Slashdot Mirror
Federal Judge Says E-mail Not Protected By 4th Amendment
DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."
Wow, best to stop using FedEx and other *private* companies to send mail then.
How we know is more important than what we know.
I cannot see how this won't be overturned on appeal. People have a general expectation of privacy in regards to their e-mail, and the fact that it's being physically hosted somewhere doesn't defeat that.
I run my own mail server, you insensitive clod!
Obviously, I should STFU before I give the government any more ideas.
It's a real shame that email encryption never really hit the mainstream.
As a bit of an aside, does it matter if you try to make the data private via encryption?
There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?
Mossman is a traitor.
Circumcision is child abuse.
and communicating in person with people who don't for quite some time now ;)
If you're staying in a hotel room, are you entitled to privacy there? Can that room be searched without a warrant, because it's not your home? Curious.
The Government does have to get a warrant to open your mail. Don't they?
To a Lisp hacker, XML is S-expressions in drag.
...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?
So when I hand USPS my mail, they get to open it because they are a 3rd party? There should be a computer literacy test for government officials.
By this reasoning, do I lose 4th amendment protection of property in "my" glove box if the car is leased?
Absurd.
-Peter
If this doesn't get appealed away, say hello to widespread email encryption and encryption in general.
This kind of ruling must make the type of miscreant that enjoys sniffing packets have a spontaneous orgasm.
(note that I intentionally specified miscreants; I don't care if you enjoy sniffing packets if you aren't sniffing anyone else's packets.)
and I'll stay out of law.
deal?
I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.
hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?
I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.
--
"It is now safe to switch off your computer."
It's not about transportation, it's about destination.
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.
There are options, potentially, for the more privacy minded:
* POP email with "delete from server" active will limit how much of your mail your ISP has access to.
* Run your own mailserver.
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.
That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...
You are thinking of identity based encryption -- the "public key" is your email address (which can be anything you want, in fact). Unfortunately, the current schemes (those that I know of, anyway) involve a trusted third party generating your private key and assigning it to you, which will run into the same problems Hushmail ran into. What would be nice is a hybrid model -- where the trusted third party could be chosen by the user, and then those trusted parties would authenticate each other. Thus, the people who currently serve "techie" roles in their social circle would generate the private keys for their friends, and then use something like PGP to authenticate each other.
Palm trees and 8
So what happens to people who run their own mailservers? Do they get 4th Amendment protection since they're in physical control of the server and its data?
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
Recently in the second Circuit, it has been ruled that gmail users do have an expectation of privacy in their e-mail account. http://online.wsj.com/public/resources/documents/Bear1.pdf. Here the Court ruled that the warrant was too broad since it didn't restrict the inspection of e-mails that were unrelated to the investigation.
In light of both rulings, it may not prevent the government inspection, but could be grounds to suppress. Furthermore, the Stored communications act prohibits a warrant for this type of information unless, "offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."
Fight Spammers!
I run my own e-mail, www and even irc server right here. My primary e-mail addresses are all directed straight to my computer; do not pass go, do not collect $200. And that's the way I like it!
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Papers and effects? The founding fathers were smart enough to protect email. This ruling is a disgrace.
I see that the electronic communication privacy act of 1986 is being ignored once again.
http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
... we loved you while you sort of started. And then were killed. By the feds... who contract with the GSA for cloud computing?
Additionally, my comments are now owned by Slashdot and I as the user am no longer responsible for them. So there.
That is: if anyone figures out a way to combine end-to-end encryption with web based e-mail (popular as it is).
And no, 2 users connecting securely to the same e-mail service doesn't cut it: in that scenario the e-mail service itself can read the messages (a man-in-the-middle attack so to speak)
How can he make the analogy to postal mail or telephone calls and not see that the same principles apply to email? We should have a constitutional amendment guaranteeing a right to privacy. The anti federalists were right. Without an explicit protection the government will take away every protection it can.
Do you have an expectation of privacy when you send a postcard?
-- Support a free market in the field of government
How is this any different then making a phone call? My voice still has to go through the Phone Companies equipment. They still need a warrant to tap my phones (well, maybe not thanks to the Patriot Act).
If this ruling stands, it's going to open up a whole new can of worms. Email should be considered PRIVATE if there is only one recipient, just the same as if I make a call to a single individual.
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
People are only so willing to not have webmail, and they are not always available in person. Forget trying to explain to people how to carry crypto keys around on a thumb drive; that is about as useful as explaining why only encrypting emails that they think are sensitive enough to require encryption is not a good strategy. Basically, the FBI won the battle -- we were so bogged down with fighting their efforts to thwart email encryption that we missed the mark and the masses never adopted it.
Palm trees and 8
By that logic, that judge's emails should be open to being searched.
When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP
Yes, just like:
- Mail
- Safe deposit boxes
- Bank accounts
- Voice mails
- Telephone conversations
- Storage units
As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!
I think this ruling is just fine as long as they extend analogy with the physical world further. I.e. if e-mail and information stored on the 3rd party servers are not "private", then e-mails and information stored locally on servers in my home should be protected by the 4th amendment.
As long as that's the way they read the law (applying "home" boundaries literally rather than as a way to define a set of "things that belong to a person") - fine with me. It's not upholding the spirit of the amendment but rather only the letter, but that's better than nothing I suppose.
Just out of curiosity, what are the privacy rights on say,a storage facility.Can the cops just walk on in and open things up, or do they need a warrant?
Oh certainly, if everyone you get email from uses PGP, you're already good.
I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.
Get with the times, man...Juno is the ISP of the future!!!
Bill Clinton: Pimp we can believe in. - The Shirt!!!
A postcard is public, a letter in an envelope is private.
Considering that many people already are not using their ISP's e-mail server, is this likely to become the death knell of publicly provided e-mail services?
I can see this being a significant issue for gmail, msn, yahoo and AOL (almost had SOL there, interesting) and their customer relations. For me it's a 5 min process to move my own services back onto my own computers. And as part of that I can advise friends and people I am going to exchange personal e-mail with to use an encrypted platform.
I don't know that it's going to be of use to many other people however. We've put a lot of work over time into making web based services simple to work with. Just as Microsoft put millions of hours into making Windows into a simple to use and work with platform. Building security and privacy into those platforms is not going to be a simple matter of tacking authentication and ssl onto them.
You never know...
What if you host your own email server?
The point of this ruling is that there's no "requirement of notice to the account holder."
This does not change the need of probable cause and a legal warrant presented to the 'third-party' in order to obtain the e-mails.
The same logic applies to wire taps, the government is not required to notify an account holder that their calls are being monitored for illegal activity. Kinda defeats the purpose of a wire tap.
In effect, this basically states that if it leaves (or is kept outside of) your home the government is not required to notify you (the account holder) that it is being looked at. But if the government does look at it, it still needs to be judicially sanctioned and supported by probable cause.
This is a reasonable expectation.
The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.
Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.
I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Time to encrypt, bitches. I'll show you a "private space".
Seven puppies were harmed during the making of this post.
Do you and your doctor frequently exchange your medical records via postcard? No, that would knowingly expose your information to any number of mail carriers. Likewise, e-mail goes through the hands/servers of any number of strangers and can be read without so much as holding it up to the light. It's a disappointing precedent, and certainly judges and government should be held to a higher standard than a USPS sorter making minimum wage, but the reasoning here isn't wrong. You shouldn't expect privacy if you can't even stuff your letter in an envelope.
By this argument, NOTHING in the cloud is protected by the 4th amendment. Until this obviously flawed decision is overturned, cloud computing is out as an option for me.
Not to get all ad hominem or anything, but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.
Zo
This is confusing to me: how do bank records not fall into the same classification? Clearly if my mail provider say they will give out my email to whomever they like then sure but most have a privacy policy which explicitly states that they will NOT do that unless compelled by law.
If there is no expectation of privacy, why can't anyone just login and read your email by hacking your account?
There are people serving time for the very thing she's legalizing for the police.
Or how is this supposed to square with the unauthorized computer access laws?
Are the cops running some ISP we don't know about to get "authorized access" to the emails?
An email box is like a safe deposit box.
I pay the bank for my safe deposit box to provide secure storage for, and access to, private documents and belongings.
I pay my email provider for my email box to provide secure storage for, and access to, private documents and belongings.
The government can no more righfully search and seize my email inbox without a warrant than it can my safe deposit box without a warrant.
The government can go fuck themselves.
The fine article refers to a ruling that says you don't have to be notified if your email is accessed. It doesn't talk about if it is legal or not to access your email. I guess the theory being that if your mail is stored "publicly" at an ISP and that someone has the legal right to look at your mail, they don't have to tell you that you have been snooped on.
The article doesn't seem to make the distinction between mail at rest (on a mail server) and mail in transit (passing on the wire) so I don't know if running your own mail server makes any difference here or not. It would at least reduce the exposure time for "snapshots" to be taken and disclosed. If your mail was on your own server you would at least have to be approached by a court with a subpoena or similar that demands access, which you would probably notice.
Encryption is of course, the answer.
This Judge should be impeached and removed from office for this. Start a campaign fund; I'll donate.
I am tired of these lovers of tyranny who pretend that Constitution's protections only apply to technologies in existence in 1789.
Well, I guess we see how he feels about things in your own home, too.
The title of the article is pure sensationalism.
E-mail is still protected by the 4th Amendment.
The ruling was that there is no 'constitutional requirement of notice to the account holder' for items in possession of a third-party.
The Judgement makes no logical sense. When I send a regular letter by regular mail it is sent out into the world too, and stored in someone elses building/bag/van too.
This ruling and its ilk need to be reversed. The 4th Amendment forbids searches of persons AND EFFECTS. It does not say that these must be in the home, nor does it say it no longer applies if the effects might be in someone's view. If I hired someone to carry a package to someone else, it would still have been well understood by the framers to be my property and one of my effects, even when traveling in the hands of a messenger. An ISP is no different in principle.
Pity this judge (and many others) don't bother to read, and try to understand, the Constitution they claim to uphold. Alas, it gets in the way of controlling others, and government seems to attract far too many control freaks.
I operate and own my systems, including my mail systems. The judge's assumption that everybody uses an ISP is incorrect.
What if you host your own email server?
The mail still has to transit through the other party's mail server(s), and possibly a few hops in between any of which could potentially store, and later forward or try read, the data.
So I guess because mail goes thru a post office it isnt considered private either...
Judges interpret the law. There is no clear law on e-mail privacy so this judge made an interpretation. This is an excellent example of where the Congress needs to be doing its job and TELL the courts what they should be thinking.
The email is still private regardless of physical location of storage. The owner leases server space from ISP, like many others leases their hotel room. Are you agree that your hotel room while you stay there are YOUR PRIVATE SPACE ?
As a bit of an aside, does it matter if you try to make the data private via encryption?
There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?
Yes (if the mail does not ever leave territories where the DMCA is officially respected). Even if you used something daft like ROT13. But we don't want to go lending credence to bad laws that way, and IIRC there are exceptions in that law (intended to pertain only to very specific law enforcement or national security activity, but which are no doubt easily bendable to justify even less desirable snooping too) that could render your copyright violation point officially irrelevant in a court of law (and completely irrelevant if the information has somehow become public anyway - depending on the sensitivity of the information it is likely that no end of legal action will rectify the damage done by its capture and release).
...what is the purpose of these standard email account necessities if not to secure my privacy?
"When I find myself in times of trouble, PRZ, he comes to me.
Speaking words of wisdom, 'PGP, PGP!'"
You DO know how to use PGP or GPG, and have the appropriate email plugins, right?
RIGHT?
Guaranteed! This comment 100% Anthrax free!
Right, like posting on a Blog is public and sending an email (which requires a password "envelope") is private.
CAn'T CompreHend SARcaSm?
Important is: who makes judgements and what is the purpose of it. As far as people allows for lawayers to interpret meanings, they place their entire life in the hands of other people, not god. There is not so many words in the world to describe every possible twist of interpretation. The same holds true for stupidity.
We've seen this sort of "logic" before, and often. The general principle is "When a computer becomes involved, all precedent is forgotten, and centuries of hard-learned lessons must be learned all over again." I've forgotten who first pointed this out, but it's a useful thing to remember.
It took many centuries, and many deaths, for the freedoms that most of the "first-world" countries have were encoded in their laws. But over and over, we've found that the courts don't apply those laws to anything that involves a computer. It takes a good list of horror stories about the actions of ISPs and other people in positions of power, plus new laws, to get the older Real World laws applied to anything involving a computer. This is just one example of many.
It's sorta funny that computers, which are the ultimate in relentless, unforgiving, mechanical logic, have an effect on humans that can be characterized as destroying our ability to use logic as simple as saying that everything we knew before still applies when there's a computer in the vicinity.
In most of the First World, it's illegal for a postal or other delivery employee to open a package and make notes on the content. There are good historic reasons for this. It's interesting to read the history of the concept of "common carrier", and understand why it came to be. People did literally die before these rules went into effect, as the result of people opening and reading the contents of messages in transit, and selling the information to interested parties. This history isn't a secret. But when its a computer transferring messages, the carriers are permitted to inspect the contents and sell the information to interested parties. This will eventually lead to laws applying the common-carrier rules to computerized communications. But this will only happen after the same sort of disasters that led to the common-carrier rules for written, printed and analog telephone communications.
The only scheme that's stable over the long term is that "carriers" of messages should not be allowed to use the contents of the messages for any purpose. In exchange for this, the people in power agree to not punish the carriers for the contents of any delivered messages. Anything else will eventually be a disaster for the people in power, when they learn too late that the carriers have made "commercial" use of the contents of messages to/from powerful people.
This isn't a hypothetical scenario; it is exactly what led to the common-carrier laws in the past. Things like this court decision just shorten the time until such disasters occur. And it's all due to our mysterious inability to remember and apply historic precedent when there's a computer involved.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
It's funny how people are all happy for 'reasonable' restrictions of the right mentioned in the Second Amendment, but when 'reasonable' restrictions are put on the Fourth Amendment, more are willing to fight. It's time to work to protect ALL of our rights, including our Ninth Amendment rights to everything else not mentioned.
IANAL, but IIRC, privacy attaches to the person. There was case where a guy, being watched by authorities, was placing a phone call from a public phone booth. The authorities watching him bugged the booth without a warrant. The conversation was tossed because even though he was in a public place, he had a reasonable expectation of privacy while standing in a closed booth. SCOTUS case. Someone else can look it up. Assuming I'm remembering correctly (or close enough), how is this any different? Because it's going through the tubes? Idiot judge.
Here's my new email sig...
"Copyright 2009, All Rights Reserved - NOTICE: This email has been digitally encrypted with the Double ROT13 encryption algorithm. Any unauthorized access is a violation of the DMCA and will be prosecuted to the fullest extent of the law"
Brawndo: It's what plants crave!
An easy to use email encryption option is Voltage SecureMail.
Voltage SecureMail has plug-ins and a web interface for sending encrypted email to anyone. Messages are stored only in the sender's Sent folder and the recipient's Inbox.
Recipients don't need any special software to decrypt and read their messages...just their browser. And, it's much easier to use than PGP or SMIME.
Try it for free at http://www.voltage.com/vsn
The original author of the blog in the story has revised his analysis thus:
"In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers. I missed this because the reasoning closely resembles the argument for saying that the Fourth Amendment doesn’t apply at all, and I didn’t read the earlier section closely enough. That’s obviously a much narrower position, and I apologize for misunderstanding it the first time in the quick skim I gave it. Sorry about that: The fault is entirely mine."
http://volokh.com/2009/10/29/opinion-on-fourth-amendment-and-e-mail/
Right, but not every email is in one place. They'd have to raid every mail server associated with your every correspondent.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
I also run my own mail server, in my home, so assume the ruling does not apply. Furthermore, I find the judge's logic quite slipshod and overbroad, for obvious reasons.
"When a person uses the postal service, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the postal service with a zip code and mailbox owned by the United States Postal Service. All materials in transit, whether they are letters or packages, are physically temporarely stored on facilities owned by the USPS. When we send a letter or a postcard from the comfort of our own homes to a friend across town the message travels from our home to facilities owned by a third party, the USPS, before being delivered to the intended recipient. Thus, "private" information is actually being held by third-parties."
and the author (Orin Kerr) has apologised.
http://volokh.com/2009/10/29/opinion-on-fourth-amendment-and-e-mail/
The judge's opinion only concerned whether or not the fourth amendment required the owner of an email account to be served NOTICE of a search having taken place, not whether the actual search is covered by the fourth amendment.
Huge difference.
Please fix this someone?
& you heard it first on YOUTUBE?
http://www.youtube.com/watch?v=yeQBzTkJNhs&videos=jkRJgbXY-90
that's pretty funny?
"Based on their scrutiny of the infrasound records, the Canadian research team reported that a large (40-50 kilotons of TNT) bolide detonation occurred near the coastal city of Bone in South Sulawesi, Indonesia. The infrasonic geolocation is not precise enough to determine if the bolide was over water or land, but it was relatively near the coast, the team reported.
Follow-on observations from other instruments or ground recovery efforts, the Canadian team added, would be very valuable in further refining this unique event. Their analysis corresponds to an object some 16-33 feet (5-10 meters) in diameter. Based on the earlier work by Brown, such objects are expected to impact the Earth on average every two to 12 years.
"We are trying to coordinate with some local scientists to secure more local data, but that will likely take several weeks," Brown told SPACE.com.
Brown said a YouTube video that was aired a few days after the event convinced them it was a bolide.
"Had this happened over the ocean we would only have known that there had been a big explosion...we would presume it was a fireball, but it could be anything producing a large impulsive shock in the atmosphere," Brown said.
More data is expected from U.S. military space assets that likely detected the event. From their vantage point in space, multiple sensor systems would have seen the huge explosion and there surely is a rich dataset of measurements to be plumbed relating to the detonation.
Wall of secrecy
Why wasn't this asteroid observed before it hit?
SwRI's Chapman said he was not aware that the object was seen before it plowed into Earth's atmosphere.
"The body was large enough that some of the current Spaceguard Survey telescopes might have detected it a couple of days before it hit, were it coming from the night sky. But it struck during daytime and probably could not have been seen by those telescopes," Chapman explained. A second question is whether it was detected by military satellites that monitor bright flashes in the Earth's atmosphere for defense and security purposes.
"Almost certainly it was detected and presumably immediately identified as an explosion of a large meteoroid rather than, say, an explosion of a human-made device in the atmosphere," Chapman figures. "But these satellites are secret and, in the past, the establishments controlling them have delayed releasing the data, for weeks or months."
Earlier this year, Chapman added, a change in previous policy led the U.S. military to withhold the data from the public.
"Scientists hope that they will reverse that policy. This event will demonstrate whether the wall of secrecy is coming down again, or not," Chapman noted. "Evidently, because of the passage of weeks since the event, there has been no decision to release the data promptly.""
http://news.yahoo.com/s/space/20091029/sc_space/hugeexplosionwasbiggestspacerocktostrikeearthsince1994
so, some folks have 'privacy' on a astronomical scale, while the rest of US have no secrets at all?
Ok, I didn't RFA. I'm too upset already...
The judge is trying to change the guidelines: http://www.usdoj.gov/—s&smanual2002.htm
I forget the court case, but I distinctly remember a case where the result was the "reasonable expectation of privacy" was enough to consider your papers to be private. I am not sure it was supreme court or not that did this. Many older cases without computers do apply to computers; yet for some reason we need to rehash resolved issues because of widespread computer ignorance.
My gym locker, car, parking ramp, office desk, etc are now fair game? My papers must reside on my property now?
I remember 5th amendment stuff.. coming from non-computer situations but totally relevant; but this guy decides that email is somehow DIFFERENT than the physical mail services. (BTW, the USPS has gone private which is one reason postage has been constantly going up...) At least if you ENCRYPT email you have supreme court rulings protecting your keys (FISHER v. UNITED STATES) the "Fisher Test."
One could argue that unencrypted insecure access to external systems removes the reasonable expectation of privacy; and therefore makes it publicly accessible in a way, like biometrics which are pubic - in a way. (BTW, biometrics are not private-- don't use them for 'private' keys!) Then you could take stuff like Trash-- if you trash an email, is it private? could they claim digital trash is like physical trash?? (your trash is public once it leaves your property.)
Democracy Now! - uncensored, anti-establishment news
What if I setup a private VPN tunnel or private connection to send mail between my private mail server and that of my friend or a private organization, company?
Respect the Constitution
When I board an airplane, I occasionally check a bag. That bag may contain my papers. The bag is stored in a container which is the property of a third party. The bag may be unsecured. My only reasonable expectation of privacy arises from the fact that my papers are in a bag.
If I ride the train to work, I may put my briefcase in the overhead container without locking it. I may even use the bathroom along the way, and leave my bag stored in a government owned vehicle unattended. I still have a reasonable expectation of privacy.
Similarly, if I rot 13 an electronic communication, and state that it is a private communication, it meets the exact same standards of expectation of privacy as a physical document that is protected.
With that, I give you this: The following message is a private communication from me to the original founders of Slashdot. It is rot 13 encrypted, which is equally secure as if I left my briefcase unlocked on a table at a coffee shop. I dare you to violate my 4th amendment rights.
Gunax lbh sbe perngvat fhpu n cbjreshy cyngsbez sbe gur qvfphffvba bs bhe shaqnzragny evtugf.
I wonder what would be the effect of someone else decrypting the above text and posting it? Suppose I left my briefcase on a table in a coffee shop, someone opened it and photographed the contents, then gave those photos to the police. Would the police be allowed to act on that information?
Not that it is the case here, but would the police be allowed to "hint" to someone that it sure would be nice to have a copy of the plaintext?
Stop-Prism.org: Opt Out of Surveillance
I have found my can of worms..Pity it has been opened
The frog continues to heat up.
Soon it will be boiling in the totalitarian cooked state that tastes so good to it's captors.
Not so good for us frogs.
sorry, corrected asteroid to meteorite & meant to type indonesia instead of india. most of our email can't be read either due to mis/pronunciations/spellings etc...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brilliant way to use their dastardly law against them! Right on!
- -Joey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrqUZ8ACgkQ7J1dPd3sAmCaoQCeL5pcyxyU2nJTFE7XSLoN+5Cr
VSEAn1sbJkU434d5kkOlYTauuhZsD5za
=or17
-----END PGP SIGNATURE-----
To prove the correctness of ClearView, we ran it against itself, and found no bugs, no vulnerabilities,.... nothing at all!
By this logic it would seem two things happen that law enforcement might not like. First since it is not in your possession how can you be compelled to provide a key for decryption of something that is not 'yours' Further providing that key might even be a violation of law since you are cracking an encrypted piece of software.
Though the original logic actually makes sense from a law enforcement perspective what of general access. If you have no expectation of privacy could an ISP open every piece of email and sell the contents?
... the government has found yet another way to exert control over you. At least, temporarily, until it gets to the Supreme Court.
Good thing we have 9 other amendments out there to protect us (for now) ... including, if it comes down to it in the very end, the second.
Against non ethical interpretation of law ? I guess, the same judge cannot judge itself being judged ? ;-)
When you send ME email, it winds up in MY computer, not one owned by an ISP.
And, even if an ISP held it "in trust" for me, so what?
Finally, the roads are public spaces, but the USPS, UPS and Fedex trucks on them are not.
What was this judge smoking?
In Liberty, Rene
You actually read TFA!?! What were you thinking? This is digg, not slashdot.
From the article's reprint of the opinion:
The Fourth Amendment protects our homes from unreasonable searches and seizures, requiring that, absent special circumstances, the government obtain a search warrant based on probable cause before entering. This is strong privacy protection for homes and the items within them in the physical world.
From the United States Constitution, Amendment IV:
The right of the people to be secure in their persons, houses, papers, and effects
The meaning of the word "and" in law is extremely, painfully well established. It means the same thing it does in boolean logic. The fourth amendment does not protect papers in one's house; it protects papers and houses.
Anyone can make an honest mistake. But a federal judge who does not understand the first sentence of one of the ten most important specifications of the limitations of federal power is wildly outside the scope of reasonable mistakes for his position. He should be removed from office by the most expedient means available. This is not an acceptable mistake for a person who has sworn an oath to defend The Constitution, and whose most solemn duty is to interpret it correctly.
Stop-Prism.org: Opt Out of Surveillance
The same argument could be said for phone calls and wiretaps because the conversation takes place on a 'network' of devices and servers maintained by a third party company.
Total bullshit. You need a warrant to read MY fucking e-mail AND the traffic that goes through my service provider because,,,,,,,,,,,,,, I live in the U.S. and the U.S. is supposed to comply with my UNALIENABLE RIGHTS. It should be needless to say that this isn't going to make a few hundred million Americans very happy.
Apartments are third party storage locations and houses. What about
the homeless who keep their documents in on-line storage locations?
They need protection as well.
Papers and effects are to be free from unreasonable search and
seizure.
I'm talking out of both sides of my head again.
I'm Joey the Anarchist and It can be shown that the US Government is
invalid in it's present form - totally and completely as a matter of
law. The US Constitution was void before the ink dried on it. Hear
the podcasts up at http://nahls.net/ to learn more or if you like read
the newsletter there.
Damn! Slashdot wouldn't let me PGP sign this message!
Sending an e-mail doesn't require a password at all. Neither does receiving an e-mail.
Now, many providers of e-mail services only permit you to access your mail by authenticating with them using a username and password (and usually your username and e-mail address are connected in some obvious way), but that has very little to do with how e-mail is actually sent and stored.
Right, or they'd need a warrant for the mail on your server -- in which case you, as the owner of the server, would be informed of the search.
"does not conclude that e-mails are not protected"
Double Negative
What it states is that the phrase "____ will release this information to comply with search warrants" constitutes adequate notification that they will release the information to comply with search warrants and that the e-mail user does not have to be notified that the information has been released to comply with a search warrant.
The search warrant is still required, you are still given privacy of your e-mail, and the search warrant must still be reasonable and legal. The only thing this does is say that if your ISP has warned you they will release this information to the authorities under a search warrant, they don't have to tell you that you've been searched.
I know that on slashdot we don't(including me) generally RTFA, but it would be nice if the person posting it would RTFA, or if the no name blogger who wrote it would RTF Opinion(which he acknowledges later he did not adequately do.
Personally I think that ISPs probably should notify you, and I would certainly switch providers if I found out mine had not, but if you're going to disagree with this opinion, at least disagree with it as opposed to random FUD.
We have a simple technological solution to this issue: encryption. Why waste time with people who just don't get it?
I'm sure the government could find some work around for that. If you're not rich, the government doesn't care. At one time, when the constitution was written, the government was by the people, of the people, and for the people, but not anymore. If you aren't a big business, they don't give a sh!t. Where do you think the DMCA came from?
The GP was talking about copyright and the DMCA, not privacy.
<hat material="tin foil">Yeah, because warrantless searches never happen.</hat>
Not that I care personally. The worst any officer of the law will find in my email is some bad taste jokes that might step over generally accepted lines and a few porn references, and if they are going to make something up they can do that without actually looking.
But mail encryption is about much more than law enforcement (I know we are straying away from the original article's point here - feel free to mod "off topic") - it is a much more general solution to potential privacy/secrecy issues both for individuals and commercial entities.
Using the Daily Mail as a reference lays you open to ridicule from UK readers. It's not exactly a reliable source of evidence. It's so bad there are even comedy Daily Mail headline generators out there.
> When a person uses the Internet, the user's
> actions are no longer in his or her physical home
You know, I'm pretty sure "houses" is only *one* of the four things listed in the amendment. Aren't we also supposed to be secure in our persons, papers, and effects, against unwarranted searches and seizures?
> All materials stored online, whether they are e-mails
> or remotely stored documents, are physically stored
> on servers owned by an ISP.
If I rent storage space for physical objects, can that space now be searched without a warrant? So a bank safe deposit box, for instance, is fair game for unwarranted searches, merely because I don't personally own it?
I'm really glad this is based on a misreading of the judge's opinion, because if this had been for real, it would be scary. (Not because I'm worried that my stuff will be searched -- I don't really have much to hide, so the fourth amendment isn't particularly dear to me as things go -- but because any government that can treat its own constitution in that flagrant a fashion would likely also ignore my other legal rights, some of which *are* quite dear to me.)
Cut that out, or I will ship you to Norilsk in a box.
This is ridicules not all email is stored on ISP sites some are stored at home, those who run home servers for example and also pop3 email is stored locally not remotely, the daemon is just means of transport, as a telephone central. I think it's a bit shortsighted to claim the above and before a judge makes statements in these matters they should consult different people on how things work, before they make such claims. There is more then one way to use email, this seems based on webmail services.
The judge's decision didn't actually turn on whether you "understand" that the contracted company's employees have access to the information but rather on the issue that you agreed in the EULA to allow Google to give your information to law enforcement under nebulously undefined circumstances.
The Fourth Amendment is sort of a specific instance of privacy. Before HIPPA you had no expectation of privacy except with respect to law enforcement where your Fourth Amendment privacy was protected (so-called "doctor-patient privilege"). Post-HIPPA you now do have an expectation of privacy except with respect to law enforcement where most of the EULAs you now sign explicitly tell you that your health care providers will disclose your medical details to law enforcement under nebulously defined circumstances ... as this judge has now recognized.
The problem is not with this judge, the problem is with the really bad terms that've been placed in non-negotiable EULAs. If this guy's lawyers were smart, the moment the prosecutor brought up the EULA as having waived Fourth Amendment rights the defense lawyers should have started arguing that email service EULAs (as a class) are an "unconscionable" contract (and should therefore be ruled unenforceable) precisely because they contain such a momentous waiver of your constitutional rights without due compensation and without any ability to negotiate the contract.
Creating a video doesn't require DRM at all. Neither does viewing a video... Now, many providers of video services only permit you to access a video by wrapping them in DRM.
DMCA doesn't require that there are no non-protected channels, it only requires that the channel in question is protected.
Slay a dragon... over lunch!
The same way it works for the phone and postal systems. This judge's ruling differs greatly from existing long-standing precedents on what are and are not private communications.
Slay a dragon... over lunch!
And when we send a letter in the mail, it physically resides at a postal facility, postal airplane, postal truck, and in the postal worker's mail bag. When we call someone, our voice data is most certainly stored on a large number of phone switches and switch modules while it's being encoded, multiplexed and the reverse at the far end. So it's good to know the government won't need to notify subscribers.
TFA is not accessible at the moment, so all this may have already been addressed there.
Not all of these are electronically transmittable, it's just a list i've been working on that i've lazily copy/pasted
- Details of the surprise party you plan to throw for someone
- Contact details for your friends and family
- Tobacco and associated parafanalia
- Bank balance
- Bank details
- Credit card numbers
- Passwords and burglar alam codes
- Political alignment and voting preferences
- Relegion and Relegious materials
- Photographs of your children
- Photographs of your children in the bath, the pool, at the beach
- Appointment details for doctors, psychologists, councillors, treatment centres
- Medication for depression or any other illness
- Prescriptions for the medications
- Details of your next AA or Diet club meeting
- Condoms
- Dirty letters, emails or texts to or from a spouse or lover
- Sexy underwear
- Sex toys
- Porno mags or videos
- Subscription details for the porno mags or videos
- Stained underwear (due to an accident or some other activity)
- Invoices and receipts detailing purchase of various items in this list
If you don't risk failure you don't risk success.
Voicemail is stored by my provider and accessed by me logging in over a service. I don't see what possible difference exists. Does this mean that voicemail is similarly not protected?
When I send a letter through snail mail, I hand deliver it. It's not like I use a 3rd party like the POSTAL SERVICE!
Along with having to stop posting/having a profile on slashdot. :P
OTR IM is the only way to go?
When i am paying for a service,ie,Internet connection that includes 5 email addresses i expect 100% privicy for my emails. Now if i use gmail or anyother free email service i get what i pay for and expect as much. Its just that simple :)
Jack of all trades,master of none
In the case of a warrantless search, the rules concerning who they have to notify when they serve a warrant are irrelevant. (I do not think warrantless searches of e-mail happen often enough to be a concern. I won't say the same of FISA warrants, though.)
First, DMCA requires encryption. Not permitting you access to your e-mail without authentication isn't encryption (even if the communication channel is encrypted, the data at rest is not).
Second, if you DRM-wrap a video, you have created (and are distributing) an encrypted piece of data that is only readable if you have the decryption key. When you send an e-mail, the data of the e-mail itself is never encrypted (though a communication channel it is sent on may be) and it is stored, unencrypted, by a third party (unless the recipient runs their own e-mail server, in which case they are the third party). They may well require some form of authentication before they will send or display the e-mail to you, but that has nothing to do with encryption. The warrant is issued to access the e-mail stored at rest on the server, which is unencrypted.
Now, were you to send encrypted e-mail, the story would be very different. (Well, really, were you to start receiving encrypted e-mail. The nature of e-mail encryption is such that they would need to request the decryption key from the recipient.) Apart from the minor fact that nobody really uses e-mail encryption, and it's only useful if both sender and recipient use it, e-mail encryption is a very good idea. I mean, the e-mail is stored by a third party, unencrypted, and is sent across the Internet, unencrypted. What part of that sounds like a good idea?
WTF? Usually intelligent people use their own email servers based out of their home. This judge is basing statements off of the dumbed down general public rather than those who actually know how to use a computer. Does this law apply to ALL email, since MOST email is stored on 3rd party servers? This is what the judge has stated. What about the few intelligent ones such as I who have my own email server? This judge needs to be arrested for tyranny.
I run my own mailserver with a DYNDNS domain. I guess this means I have no right to demand that I notify myself if I read my own mail...?
I can put up with posters not reading the TFA. I can even tolerate the editors not doing so. But when even the twits submitting the stories don't bother to read them don't you think that's going too far?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
But this part:
Not really true. It's still a government agency, the people who work there are still civil servants, etc... but their funding has to come exclusively from their own sales, and not from general tax revenue. Which is probably how it ought to be. But the USPS is not a private company.
I could have made the court overturn it, and I'm not even a lawyer, that's how unreasonable that decision WOULD have been IF it had been correctly stated the first time. I think expectation of privacy kind of defeats this decision, because ask any American if they expect their emails to be private and read by them alone: I'm pretty sure all of them would say "Yes!".
Since the future will mostly be digital, unfortunately, most of our lives will be streaming through third-party affiliates. So according to the supposed logic of this court decision, everything would be subject to search. The Smart Houses coming out sometime? "Yeah yeah yeah, since their fridge stats and children bedroom security system pass through our safe-o-meter server offsite from their house, we can monitor them while they sleep, eat, watch tv, read, play games, dress, undress, bathe" etc. Slipper-slope argument, but that logic is dangerous!
Both phone calls and email are simply digital transmission over wire
Only for the last decade. Before that, all calls, even cell phone calls, were analog.
Free Martian Whores!
same way they ignore the constitution
That's what this topic is about, were you having a different conversation? Maybe I misunderstood your earlier post, but it read to me (and still does upon re-reading) that you're taking the stance that because email is not necessarily encrypted (there exist unencrypted emails, even if it's most of them out there), therefore email is not eligible for DMCA-style protections.
The fact that most people use email in an unencrypted manner is irrelevant to the discussion. DMCA protections do not require that there exists no non-encrypted version of a medium, it merely requires that you employ encryption in the instance at question.
Email encryption neither requires nor is particularly aided by ISP level encryption services. Encryption would be end point encryption; user to user using PGP, GPG, or similar. All your ISP communications channels could be straight unmodified data (the data they receive from the sender is the data that exists on the disk, and it is the same data that is transmitted to the recipient), and even they could be free from authentication. This doesn't change whether you can encrypt over this medium, and you can still be certain that only the intended recipient is able to read a given message outside of a compromised private key.
Slay a dragon... over lunch!
No, the following, which this was in response to, is not about encrypted e-mail, but e-mail in general:
A postcard is public, a letter in an envelope is private.
Right, like posting on a Blog is public and sending an email (which requires a password "envelope") is private.
Yeah, and these are part of a conversation about using encryption in your email.
I'm not sure I understand the objective of your original point (that being that there is no intrinsic requirement that email be accessed with a password).
Maybe there exists some corner case out there where passwords (or some other secret) aren't used to control access to email, but the overwhelming majority of email use requires it.
Slay a dragon... over lunch!
I know a retired manager from the USPS and he said its been private for a long time; its not like it used to be. Its not a private corp but its also not a gov agency but an odd hybrid creation which happened during his time there.
Democracy Now! - uncensored, anti-establishment news