Slashdot Mirror

← Back to Stories (view on slashdot.org)

Expectation of Privacy Extended to Email

Posted by ScuttleMonkey on from the making-it-harder-to-snoop dept.

An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"

5 of 161 comments (clear)

  1. too bad by mchale · · Score: 5, Insightful

    I agree wholeheartedly with the court's findings -- people have an expectation of privacy when sending (hardcopy) written correspondence, and it makes sense to extend that privelege to the digital realm as well.

    It's just a shame that the right decision comes down on the side of the spammer.

    1. Re:too bad by DragonWriter · · Score: 5, Insightful

      Yea so you can go to jail for just having an Ethernet sniffer!


      Nothing in the current decision suggests that, since it is about the meaning of the Fourth Amendment and therefore the limits of government power.

      It is clear text.


      So are much of the the hardcopy material in which you have a reasonable expectation of privacy under the Fourth Amendment. Encryption has never been a Constitutional prerequisite to a reasonable expectation of privacy.
    2. Re:too bad by Vancorps · · Score: 4, Insightful

      The difference is that the casual observer can hear two people holding a conversation in a public place. You cannot casually observe email without explicitly trying. That is the big difference, it takes effort to look at email and that is why there is an expectation of privacy.

      I've dealt with a few organizations where they've sent credit card info in an email. They are business cards with fraud protection so most people don't worry about it. Of course you must trust the recipient. Ultimately no one things their email will be intercepted in transit because that rarely happens due to the fact that you'd have to have a compromised DNS server to accomplish it or compromise a router in the path. In either circumstance an alternate crime has already been committed and will be dealt with. I'm not sure there has ever been a case of credit card fraud because someone sent and email with credit info and the message was intercepted. It's always the recipient of the information mishandling the data in some way.

      Personally I don't care either, what I write in email I freely share with others because I use my corporate account. I'm the only one in the company authorized to go through email so I really don't have to worry, beyond that it just doesn't matter. If you speak ill of someone speak ill of them to their face. I've never been afraid of my emails being public but given that the execs often plan secretive meetings and the future of the company through email I can understand the expectation of privacy. Just because I can go through everyone's email doesn't mean that I do. I require a specific reason and only then will I move forward. I do this even when an exec asks me to pry into email accounts. If they don't have a reason then I don't do it. The company lawyer supports me in it all so I'm pretty safe.

      I would agree that sending CC info in email isn't necessary the brightest thing to do but no more so than giving it over the phone to someone which also enjoys an expectation of privacy.

    3. Re:too bad by Myopic · · Score: 4, Insightful

      Aha, but there you are wrong. If you send a postcard, you have very low expectation of privacy. However, if you put your letter inside an envelope, then you have an expectation that the envelope will only be opened by the intended recipient. Regular email as we mostly know it is like a postcard, but you can put your postcard into an electronic envelope by encrypting it, which would give you a greater expectation of privacy. Sure, a person can still break your encryption, but that person could also just open your envelope. We would recognize these actions as crimes, preserving your privacy.

      One difference might be that people sort of think of email more like a letter than a postcard. A court could find that email has protections similar to a letter. As a techie, I would disagree with that, exactly because of what the GP said: it's so easy to sniff around and see emails that it's difficult to say it's a protected medium. I predict in the future a huge legal case where this exactly is the crux -- the question, what is the expectation of privacy in an unencrypted email? I further predict that the result will be similar to a postcard, not a letter.

      To be clear, the decision today didn't look at that question, rather the question of whether a warrant is required to search email at all. I see that as so blatantly obvious that I'm shocked the government would even question it. Look, government, hey, you know for 250 years courts have consistently told you that you need a warrant to search just about everything that isn't an emergency, so by now you should be used to it.

    4. Re:too bad by Chris+Burke · · Score: 5, Insightful

      Regular email is like a snail-mail in an envelope -- it is trivial to read it, but it requires conscious effort to do so. A postcard could fall on the ground text-up and be read by random passers by who just happened to glance at it. Unless there is something serious going wrong, someone else's email is not going to just pop up on your screen. You have to make a conscious effort to read someone else's email, and yes I'm including using a packet sniffer.

      Encryption is like shipping your letter in a box with a combination lock on it. That may be a really good idea if the contents of the letter are extremely important, but 100% absolutely NOT required for you to have an expectation of privacy vis a vis the 4th Ammendment.

      People keep confusing "expectation of privacy" with "practical feasibility of someone violating their privacy if they want to". They are not the same thing. As a techie you might think it has something to do with how difficult it is to read email, but that's really irrelevent, which is obvious if you look at every other method of communication.

      I have an expectation of privacy when conversing in my home, even though just putting your ear to my window would allow you to hear.
      I have an expectation of privacy when using a cordless phone, even though especially the old ones were trivial to listen in on.
      I have an expectation of privacy when sending a letter, even though a light shone through the envelope can reveal its secrets.

      Now, if you are worried about people who don't care about your expectations of privacy or the law, and your data is important, then yes you should be aware of the practical reality and take extra precautions, eg encryption, or a sound-proof booth in your home, or whatever. That is not the same as an expectation of privacy.

      Expectation of privacy means you expect you will be granted privacy, not that you expect that nobody can breach your privacy.

      --

      The enemies of Democracy are