Slashdot Mirror
Where To Draw the Line When Punishing Email Snooping?
CWmike writes "While it might seem like a practical joke or a harmless, furtive glance, e-mail snooping could land you in more hot water than you'd ever expect — you could be charged with a federal crime. The recent case of a Philadelphia TV news anchor charged with breaking into his co-anchor's e-mail accounts shines a light on the seriousness of such snooping. Scott Christie, a former federal prosecutor who headed up the computer hacking section at the U.S. Attorney's Office, said, 'You look over someone's shoulder and read a personal letter and that's not a crime, so how can it be a crime to access someone's e-mail? It's not the same thing, of course... What you're doing when you're accessing e-mail is affirmatively exceeding your access to electronic documents and systems.' He adds: 'Usually, you're doing that by pretending to be that person to break into their account.'"
It's worth noting that the Philadelphia man accessed his co-worker's email over 500 times, and his use of the information he found was hardly harmless. However, the rules and conventions for email privacy are much less familiar to most people than the laws regarding snail mail. At what point does a privacy breach demand punishment?
Wasn't privacy declared dead some time ago? So, no punishment, I guess...
He is alleged not only to have accessed her account 100's of times, but he is also accused of leaking emailed conversations she had with her lawyer.
You could say that it is stupid to have such conversations over email, but this was hardly "just looking over your shoulder."
It is making for some drama in Philly.
Just make the deterrent/punishment the same as accessing someone's paper mail without permission.
Sure, in some cases you have to pretend "to be that person to break into their account", in which case you might throw a bit of "fraud" at them as well, but in most cases, accessing snail mail and accessing physical mail are similar enough.
If you are reading something over someone's shoulder, they can tell you to piss off, cover it up or whatever. The difference is actually going to the mail box (whether it be physical or electronic) and accessing what is in it.
Oh yeah, I guess it might be slightly harder to prove that someone has accessed the electronic box (because they don't have to open any envelopes), but considering you should be treating email as you would post cards anyway... (That is, anyone between you and the destination can read it, unless you take measures to encrypt it or something.)
-----
Disclaimer, I don't believe the state should exist. However, my opinions expressed above are given on the condition that my belief is suspended for the time being.
I wank in the shower.
Oh, Mendte wasn't checking automatically, it was a webmail account. The logs were made public, and revealed that Mendte was quite obsessive about checking Lane's mail.
Mendte apparently put a physical keylogger on one of the computers Lane used in the newsroom, and got her account details. The only reason he got caught was because he got sloppy-- in (IIRC) March, he left a computer in the newsroom logged into Lane's webmail. Someone else working at the station saw it, thought it odd since Lane had been fired in January, and reported it.
This has been ridiculously huge news in Philadelphia and even managed to push the "hot chick and her boyfriend who stole people's identities" stuff off the front page for a while.
It should be the same as physically opening up someone else's mail from the snail-mail box. Being electronic changes nothing.
Sec. 1702. - Obstruction of correspondence
Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both.
Gone!
Sigh. They are NOT repeat NOT talking about looking over someone's shoulder, or a furtive glance. They're talking about logging into another's email account and making the (damaging) contents public. But hey, this sort of confusion is what I expect from journalists - doesn't matter if they work for the New York Times or the Daily Shopper, they're all pretty much the same.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
The "looking over the shoulder" vs. "read someone's email" analogy is flawed. This would need to be two separate analogies. Looking over their shoulder to read a letter vs. looking over their shoulder to read an email on the screen, and accessing someone's email account vs. breaking onto their house and reading the letters they keep in a drawer in their bedroom.
The former is rude, but not generally prosecuted. The latter is a crime.
Except that e-mail is not US mail. You're confusing law about the US Postal Service (so snail mail) with e-mail.
You read someone's snail mail without permission - it is an action punishable by law. You read someone's electronic mail without permission - it should very much be punishable by law, because the punishable action of reading snail mail is not that you read a letter written on paper, but that you read information addressed to someone else than you.
And privacy is only as dead as anyone wants it to be. If you say, go ahead, here are my login and password, read my mail, fine. But you know what? Some politicians in Germany have argued in favour of the infamous law for mass data retention. They have done so on this exact argument, that "on the Internet, everybody gives away all private information anyway."
Bullshit!
The grass is always greener on the other side of the light cone.
No, that's an incorrect assumption. What I'm doing is pointing out the equivalence of purpose, i.e., personal, private communication. It just didn't occur to me I had to specify it, as it struck me as rather obvious.
Caveat Utilitor
US Mail and E-Mail are fundamentally different. With snailmail, the government guarantees the timely and confidential delivery of your message, and it is a federal crime for a third party to interfere with that contract. Contrast that against E-Mail, where confidentiality is never guaranteed - consider every virus scanner and Junk Mail filter along the transmission path. However, when a third party breaks into an email account, a different crime is being committed - identity theft.
Laws that specifically protect US Mail should not apply to crimes involving electronic mail. The act of impersonating the victim should be sufficient for prosecuting the offender.
It is just as illegal to intercept US mail in order to open it, read or photocopy it, reseal it, and send it on to its destination. So that difference doesn't exist, and deletion/theft is not the line. Privacy is the line.
Caveat Utilitor
I can't believe you actually made one post without once mentioning Windows or Microsoft. So, who the hell are you and what have you done with the real Twitter?
It is a miracle that curiosity survives formal education. - Einstein
Not sure how the law in the US is, but there are countries (in Europe at least) where email falls under the the same laws as for snail mail. Which makes sense to me, except that you cannot drop bulk-mail silently (even though there is some logic to that too).
What people need to understand is that your standard email has roughly the same privacy as sending a postcard with text on the back. There is no envelope, no seal, no nothing. The only thing that "protects" you privacy is that you need an password to log-in to your POP/IMAP/Exchange account, which is roughly the same as having a lock on your Postbox. But it is still not private, as the mailman can still read your mails as well as anyone else in the chain.
If people really want privacy for their email, they need to use a SSL-connection to their POP/IMAP/SMTP/Exchange accounts and encrypt all their email through PGP/GnuPG.
It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
The real twitter has been found dead, it appears he has been bludgeoned to death with a chair. His /. account is now a microsoft sockpuppet.
Lawyers live by e-mail, so it wasn't stupid of her to use a supposedly secure personal web mail account in her situation.
Larry Mendte installed a hardware keystroke logger on her work computer to steal her username and password. Then, he started leaking embarrassing information to a reporter for the Daily News (one step above a tabloid in Philly).
When Alicia Lane (the victim) got into a scuffle in New York, the arresting officer exaggerated the charges; Lane entered a deal that would see the charges dropped after several months of good behavior. But with all the negative personal publicity from Mendte's leaks, the station fired her.
As part of her lawsuit against the station, her attorney contacted the FBI with a suspicion that someone was accessing her account and leaking information and the focus quickly turned to Mendte, who obsessively viewed her as a rival. The FBI decided to pursue it as a criminal case because it resulted in substantial damage (loss of an $800,000 per year job and serious damage to her reputation).
It isn't like she was using the company e-mail system to work with her lawyer. She was using a private web mail account. Her legal problems (and Mendte's leaks) threatened her job.
I'm glad you feel that way. And since you feel that way, can I have your email address, SSN, bank account# and any or all passwords you might have? Thanks dude! Oh, and I'll, um, share my info with you later...
The company owns the computers and network, that gives them a right to monitor it and decide who gets access to what. It is the same at your house, in many (most?) states. I can, if I wish, bug my house. I can have cameras record everything, I can tap my own phones, etc. It's my house, so I can do what I please. However I can't bug YOUR house, at least not without your permission. To do so is a fairly serious crime.
Basically, I have an expectation of privacy in my house, but you don't. Likewise you have an expectation of privacy in your house, but I don't. If it is your stuff, you get to determine how it is used, how it is watched and so on. You don't get to make that determination for someone else though. Thus a company can monitor what you do at work, but not at home. If they want to install monitoring software on your work computer, that's their right. If they try to install it on your home computer without your permission, that's breaking the law.
The protocol at IBM used to be swiveling around when a user was entering their password(s), towards the end (of my career) I noticed that the young crowd no longer did this but seemed to watch intently everything you typed. I wrote up (disciplined) several trainee techs for this. While your tinfoil hat may or may not be necessary, those privacy screen gizmo's are a good idea and if anybody is standing where they can see your keyboard move to block their view when typing passwords, etc.
I killed da wabbit -Elmer Fudd