Where To Draw the Line When Punishing Email Snooping?

CWmike writes "While it might seem like a practical joke or a harmless, furtive glance, e-mail snooping could land you in more hot water than you'd ever expect — you could be charged with a federal crime. The recent case of a Philadelphia TV news anchor charged with breaking into his co-anchor's e-mail accounts shines a light on the seriousness of such snooping. Scott Christie, a former federal prosecutor who headed up the computer hacking section at the U.S. Attorney's Office, said, 'You look over someone's shoulder and read a personal letter and that's not a crime, so how can it be a crime to access someone's e-mail? It's not the same thing, of course... What you're doing when you're accessing e-mail is affirmatively exceeding your access to electronic documents and systems.' He adds: 'Usually, you're doing that by pretending to be that person to break into their account.'" It's worth noting that the Philadelphia man accessed his co-worker's email over 500 times, and his use of the information he found was hardly harmless. However, the rules and conventions for email privacy are much less familiar to most people than the laws regarding snail mail. At what point does a privacy breach demand punishment?

Larry Mendte's real crime

He is alleged not only to have accessed her account 100's of times, but he is also accused of leaking emailed conversations she had with her lawyer.

You could say that it is stupid to have such conversations over email, but this was hardly "just looking over your shoulder."

It is making for some drama in Philly.

Re:"Over 500 times"

Oh, Mendte wasn't checking automatically, it was a webmail account. The logs were made public, and revealed that Mendte was quite obsessive about checking Lane's mail.

Mendte apparently put a physical keylogger on one of the computers Lane used in the newsroom, and got her account details. The only reason he got caught was because he got sloppy-- in (IIRC) March, he left a computer in the newsroom logged into Lane's webmail. Someone else working at the station saw it, thought it odd since Lane had been fired in January, and reported it.

This has been ridiculously huge news in Philadelphia and even managed to push the "hot chick and her boyfriend who stole people's identities" stuff off the front page for a while.

P.S. How this probably came to light

Alica Lane was busted in NYC after getting into a fight with a woman who turned out to be an undercover cop.

I suspect that this is the only reason why the monitoring even came to light. And if the conversations with the lawyer hadn't been leaked, this propably wouldn't have become such a big deal.

Re:The line is fine

[clang_jangle]

No, that's an incorrect assumption. What I'm doing is pointing out the equivalence of purpose, i.e., personal, private communication. It just didn't occur to me I had to specify it, as it struck me as rather obvious.

Re:The line is fine

[clang_jangle]

It is just as illegal to intercept US mail in order to open it, read or photocopy it, reseal it, and send it on to its destination. So that difference doesn't exist, and deletion/theft is not the line. Privacy is the line.

Re:The line is fine

[Klaus_1250]

Not sure how the law in the US is, but there are countries (in Europe at least) where email falls under the the same laws as for snail mail. Which makes sense to me, except that you cannot drop bulk-mail silently (even though there is some logic to that too).

What people need to understand is that your standard email has roughly the same privacy as sending a postcard with text on the back. There is no envelope, no seal, no nothing. The only thing that "protects" you privacy is that you need an password to log-in to your POP/IMAP/Exchange account, which is roughly the same as having a lock on your Postbox. But it is still not private, as the mailman can still read your mails as well as anyone else in the chain.

If people really want privacy for their email, they need to use a SSL-connection to their POP/IMAP/SMTP/Exchange accounts and encrypt all their email through PGP/GnuPG.

Re:Anger.

The real twitter has been found dead, it appears he has been bludgeoned to death with a chair. His /. account is now a microsoft sockpuppet.

Is going to have him in civil and criminal trouble

[toxic666]

Lawyers live by e-mail, so it wasn't stupid of her to use a supposedly secure personal web mail account in her situation.

Larry Mendte installed a hardware keystroke logger on her work computer to steal her username and password. Then, he started leaking embarrassing information to a reporter for the Daily News (one step above a tabloid in Philly).

When Alicia Lane (the victim) got into a scuffle in New York, the arresting officer exaggerated the charges; Lane entered a deal that would see the charges dropped after several months of good behavior. But with all the negative personal publicity from Mendte's leaks, the station fired her.

As part of her lawsuit against the station, her attorney contacted the FBI with a suspicion that someone was accessing her account and leaking information and the focus quickly turned to Mendte, who obsessively viewed her as a rival. The FBI decided to pursue it as a criminal case because it resulted in substantial damage (loss of an $800,000 per year job and serious damage to her reputation).

It isn't like she was using the company e-mail system to work with her lawyer. She was using a private web mail account. Her legal problems (and Mendte's leaks) threatened her job.

Re:The line is fine

Way to miss the point. OP was saying in essences, "email should get the same protection snail mail gets". A common sense solution, IOW. Sadly (as your post illustrates), common sense just isn't all that common. :(
  In any event, the perp had to commit fraud in order to read his coworker's email, and there are certainly laws against that.

Re:How did he get the credentials?

[Idarubicin]

I disagree, giving someone a key to your house DOES give them the right to enter. Maybe not ethically without knocking, but they do legally have a right to enter your home.

The details will depend on jurisdiction, but no--the right to enter your home at any time does not necessarily come with the voluntarily-given key. If I gave the maid a key so she could clean once a week, she would be committing trespass if she used the key to enter my house at four in the morning. If I fired the maid but forgot to take my key back, she would be trespassing if she used the key again--even if she showed up on Tuesday morning and cleaned my kitchen. More generally, when a key is given it is often accompanied (explicitly or implicitly) by conditions determining the situations wherein its use would be appropriate. Mere possession of a key is not necessarily sufficient to grant the would-be trespasser the rights and privileges of an invitee.

Re:The line is fine

[SkyDude]

Way to miss the point. OP was saying in essences, "email should get the same protection snail mail gets". A common sense solution, IOW. Sadly (as your post illustrates), common sense just isn't all that common. :( In any event, the perp had to commit fraud in order to read his coworker's email, and there are certainly laws against that.

US Courts have already held that a business can view an employee's email account, and that the employee has no right to privacy. That doesn't mean anyone in the business can read another employee's email, but trying to give employer-owned email the same kind of protection afforded US Mail isn't going to happen anytime in the foreseeable future.

Shoulder surfing

[Paracelcus]

The protocol at IBM used to be swiveling around when a user was entering their password(s), towards the end (of my career) I noticed that the young crowd no longer did this but seemed to watch intently everything you typed. I wrote up (disciplined) several trainee techs for this. While your tinfoil hat may or may not be necessary, those privacy screen gizmo's are a good idea and if anybody is standing where they can see your keyboard move to block their view when typing passwords, etc.