the contents of an email, it is virtually impossible to do so casually.

Re:too bad

[Plutonite]

You are right, parent is mostly wrong. Just because people have become accustomed to relaxed attitudes towards things that are done via software does not mean they require less of an effort. In fact, the "effort" part can be taken out of this argument entirely due to difference between physical and informational domains. It is the intent that matters, and in both cases the intent is to infringe upon the privacy of information that is not intended for public use.

Re:too bad

[cbiltcliffe]

Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path.

Or someone using a hub, rather than a switch, or ARP poisoning, or a wireless network - encrypted or not - or any of various other ways to capture network traffic.

And it's not so much "casually observe email without explicitly trying" as it is "a conscious effort to troubleshoot a network issue that happens to casually observe email without explicitly trying."

Re:too bad

[cbiltcliffe]

Except for the fact that you cannot read someone's email as a routine matter of simly handling it, as in a mail carrier. It takes extraordinary effort to access/read someone's email, akin to steaming open an envelope.

Or, running a sniffer to troubleshoot a network issue? Which could have you, completely accidentally, with copies of hundreds of "private" emails. So are we going to have to get a warrant to fix our own networks, now? Or is it only the police that will need a warrant to fix their own?

Re:too bad

[Altus]

My understanding of the phrase "expectation of privacy" is that it means that any evidence that is collected via your packet sniffer would not be admissible in court unless it was obtained with a warrant. This doesn't make the tool illegal, or likely even illegal to use, just that it would not be admissible evidence.

If my reading of this is correct this is probably a good thing.

Re:too bad

[Vancorps]

Expectation of privacy != secure

Expectation of privacy really matters when the police are involved. Beyond that, replacing a switch with a hub isn't going to do anything but cause an outage, ARP poisoning is impossible unless you've compromised a router and wireless networks are only locally vulnerable. Capturing the traffic is an extreme circumstance and cannot be done unintentionally. Furthermore, the only time it can lawfully be captured is by a representative of the owner of the network or by law enforcement.

Again, it is possible to snoop on someone's email, however, it is highly unlikely that you will be able to accomplish it, in the event that you can you have already committed other crimes which will land you in prison for much longer than credit card fraud.

Re:too bad

[LWATCDR]

"Furthermore, the only time it can lawfully be captured is by a representative of the owner of the network"
But is that protected or will trouble shooting a network become a crime?

Re:too bad

[Vancorps]

Of course not, that has always been accepted given that virus and content filtering are both unchallenged in court and they both require administrative personnel to be able to open email. As long as there is a valid reason for the intrusion it will be accepted. That is at least my take on what this release says. You can't go into someone else's mailbox without a good reason which has always been common corporate policy.

I had this very conversation with my company's lawyer a few months ago because a certain manager was making the life miserable for one of the people under her. She was forcing her the person under her to stand up from her desk every so often so that the manager could sit down and look through her email to make sure she wasn't emailing anyone she shouldn't. I'm the only one in the company authorized to do so it was a clear violation of her privacy sine there was no cause for this action as all the evidence was showing that she was model employee.

Now if a circumstance comes where we suspect someone is sending out sensitive information then it's time for me to go to work and investigate. Personally I hate that part of my job because I tend to learn a lot more about a person than I want to know. I think it's the right policy though and I'm glad the law seems to support it.

Re:too bad

[number11]

The police need the warrant to get into your filing cabinet, but if they see the postcard/email while its in the mail/flowing over a public line, then I can see that being reasonable.

How is that part different from tapping your telephone?

Of course encrypted email is more secure, but that's a second (different) issue. The same would be true for mail, if the letter inside the envelope is encrypted. Where the postcard analogy falls down is that with email, there is almost no legitimate way anyone else will accidently see it (except admins doing maintenance.. and statistically the odds of that happening for any given piece of mail are very very low).

An analogy that is even less innately private is radio. Plaintext radio can be overheard by anyone who happens to be listening. Everybody (except for cellphone users) knows that. Yet one of the very first things you learn when you prepare for an FCC license exam is that a 1936 law prohibits you from divulging any private message you hear to anyone but the intended recipient. 72 years ago, they understood that privacy could be expected even though it was technically easy to listen in.

Re:too bad

[Dannon]

Okay, here goes: is your e-mail more like a convertible with the top down, or an SUV with tinted windows?

The answer is easy: doesn't matter, since you're posting on /., you probably won't be picking up chicks whatever you drive.

Re:too bad

[LWATCDR]

You have hit on a big grey area that worries me. If EVERYBODY knows and accepts that email is the the same as yelling at one another in a public street then they are less likely to make errors in judgment.
I hadn't thought about virus scanning as "reading" peoples emails but it really is. There are many maintenance issues that could involve seeing emails. Things like "expectations" of privacy will only stop law abiding people from doing their jobs. People that want to do it for unethical reasons will still do it.

Re:too bad

[Vancorps]

People that want to do it for unethical reasons will do it regardless of the law. Think the recent HP scandals.

You are right that it is indeed a big gray area. As more case law expands that will change. I think we're well into the reasonable expectation of privacy though. When I send an email I'm pretty certain that only the recipient is actually going to read it. If I start cursing or sending porn and a content filter catches because it's against company policy then I don't feel my privacy as been violated because the policy was stated ahead of time. If the policy is too draconian then you don't communicate with that person through email or be very careful about what you say.

The same goes for a phone conversation, if I call someone up and start speaking inappropriately or unprofessionally then there is a chance the call could be recorded or monitored and consequences as a result. Not a violation of privacy because the policy is stated ahead of time.

Re:too bad

[pthisis]

Kind of like locksmithing tools, old credit cards, stethoscopes, Slim Jims, crowbars, and coat hangers are all criminal tools which are highly regulated?

E.g. in California:

Every person having upon him or her in his or her possession a picklock, crow, keybit, crowbar, screwdriver, vice grip pliers, water-pump pliers, slidehammer, slim jim, tension bar, lock pick gun, tubular lock pick, floor-safe door puller, master key, or other instrument or tool with intent feloniously to break or enter into any building, railroad car, aircraft, or vessel, trailer coach, or vehicle as defined in the Vehicle Code, or who shall knowingly make or alter, or shall attempt to make or alter, any key or other instrument above named so that the same will fit or open the lock of a building, railroad car, aircraft, or vessel, trailer coach, or vehicle as defined in the Vehicle Code, without being requested so to do by some person having the right to open the same, or who shall make, alter, or repair any instrument or thing, knowing or having reason to believe that it is intended to be used in committing a misdemeanor or felony, is guilty of misdemeanor.

Note that courts have ruled that for primary-purpose tools like lock picks, pick guns, slim jims, door pullers, etc possession without mitigating circumstances (e.g. licensed locksmith with lock picks, slim jim at a towing company, etc) constitutes proof of intent, while with non-primary-purpose tools (screwdriver, crowbar, vice grips, etc) intent requires separate proof.

Re:too bad

[Myopic]

The police need the warrant to get into your filing cabinet, but if they see the postcard/email while its in the mail/flowing over a public line, then I can see that being reasonable.

How is that part different from tapping your telephone?

Of course encrypted email is more secure, but that's a second (different) issue. The same would be true for mail, if the letter inside the envelope is encrypted. Where the postcard analogy falls down is that with email, there is almost no legitimate way anyone else will accidently see it (except admins doing maintenance.. and statistically the odds of that happening for any given piece of mail are very very low).

An analogy that is even less innately private is radio. Plaintext radio can be overheard by anyone who happens to be listening. Everybody (except for cellphone users) knows that. Yet one of the very first things you learn when you prepare for an FCC license exam is that a 1936 law prohibits you from divulging any private message you hear to anyone but the intended recipient. 72 years ago, they understood that privacy could be expected even though it was technically easy to listen in. It is different than tapping your telephone. It's more like overhearing a phone conversation you're having in public. If you are talking about killing the president on your cell phone while standing near a police officer, then he will hear it, and rightly arrest you. If you are emailing about killing the president while a police officer is watching bits go by in the air (which is not anything like a wire tap), then that officer will rightly arrest you.

Re:too bad

[The+One+and+Only]

By that standard, an admin would have a mitigating circumstance to own packet sniffing tools. Packet sniffers, at worst, would end up in a quasi-legal situation. Since distribution would be unstoppable, you could only be convicted of owning something like that for nefarious purposes if you indeed did get caught possessing it--kind of like how if you're a suspected car burglar and the police find a slim jim in your house, you're in trouble, but if you just keep a slim jim in your house without anyone ever being the wiser, Bob's your uncle.

Re:too bad

[number11]

If you are emailing about killing the president while a police officer is watching bits go by in the air (which is not anything like a wire tap), then that officer will rightly arrest you.

You seem to be narrowing the case from general email snooping, to snooping email by sniffing radio traffic.

I must disagree. Monitoring the bitstream is very much like tapping a party-line telephone (or listening to all the calls on your party line with your hand over the mouthpiece). I believe that US law supports this view. I don't see any difference between the cases where the bitstream is carried by radio, wire, or fiber, except that in the case of radio, you can do the tap without a physical connection.

In any case, snooping email is not normally done by monitoring the bitstream. It is done by examining stored copies of the email. And we seem to agree that a court order should be required to do that.

Good News / Bad News?

Good News: More privacy is good. Maybe this'll help convince people that the warantless wiretapping of the entire internet is not legal, even though there's a lawsuit going on that pretty much indicates that they're already doing it.

Bad News: We have to put up with that damn commercial for a bit longer. Pity. I'm sure the Enzyte guy wouldn't be smiling for long once he discovered how many of the guys in there were fans of his.

Great!

[Colin+Smith]

Now we don't have to encrypt our emails!

Re:Great!

[grassy_knoll]

Since this case talked about the expectation of privacy, they likely mean a common person's expectation.

However, if someone knew about the open nature of the SMTP / POP3 / IMAP protocols and didn't use encryption, I wonder if the courts would find that the smarter user did not have an expectation of privacy.

Re:Well...

Who initiated the fraud investigation? Pfizer?

Patriot act

[CaptainPatent]

While this does not deal specifically with the patriot act, this will hopefully help set a precedent that a lot of the rights we "gave up" with respect to wiretapping in the patriot act will not be tolerated.

Re:Patriot act

[Myopic]

i hope so too.
but i doubt it.

Re:Patriot act

I don't know about any of you, but I didn't give up those rights. I don't care what some obvious anti-constitution act says. If it's unconstitutional, it's not a law, or an act, that can be truly lawfully upheld. The idiocy here is that the American people are letting it slide. Personally, I won't, regardless of the consequences. I've been fired due to... disagreements over what my rights really are, and I'm willing to lose a lot more to ensure that my family has a true future, all rights intact.

wrong title

it should be "Expectation of Privacy enhanced to email"

On a side note...

It would be funny if the prosecution makes him show his penis to the jury. The whole "I am not only the president of the company; I am a client as well" thing.

Enzyte verdict

[Lurker2288]

Boy, I'm glad that's settled. Now I can get back to livin' free and steppin' easy.

wording

[Lord+Ender]

In a 6th circuit court decision today 4th amendment expectation of privacy rights were extended to email.

Privacy rights are not the only things they extended. ...sorry.

Re:wording

[Stanistani]

The wikipedia article on Enzyte falls under the category: sex stubs :)

Re:wording

People are missing the point here. There are two basic ways for the government to get information ... a subpoena and a search warrant. The government can use a subpoena to force a third party to give to them something you disclosed to that third party. A subpoena is easier for the government to do, and does not involve a judge reviewing it in most cases (unless the party served with the subpoena complains). OTOH, something a third party POSSESSES but that was not DISCLOSED to them, requires a search warrant. A warrant requires a judge and a higher standard of proof that something illegal is really going on, called "probable cause."

When you send a letter to me, a subpoena can force me to give it to the government. When you hand me a sealed letter for me to deliver to someone else, a subpoena can NOT be used to get the contents of the letter, a search warrant is needed. This case said that e-mail is to be treated as the latter (need a warrant), and not the former (can use a mere subpoena) unless the user has agreed in the TOS to let the ISP read his e-mails.

The real hot item here is that the statute was declared unconstitutional and voided in certain applications. That is much bigger news.

How is email privacy currently violated?

[UbuntuDupe]

I've long had this idea that someone should send national-security-related incriminating emails to a group of "co-conspirators". It would be something that the government would definitely want to stop if they knew about, like a planned assassination, but it would all be fake, yet look real enough. That would let you know if the government's already reading them.

(You'd want to document this with several third-parties first, of course, in case you get arrested.)

Anyone ever explored this?

Re:How is email privacy currently violated?

Be careful: under some circumstances, threatening to assassinate someone is a crime in and of itself, even if you don't intend to carry it out.

Re:How is email privacy currently violated?

It's impossible, legally and physically, to monitor all email. When the FBI gets a warrant to search email or tap traffic, they have to install a device at the ISP's POP. So no, your domestic email isn't read at all unless they already have a warrant allowing them to read your email. I have no idea if they check all of the email heading overseas; that would be easier legally and electronically, but it's still an incredible amount of data.

Either way, they don't pick people up for one email message. They have to have enough evidence to convict in order to arrest someone for terrorism or supporting terrorism. This is why terrorism cases take so long and rarely finish prosecution; the mountain of evidence required by federal courts is incredible.

So, your test will generate a negative, and you have no control to determine whether or not it's a false negative. Unless they have physical evidence, they're not going to arrest you, and you're not going to know what level of surveilance they're putting on you.

Re:How is email privacy currently violated?

[Dan+Ost]

Robert Anton Wilson wrote a short little thing in his Schoedinger's Cat trilogy about stenciling "Cocaine Importers, LTD" or something similar on the side of a delivery van and seeing how the cops respond. It was amusing.

Re:How is email privacy currently violated?

[richard.cs]

That story makes me think of Marc Emery - he's been putting "Marijuana seed vendor" on his tax returns for years (This is in Canada where it's technically illegal but rarely enforced). Unfortunatly the US authorities are currently trying to get him extridited.

Re:How is email privacy currently violated?

[mattpalmer1086]

You can safely assume that they are already reading them; no need to incriminate yourself to prove that.

Re:How is email privacy currently violated?

[ImaLamer]

Somewhat.

I posted a bunch of messages to usenet, emailed them to myself and even posted a sample here that contained hate speech, random government acronyms (NSA to ATF to USDA), JFK, MLK, a mention of Aaron Burr, and random digits (binary lines, hex lines and a few decimal lines).

Oh, and words like assassinate, explosion, what have you. More or less the message looked like jibberish, but had a somewhat bogus PGP signature (I really signed it, just with an alias e-mail and name).

Nothing ever happened, but then again I've not tried to fly... so I don't know for sure.

I can't seem to find it on USENET, or even here, but I know people here copied it and used it.

Re:How is email privacy currently violated?

[Pig+Hogger]

I've long had this idea that someone should send national-security-related incriminating emails to a group of "co-conspirators". It would be something that the government would definitely want to stop if they knew about, like a planned assassination, but it would all be fake, yet look real enough.

Tell that to the two clowns who simulated a terrorist attack in Montréal, some months ago, and who are now rotting in jail, charged with the crime of simulating terrorism...

Re:How is email privacy currently violated?

[Pig+Hogger]

I heard about someone who puts an extra custom header in his USENET posts which contains the string "when he was a kid, the president of the United Cigar Stores used to throw water bombs at anthills to kill time".

Does anyone else see this as a bad thing?

[mark-t]

I mean, sure... it gives you leverage to make sure your privacy isn't infringed upon by government agencies, but don't you think it could create the expectation that internet communications services are _required_ at all times to encrypt communications, even when the sender might have wanted to use more open and readable formats (and possibly not necessarily agreed to be so open by one of the recipients)?

Re:Does anyone else see this as a bad thing?

[DragonWriter]

I mean, sure... it gives you leverage to make sure your privacy isn't infringed upon by government agencies, but don't you think it could create the expectation that internet communications services are _required_ at all times to encrypt communications, even when the sender might have wanted to use more open and readable formats (and possibly not necessarily agreed to be so open by one of the recipients)?

Did similar past decisions regarding public phones and postal mail compel telecoms and the USPS to encrpyt all telephone transmissions and letters?

Re:Does anyone else see this as a bad thing?

[SeeManRun]

I don't see how you can see this as bad. Now maybe you can't get fired for sending your lusty emails to your girlfriend at work, which is a good thing in my opinion (doesn't stop them from realizing you are a terrible employee however...)

Re:Does anyone else see this as a bad thing?

[Actually,+I+do+RTFA]

Extending 4th amendment privacy rights to e-mail has nothing to do with your employer. It only restricts government action.

It's about time

[TFGeditor]

"In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email."

Finally, we are getting some rights restored/extended rather than taken/curtailed.

Re:It's about time

[spikedvodka]

What I want to know though is: How does this jive with AUPs that explicitly state "There is no expectation of Privacy"? and specifically, with respect to private employers, and public sector employers?

Also, how does this work with State requirements that we (as a company) keep copies of everything sent over e-mail?

Re:It's about time

[Lockejaw]

I imagine they'll come up with something declaring employees to be acting agents of their employers when they send business-related emails.

Re:It's about time

[duranaki]

In order to avoid confusion, the U.S. postal service must now open, photocopy/archive, and reseal every snail mail correspondence. But other government agencies will still need a court order to read the photocopies.

Re:It's about time

[Knara]

It doesn't, because the 4th amendment protection against unreasonable search and seizure restricts government actions not the actions of private individuals.

IANAL.

Re:It's about time

[whoever57]

In order to avoid confusion, the U.S. postal service must now open, photocopy/archive, and reseal every snail mail correspondence.

I think that they do that already to my post; well, except for the resealing part.

Re:It's about time

[spikedvodka]

Hence the second part of the "how will this effect" question: public sector, where the employer is the government? (I.E. IRS, FBI, State government, public School districts, Municipal Employees, etc.)

Re:It's about time

[Catbeller]

businesses are creatures of the government, and are subject to laws made by the government.

Re:It's about time

[Knara]

While IANAL, that statement betrays a simplistic (and probably incorrect) view of how laws apply differently to government and private enterprises.

That's dangerous.

[FatSean]

When the president can declare you an 'enemy combatant' and strip you of your rights....I wouldn't be counting on third-parties to keep me off the waterboards in Gitmo! Yeah...not in the current political climate.

Re:That's dangerous.

[Lockejaw]

Yeah, really. What are these third parties going to do? Testify in court? *laugh*

Password-protected

[bar-agent]

Even more so, any password-protected account should give an expectation of privacy. The only people seeing those things should be you, and whoever you've got the account with, for their own purposes only and they shouldn't give access to anyone else.

That's the whole point of passwords! I'd say that's a pretty straightforward expectation.

Courts are irresponsible

The court's opinion is blatantly obvious to anyone on Slashdot:

"In considering the factors for a preliminary injunction, the district court reasoned that e-mails held by an ISP were roughly analogous to sealed letters, in which the sender maintains an expectation of privacy. This privacy interest requires that law enforcement officials warrant, based on a showing of probable cause, as a prerequisite to a search of the e-mails."

Yet the courts took 20 years to figure this out. People seem to accept it -- that's just 'the way it works' -- but it's a travesty, and an injustice to 20 years of defendants. The Judiciary is responsible for delivering justice, yet all they deliver is process. If their process doesn't work -- for 20 years -- to hell with justice for all the people that are screwed in the meantime; we'll get it right eventually. They're like the most incompetent, hide-bound business, delivering nothing profitable, committed not to outcomes but to long-established procedures.

If I took 20 years to adjust to some change in IT and deliver on my responsibilities, I'd have been fired 19 years 6 months ago. There is no accountability for the Judiciary -- I suppose that's intended, to preserve its independence -- but what frustrates me most is that the Judiciary takes no responsibility on its own, and that people are blind to it and just accept it, like Windoze users who just accept whatever was given them.

Re:Courts are irresponsible

[Chris+Burke]

Well remember that the courts can only decide issues that are placed before them. If this issue hasn't come up before, then there would have been no chance for them to explicitly state that email also falls under the 4th Ammendment. I'm not sure that's true, but in my memory most of the cases involving email as evidence those emails were obtained through a warrant and thus in those cases at least no 4th Ammendment issue arose to be ruled on.

You could call it a problem with the system that technically it is the Judiciary that decides what the law actually means, but they are only able to make that decision after a conflict has arisen and been brought before the court, and in the meantime you're basically guessing. Yet based on the precedents of postal service and telephone it should be fairly obvious that the 4th Ammendment applies to email. Also based on the fact that law enforcement generally gets warrants to recover email, I'd say they generally assume the 4th applies as well.

So when someone decides the opposite, and the issue comes before the court, the court rules on it and now we have a clear precedent of what before was merely assumed: Email is protected under the 4th Ammendment.

Re:Courts are irresponsible

I'm going to make a huge, huge, gigantic leap here and come to a conclusion that is way out there.

This is the doing of Ron Paul. --- not trying to make this overtly political, please just read the reasoning.

Many people see things that they don't like or don't agree with, but they state something along the lines of "that's the way it is", or "nothing we can do about it". Pretty much everyone in this country (USA) has that opinion on something.

Along comes this Congressman from Texas. He has been doing his thing for a long, long time. His thing is looking at items and viewing them from a Constitutional point of view. Many things in this Country are not very Constitutional. And many things need to be changed to a more Constitutionally viewed aspect. The problem is it takes people either an epiphany of insight, or it takes an epiphany of learning. An epiphany of learning comes from hearing the viewpoint of someone else and altering their own viewpoint based upon their new knowledge.

There are many people in this country who view things Constitutionally. However, Ron Paul has a stage to make his case. Just by being in the Republican debates he is influencing people. He is sparking interest. Whether someone likes him or not, quite a few are seeking answers and enlightening themselves with new knowledge. So by him gaining a public presence and having a stage to present on (the debates) he has changed the way people think.

So my jump to this conclusion in relation to this issue, is that maybe, just maybe, someone looked at what was going on around them and realized that the correct Constitutional view was extremely obvious. And being a judge, you need to look at the current law, and also at what gives that law backing, which is The Constitution.

Or maybe this went in front of a judge/s that had been this way all along.

Thank you for reading my post.

Re:Courts are irresponsible

[jluckyiv]

Your comment is irresponsible. If you read the case--and there was a link--you would find that it didn't take the courts 20 years to figure this out. There was a statute in place since 1985 that protected e-mails from government intrusion without a warrant. The reason that this issue took 32 years to arise is that almost every law enforcement agency in the country follows the law and gets a warrant before searching an ISP for e-mail. Perhaps you should "take some responsibility" and instead of "blindly" casting stones at the judiciary and other people, read the source, find out what it means, and make a meaningful comment. Try reading. It's fundamental.

Re:Courts are irresponsible

[The+One+and+Only]

Not only is this view wrong (for reasons that others have adequately pointed out), it's dangerous, because a quickly-moving justice system would rule without deliberation or thought, based primarily on whim, and with none of the stability afforded by the system as it is now. The only thing that's accomplished by weakening the judiciary is tyranny of the majority, or of a minority who momentary got majority support during the right month of the year. Not that there aren't judicial reforms to be sought out, but this view leads directly to tyranny.

Telegraphs are the most analogous

[ahbi]

Whatever the law is for telegraphs should be the law for emails.
It is basically the same things 1s & 0s (long & short dashes) transmitted over copper wires (or fiber now a days) relayed by a machine or person (depending on the tech).
And even when relayed by a machine the Admin of the machine can read any email on the server. Email passes through multiple servers, at least the sending SMTP and the receiving POP/IMAP machines. I have no control over my ISP's POP server or the Admin thereof.

I assume there was no expectation of privacy in a telegraph and there should be none in an email. It would be nice, but it ain't how it works.

And now for some commentary from a real lawyer.
http://volokh.com/archives/archive_2007_06_17-2007 _06_23.shtml#1182181742

[Orin Kerr, June 18, 2007 at 11:49am] Trackbacks
Sixth Circuit Blockbuster on E-Mail Privacy: In an earlier blog post on a pending case in the Sixth Circuit, Warshak v. United States, I figured there was no way the court would get to the merits of the Fourth Amendment issue lurking in the case: there were no facts yet and no decided statutory law, and surely the panel wouldn't be so reckless as to presumptively strike down a federal statute in the absence of facts or law given the procedural problems with the case. I had a funny feeling things would turn out differently when I learned who was on the panel, though, and that funny feeling turned out to be justified: the panel just issued a blockbuster decision that tries to answer how the Fourth Amendment applies to e-mail (all without any facts, amazingly) based on arguments from amicus briefs that the government didn't address all in the context of an appeal from a preliminary injunction. Wow. More on the decision later today.

    UPDATE: Here's the key part of the opinion:

[Start Quote]
        [W]e have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP. The content of e-mail is something that the user "seeks to preserve as private," and therefore "may be constitutionally protected." Katz, 389 U.S. at 351. It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past. See Katz, 389 U.S. at 352 ("To read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.")
[End Quote]

Notably, the court's Fourth Amendent analysis combines aspects of the probabilistic, private facts, positive law and policy model (the above-quoted section being from the policy model section).

Re:Telegraphs are the most analogous

[Chris+Burke]

I assume there was no expectation of privacy in a telegraph and there should be none in an email. It would be nice, but it ain't how it works.

Why do you assume that?

Granted, by the nature of the telegraph, you had to have an operator on each end to transmit/transcribe your message. With the exception of that pair of people, why would anyone expect that their message is not private? Certainly with regards to law enforcement -- I would assume there was an expectation that the telegraph operator would not hand your missive directly over to a law enforcement officer unless that officer had a warrant, and similarly an expectation that the nobody including the police would tap the transmission line and listen in on your message.

If there was a version of the telegraph which required no operators, then there would be no reason not to expect complete privacy.

But why pick the telegraph which has an obvious privacy-related flaw when we also have the example of the telephone? This is more apt because it does not have the same flaw as the telegraph, and because these days the machinery for transmitting voice data and email data is the same. Also it serves a similar function in that it's intended as a person-to-person form of communication. Do we have an expectation of privacy in phone calls as a matter of law? Yes! So should we with e-mail? Yes!

And you have that same "expectation of privacy" even if you are using an old-school easy-as-piss to overhear cordless phone. Just because it's easy to violate your privacy does not mean it is okay for people to do so. Just like when you send a postcard you have the same expectation. Sure, someone might read it, that's a practical reality. But as a legal reality neither police officers nor private detectives are allowed to pluck postcards from your mailbox and read them.

Mail and phone both have expectations of privacy, why should not email?

Re:Telegraphs are the most analogous

But why pick the telegraph which has an obvious privacy-related flaw when we also have the example of the telephone?
You want to use an analogy that helps your cause. Human nature, but not correct.

Telegraph & eMail: Digital binary
Telephone: Analog

Telegraph & eMail: Non-real-time delayed communication
Telephone: Real time instantaneous communication

Telegraph & eMail: Text based (even text based with attachments as those of us who got the occasional garbled 5Mb text message instead of a Word document can attest)
Telephone: Audio only

Telegraph & eMail: Relayed communication using copies
Telephone: Switched communication no copies saved even temporarily

and the list goes on.

Re:Telegraphs are the most analogous

[Chris+Burke]

Telephone: Analog

Not anymore. Your landline is only analog to the phone station, and if you use a modern cell phone it's never analog at all.

Telephone: Real time instantaneous communication

Real-time yes, instantaneous no. Not necessarily any faster than email.

Telephone: Audio only

Not since the first modem. We use bits to represent audio, and audio to represent bits.

Telephone: Switched communication no copies saved even temporarily

Not anymore. They use a "virtual circuit" to make it look like an old-school switched network, but it is not anymore. And the packets that make up your phone conversation absolutely have temporary copies made.

and the list goes on.

Does it eventually get to something that is actually relevent? Nothing here changes the 4th Ammendment implications one iota. I don't really care which one you analogize email to as long as you make it clear what that means for privacy, and how the analogy is incomplete relative to privacy and the 4th Ammendment.

The only thing that affects the telegraph is the necessity of two people reading your message. Analogize email to telegraphs all you want as long as you make it clear that particular aspect does not apply to any other technology. None of phones, email, nor regular snail-mail have such a requirement, and all are protected under the 4th Ammendment.

Besides, the GP was assuming the 4th Ammendment didn't apply to telegraphs, which I find highly dubious. But we know it applies to mail and telephone, and email is basically the combination of those two technologies.

Re:Telegraphs are the most analogous

[Tiro]

But telegraph communications are protected by statue just as telephone calls are.

Re:Telegraphs are the most analogous

[Pig+Hogger]

But why pick the telegraph which has an obvious privacy-related flaw when we also have the example of the telephone?

Did anyone else had a flash of the old Apple commercial where hundreds of people are trying to learn morse code, and then someone comes running in with a telephone...

Re:Telegraphs are the most analogous

We have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP

All this ranting about analog versus digital, but would you seriously have a problem with it if the court had opined "We have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in mails that are stored with, or sent or received through, a post office"? Is the fact that your letter is no longer stuck on a sheet of paper significant enough to not afford it the same protections that were granted to paper letters (and yes, even telegraphs, which were tapped regularly during the Civil War, but were ultimately granted the same protection later)?

I wonder what "facts" this volokh conspiracy author thought the court should wait for. Has our country fallen so far that we have to wait until the cart, the goods, and the rider have all fallen by the wayside before we declare that the horse is indeed lame?

Re:Telegraphs are the most analogous

[fucksl4shd0t]

19th century writers (and early 20th) such as Jules Vernes and Edgar Rice Burroughs at least expressed the feeling that telegraph communications were considered private. Granted, that's not anywhere near a SCOTUS citation, but whatever the law said, chances are the people expected privacy, and telegraph workers were bonded.

Re:Telegraphs are the most analogous

Do we have an expectation of privacy in phone calls as a matter of law? Yes! So should we with e-mail? Yes!

Not to be a Grammar Nazi, but you seem to have made an error in the tense of your statement, there. I believe that it should read:

Did we have an expectation of privacy in phone calls as a matter of law? Yes! So should we [have it] with e-mail? Yes!

Then, again... perhaps you live in a different society?

Re:Telegraphs are the most analogous

You may not be aware of this, but in the telegraph era, many businesspeople used "commercial codes". They were aware that privacy was not a real-world expectation. I make no claim about the legal issue - the legal fiction, if you will - I say, if you absolutely. positively need it to be private - encrypt it.

Enzyte Why?

[End+Program]

I guess you would be celebrating today if you are a privacy advocate. However, I'm not sure who you can assume any of your online messages are safe from prying eyes after traveling through "a series of tubes".

Just a side note here, I never understood how Enzyte ever got that big. How could you look at the TV ad and not conclude it was anything but a charade?

"So, Lone Star, now you see that evil will always triumph because good is dumb." - Dark Helmet

Re:Enzyte Why?

Hey, Beavis- that guy is smiling because he has a stiffie..huh-huh huh-huh huh-huh.

Re:Enzyte Why?

[OldManAndTheC++]

I never understood how Enzyte ever got that big

Apparently they use their own product ...

Re:Enzyte Why?

[The+Master+Control+P]

For the same reason that I would assume my dead-tree mail to be safe from prying eyes despite travelling in clear-text through a series of mail handling offices and mailmen. My mail is written, then enclosed in a container explicitly stating who is supposed to receive/read it. No one else is supposed to read it, despite the fact that it is usually trivially easy to do. Likewise, email is written and enclosed in an SMTP encapsulation that explicitly delimits who is meant to receive/read it. No one without legitimate access (Which, as with DTF mail, includes the government with a warrant) to the sending or receiving accounts is supposed to read it.

It is, of course, even easier to read e-mail than normal mail. What's important is that the proper regulations be applied to government. Although it's also possible for other people to read your mail, if they act on what's contained (e.g. identity theft) it's already criminal. The government is not so good at policing itself however, hence this ruling.

Re:enzyte commercials

This one;

http://www.youtube.com/watch?v=mS9xwV2qaBg

My T-shirt

[Nonillion]

So, I guess it won't be such a good idea to wear my i read your e-mail T-shirt at work anymore...

Re:My T-shirt

I've a friend who works at an ISP - on their mail servers. He wears it, every now and then. He finds it funny... I think.

Re:My T-shirt

[zolaar]

Only if everyone at work refers to you as "Lieutennant" or "Mr. Assistant District Attourney" or something.

Otherwise you should be good to go.

Re:Well...

[iknownuttin]

Inmate "Smiling" Bob will be "male enhancing" his cornhole.

you know, when I first saw those ads, I thought they were some promo for a new comedy show or something. But as time went on, it became apparent that they were actually selling a "product". Those ads are so over the top ludicrous, I don't know whether to be amused at that company's boldness to sell such a product or pity the folks who buy it thinking it will work. Then again, there may be folks who buy it for a joke or as a gag gift for someone else - that's the only reason that I think of where I would actually buy it.

Not too bad!

[FuzzyDaddy]

It's just a shame that the right decision comes down on the side of the spammer.

This is often the case - think of all the free speech cases involving Nazis and white supremicists in this country. It has a good side - it reassures us in the rule of law. If these rights apply to an alleged spammer, then we can be assured that they apply to everyone.

So hold up a beer for this guy, who has accidently helped further all of our rights. And let's hope the police get a proper search warrant and put him away for a good, long time.

This isn't much to get excited about

[TubeSteak]

http://www.uscourts.gov/courtlinks/
The 6th Circuit Court encompasses Kentucky, Michigan, Ohio and Tennessee

The other circuits may look at this decision as part of their deliberations,
but it isn't binding anywhere except those four states.

Let me know when it
A) gets to the Supreme Court or
B) becomes Federal Law
then I'll get excited

Re:This isn't much to get excited about

[Constantine+XVI]

Well, since I live in one of those four states, I'm pretty damn excited anyways

Re:This isn't much to get excited about

[Knara]

IANAL, but I seem to recall that courts across the US tend to use federal appeals courts decisions in other circuits in their rulings, since a precedent is a precedent. I suspect there are a great many issues that have been effectively decided for all practical purposes on a nation-wide by having appellate courts issue a decision and then later being cited that never make it to the supreme court.

Re:This isn't much to get excited about

If the other circuit courts follow this decision (likely), then it will never reach the Supreme Court.

About Fucking Time

[logicnazi]

I mean this as a comment on the legal standard not just the good consequences of such a ruling. It's pretty clear that most people really do have an expectation of privacy in email they send from home (work is another matter). An average person would be both shocked and horrified to learn that someone else was reading their email and would feel it was an invasion of their privacy. Most certainly the average person does not have the same attitude toward email stored on their ISP's servers as they do to other buisness records, e.g., the time of their purchase of a magazine at the store.

Re:Well...

[MontyApollo]

"Gag" gift...

Re:Well...

[iknownuttin]

Me: *Coughs and looks away sheepishly...*

Quit giving them credibility.

"Male enhancement" is a term used to scam people. When normal people actually use the con artists own terms, they help make it seem legitimate, and thus make it easier for them to defraud more people.

Gag gift at the office Christmas party.

I never understood how Enzyte ever got that big. How could you look at the TV ad and not conclude it was anything but a charade?

A package of Enzyte makes one hell of a gag gift at the office Christmas party where all the gifts are anonymous and everybody has to select one at random from under the tree, or steal one from a co-worker that's already opened theirs.

No teeth?

[ardent99]

A federal appeals court on Monday ruled that e-mail users have privacy rights that prohibit federal agencies from conducting warrantless searches of electronic correspondence during investigations

the district court reasoned that e-mails held by an ISP were roughly analogous to sealed letters

While it would be great to afford e-mail the same privacy protections as sealed letters, there seems to be a corner case here that would make this difficult: (1) the ruling seems to apply only to the federal government, and (2) unlike regular mail, email is not handled by the federal government, or even by a single entity that could be held to the same standard (like, for example, fedex, in the case of physical mail).

So given that e-mail is typically unsealed, and potentially flows through numerous independent, non-federal agencies, how would one enforce this ruling? Wouldn't it be legal for a private ISP (non-federal) to look at your e-mail and then give its findings to the government? After all, you gave your email to the private party, so they haven't taken it from you without your permission, and being private, they are not bound by the ruling.

In civil cases, all your email is discoverabable

[Christoph]

A magistrate judge ordered me to turn over all email requested by the other side in a federal civil lawsuit. This included email to my parents and my wife which discussed my feelings about the case, possible legal strategy, family member's health, etc.

I have come to understand that, in a civil case anyway, anything you document is discoverable (with the exception of communication between youself and an attorney and youself and an expert witness). I argued that the email was not relevant, but the courts are usually inclined to allow the other side to see it and decide for themselves. The other side got to pour over 500+ emails that have absolutely no relevant information.

details are here:vilana financial

Re:Well...

[SydShamino]

Somehow Spencer's manages to stay in business as a chain, so there must be quite a market for gag gifts...

Re:Well...

[scumdamn]

Best two word comment ever. Best comment to directly quote a parent ever. We need Slashdot awards.

Oh no. He's never going away now is he?

OMG this means Smiling Bob will be a folk hero and never go away! (thanks bob!)

<Runs and Hides>

No legal expectation of privacy

[PurifyYourMind]

I could be wrong, but I think the 4th amendment only covers the specific case of searches and seizures by the government. To construe it as an amendment protecting our privacy in general is wrong.

Re:No legal expectation of privacy

[Oswald]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There. No need to guess what it says, only what it means. In this case, I think "papers and effects" might cover email, given when the document was written.

Email != postcard

It's preposterous to think that email is equivalent to a postcard, simply because it can be snatched seemingly from thin air by an enterprising computer user. Similarly, early cellphones and especially wireless phones were vulnerable to cheap receivers, but that didn't allow law enforcement the ability to sit on every other block with scanners in the 900 band. Simply because the information is transmitted publicly does not mean the information is public. Furthermore, phone calls could be intercepted in a variety of ways, encrypted or not, because they travel through systems owned by more than one company or individual.

Finally, to the "it's a telegraph and those aren't protected!!!" poster, do a little research and save us the trouble:

http://links.jstor.org/sici?sici=0026-2234(193706) 35%3A8%3C1383%3ACLUSAS%3E2.0.CO%3B2-7

It's not the information is easily intercepted, it's whether or not the communication itself carries a reasonable expectation of privacy. Get into JSTOR, read the article, and you'll see the court reversed it's decision.

You'll never see court.

[FatSean]

Once the Prez accuses you of being an 'enemy combatant', you lose your right to a trial! Pretty scary, eh?

having worked with telegraph

There can't be too many Slashdot readers who have worked in the telegraph business. In the later days it wasn't done with a morse key and sounder anymore, teletype machines were used. There was still of course the need for the operator to read the message so it could be typed in,a nd the send end had to take the tape off the receiving end and stick it to the form for sending to the customer. This was not the USA, but anyway, privacy was quite strictly enforced and divulging the contents of the telegram would have been a firing offence with probalby other liabilities as well. As the boy on a bicycle delivering the sealed envelope, I did not generally know what the telegram was about. I do not know what would have been required for a police officer to see one, but would expect that a warrant would have been required, and I would be surprised if something like that did not apply in the USA.

Of course, since people routinely do see the contents, and since the law usually permits people to report illegal activities they come across, it would not be a good idea to put questionable stuff into a telegram. Same as if a post officer delivering mail to your door happens to see a body through the window and reports it...that is not illegal search and seizure.

Reminder: Donate to the EFF

[MobyDisk]

Just another reminder to geeks with bucks, please donate to The EFF who filed am amicus brief on this subject. This group does a great job of educating these judges, and without them the government would likely stomp all over the constitution without opposition.

Re:Reminder: Donate to the EFF

[NewYorkCountryLawyer]

Just another reminder to geeks with bucks, please donate to The EFF who filed am amicus brief on this subject. This group does a great job of educating these judges, and without them the government would likely stomp all over the constitution without opposition. I second that e-motion.

2 cents

[caller9]

If you're company comes out and tells you that you have no expectation of privacy while using their systems and you agree to that, especially if it is every time you login, you're hosed. Probably works equally well if it's buried in a document you haven't seen, but have access to if you go looking for it. Either way anything you do with company property has no expectation of privacy.

Totally irrelevant to the topic at hand: can the feds wiretap you without a warrant? Answer: No. Thankfully the court upheld this seemingly obvious fact. The communication was intended to be one to one or one to many, but not broadcast or posted in a public forum. SMTP was designed to deliver messages to one or many people but nobody that wasn't specified in the recipient list. Just like snail mail. Unless they wield the almighty Patriot Act, in which case they've just wiped their ass with the constitution and you're probably already screwed...assuming you can't prove your innocence...because you're assumed guilty.

Congrats on the justice system this time. Can't believe it was appealed in the first place. Sucks that it is protecting a loser. Should've got a warrant the first time.

Hey--Smiling Bob...

[avtchillsboro]

What the hell is "male enhancement" anyway? Couldn't be "wood"--Viagra & Levitra have that covered. If it was "honky horniness", wouldn't it make marketing sense to call it something that sounds like Spanish Fly--like Andalusian LooSIAm, or Catalan Can-DoItToIt?

Hmmm

If person A sends a letter to person B through USPS and I, person C, open it and read it...it's a federal offense, right?
What if it were UPS? I don't think it would be a federal offense, but the other persons would definitely have grounds for a law-suit. I violated their privacy. In either case, the government should have to have a warrant to do the same thing, so i think i agree with this decision.
But what if person A uses his/her employer's email systems to send both work-related and personal email. Both types of email are inter-mingled in the email stores. Now, person A quits or is fired for some reason. The new replacement, person C, needs access to person A's email store because it contains data that is vital to the performance of duties of the position. Is this a violation of privacy? Would person A have grounds to sue? What if the employer was a government agency or government-funded institution like a University?

Re:Hmmm

[earlymon]

Would you sue someone for overhearing a personal phone call while at work?

One of my employers introduced email to staff with a written policy including the following statement:

Your email should be considered as a resource equivalent to your telephone. We allow personal calls, within reason, during working hours; so, like the telephone, we allow personal emails, within reason. Just as personal conversations may be overheard by coworkers, so it may be with email, due to system administration and so forth. Therefore, keep the contents of your personal email at the same level as that you would have in a telephone conversation with a coworker standing nearby. I for one found it enlightening and have encouraged this viewpoint ever since.

As to metaphors of email, I subscribe to the one posted earlier that it should be treated as a phone call would be for wiretap purposes. Essentially the same carrier medium, with the same broad capabilities. That one is half-duplex is about all I can see of difference between the two. Both require specialized machinery in order to convert the electronic signal back into a human-understandable form; both can be intercepted and understood with the right technical ledgergermain.

I wonder if any of this shearing would have occurred if the progenitors had named it text-talk, text-phone or some such instead of electronic mail.

Gimp vs Photoshop!

"buy gimp mask"

Photoshop! Uh, no, wait, wrong context.

Golly!

[Impy+the+Impiuos+Imp]

Some chemical you never heard of that is not a drug and gives you a boner but hasn't been tested to prove it, unlike Viagra and Cialis?

I find it hard to believe someone would make that up just to earn a quick buck.