Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Judge Says E-mail Not Protected By 4th Amendment

Posted by timothy on from the persons-papers-and-effects dept.

DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."

38 of 451 comments (clear)

  1. ok by nomadic · · Score: 3, Insightful

    I cannot see how this won't be overturned on appeal. People have a general expectation of privacy in regards to their e-mail, and the fact that it's being physically hosted somewhere doesn't defeat that.

    1. Re:ok by JoshuaZ · · Score: 3, Insightful

      Agreed, the appropriate analogy would be to physical mail where people have a clear expectation of privacy. Unfortunately, the attitude among judges frequently seems to be that "oh wow. That has do with that complicated internet-thingy. That must function in a completely different way. Never mind that we've had no problem seeing how new technologies fall under the Constitution before. This time it is clearly different. Besides, that web thing scares me."

    2. Re:ok by dgatwood · · Score: 4, Insightful

      More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.

      This will definitely get overturned on appeal unless the lawyers involved are inept.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    3. Re:ok by laughingcoyote · · Score: 2, Insightful

      no, the proper analogy would be to telephone, where the information travel on infrastructure owned by a third party. They also have the technological mean to listen to your conversations, but elect not to. Your isp could (technologically) read your e-mails, but he elects not to.

      There is also no technological means to keep a postal employee from opening an envelope and examining its contents, as it is a trivially simple task. The restriction is a legal one, not a technological one, but despite that, senders of mail in sealed envelopes have a reasonable expectation of privacy.

      --
      To fight the war on terror, stop being afraid.
  2. There are tools that can help by Mrs.+Grundy · · Score: 3, Insightful

    It's a real shame that email encryption never really hit the mainstream.

    1. Re:There are tools that can help by JonTurner · · Score: 2, Insightful

      This is precisely the sort of action that could lead to encryption taking hold.

    2. Re:There are tools that can help by dpilot · · Score: 3, Insightful

      The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.

      Of course another option would be to get common carrier status for the internet, at least within the US.
      Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.

      --
      The living have better things to do than to continue hating the dead.
  3. *splutter*... US Mail? by alispguru · · Score: 3, Insightful

    The Government does have to get a warrant to open your mail. Don't they?

    --

    To a Lisp hacker, XML is S-expressions in drag.
  4. By this logic... by TrebleJunkie · · Score: 4, Insightful

    ...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.

    --

    Ed R.Zahurak

    You know, oblivion keeps looking better every day.

    1. Re:By this logic... by jwilty · · Score: 2, Insightful

      Although I may agree with the concept, the analogy is only possible due to the HIPAA law. Their privacy is not a guaranteed constitutional right. Medical records are treated separately under the law and therefore cannot be used to justify treating other information in the same way. Could we pass a law that explicitly states that electronic communication is personal regardless of the route? Sure, but we don't have one. One could also make a similar analogy to cell phones and voicemail. I assume (IANAL) that they also have laws explicitly protecting privacy of communications sent via them.

    2. Re:By this logic... by Anonymous Coward · · Score: 2, Insightful

      By this logic, the Sarah Palin email hack wasn't a violation of Sarah Palin's privacy, either.

  5. Does this mean... by Anonymous Coward · · Score: 4, Insightful

    when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?

  6. judges: stay the HELL out of tech and .. by TheGratefulNet · · Score: 2, Insightful

    and I'll stay out of law.

    deal?

    I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.

    hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?

    I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.

    --

    --
    "It is now safe to switch off your computer."
    1. Re:judges: stay the HELL out of tech and .. by srothroc · · Score: 2, Insightful

      While I can understand where you're coming from, I think it's a bit arrogant to look down on them like that. Judges are just people doing their jobs to the best of their ability with the information given to them. You also see judges ruling in areas as diverse as medical issues, building codes, traffic codes, food safety, and so on, yet I doubt all of those judges are doctors, architects, civil engineers, or chefs. There's a reason judges have expert witness testimonies and amici curiae. If you want to improve how these things turn out, why not try to be a lawyer that specializes in technology issues? How about looking into submitting an amicus curiae brief for cases that you feel you have knowledgable input in? Or maybe there isn't really much you can do but hope that people with the relevant expertise can help.

      --
      http://www.tenjou.net/
    2. Re:judges: stay the HELL out of tech and .. by TheGratefulNet · · Score: 2, Insightful

      Judges are just people doing their jobs to the best of their ability with the information given to them.

      sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.

      don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.

      given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it just doesn't show that he has done any research. 'mail is stored on your isp' he says. ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

      when you have this much power over the population, you have a DUTY to be smarter and wiser than joe sixpack.

      the amount of damage to our freedom that these clowns have upsets me no-end. our legal system is quite broken and judges need to live UNDER the laws they pass (first) before hoisting it upon the rest of us. lets see how he likes his mail 'searched'. let him live with this for, say, 5 years. then lets see how enthusiastic he is about privacy.

      --

      --
      "It is now safe to switch off your computer."
    3. Re:judges: stay the HELL out of tech and .. by nomadic · · Score: 2, Insightful

      ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

      He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.

      Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.

    4. Re:judges: stay the HELL out of tech and .. by digitalunity · · Score: 2, Insightful

      There is no way to escape having your email stored by a 3rd party. I run my own mail server and even I cannot guarantee there are no 3rd parties who will have storage of my email.

      The reasoning is simple. Companies often use 3rd parties to store or filter their email. For example: I send an email to a friend. His company's mail server routes all mail to Messagelabs and they filter out the spam and route it back. Messagelabs, being a 3rd party has access to my email and reads the contents of it to make a decision. Therefore, I have no expectation of privacy because my friends company has hired a 3rd party to filter spam?

      Rulings like this would make our founding fathers roll in their graves. Is the only way to have an expectation of privacy for myself and all my correspondence recipients to use our own mail servers that physically lie in our homes? If this doesn't get reversed on appeal, I'm contacting my senator. Legislators can fix this, if we can get them off their asses.

      --
      You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
  7. Not the same, in several aspects by Yobgod+Ababua · · Score: 5, Insightful

    It's not about transportation, it's about destination.
    Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

    There are options, potentially, for the more privacy minded:
    * POP email with "delete from server" active will limit how much of your mail your ISP has access to.
    * Run your own mailserver.
    * Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

    That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...

    1. Re:Not the same, in several aspects by klingens · · Score: 5, Insightful

      It's not about transportation, it's about destination.

      Every PO-box is then unprotected under 4th amendment too?

    2. Re:Not the same, in several aspects by jeffrey.endres · · Score: 2, Insightful

      No it is about notification. The judge has ruled that the government should notify the ISP and not the person who uses the email. IMHO, the obvious flaw is that the judge rules that for the 4th Amendment to take effect, it has to be in your home.

    3. Re:Not the same, in several aspects by whoever57 · · Score: 4, Insightful

      Replying to my own post, but I see from RTFA that the judge addressed the privacy policies. However, he seems to have read them differently to me. He says that Gmail uses agree to google disclosing the information in response to a lawful request (ie, a subpoena) and somehow reads from this that users dont have any expectation of privacy. Personally, I would think that expecting disclosure to require a warrant was pretty much an expectation or privacy. Otherwise, we can never have an expectation of privacy. Perhaps he means that because Google employees can read the emails, there is no expectation of privacy, but this is using a black and white test where is it not appropriate. I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

      --
      The real "Libtards" are the Libertarians!
    4. Re:Not the same, in several aspects by Attila+Dimedici · · Score: 3, Insightful

      I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

      That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
    5. Re:Not the same, in several aspects by Crudely_Indecent · · Score: 2, Insightful

      This isn't new, and there isn't anything to stop your ISP from siphoning your emails in transit. Many companies are required to keep all email communications stored for an amount of time and have systems in place that capture and store for later discovery. Even deleting the message doesn't mean that it's really gone. The cold hard fact is that while your data is in transit on a system not owned by you, you don't own it. It's like your trash on the curb, the sanitation workers can (and probably do) go through it if it looks interesting enough. The best you can do is make it look boring.

      I have a t-shirt (that I got from thinkgeek) that reads "I read your email" and it's absolutely true, in more than one respect. As an administrator for an ISP, the mail server, all accounts and subsequently all data stored in those accounts is in within my sphere of influence. I can legally read any message present on the server. Included in those numbers are mail accounts for several city and county governments as well as many businesses that host their domains on our server. As a forensic examiner, I also am given access to much information and many email messages, so I do indeed read your email.

      At this point in the explanation of my t-shirt, is where I explain my personal ethics.

      It is because I have no faith in the ethical boundaries of others that I have a private server for my personal email.

      One note about one of the potential options listed above. Storing mail in an encrypted folder would be a great idea if the mail server didn't have to read and write to the mailbox. If the server doesn't have the key, then the incoming messages cannot be encrypted. You could always use PGP though.

      --


      "Lame" - Galaxar
    6. Re:Not the same, in several aspects by Sandbags · · Score: 2, Insightful

      The only expectation to privacy I have handing a package over to the postman is that if i can PROVE he opened it, i can sue.

      The EXACT SAME is true of e-mail. They CAN NOT access it, even on a public server, without a warent or subpeona, both of which require an active litication in front of a judge to execte.

      it does not:
      1) prevent information from being opened and read by unauthorized parties
      2) does not protect me from accidental opening (ever have a package damaged in shipping, or a backup that had to be restored, no different, someone's eyes other than you and the recipient can equally come upon it).
      3) tampering can still happen, in either case of physical or electronic it;s near impossible to prove, even harder for electronic in most cases
      4) mis-delivery
      5) mail sent you YOU from someone else under active investigation would bring your inbox under scrutiny as well.
      I could come up with a DOZEN reasons.

      Anything not in my hands, and not bound by lock/key/(encryption) is NOT guaranteed private.

      it is not wether or not you personally believe e-mail to be secure and private, it is wether a reasonable person presented with scenarios to the contrary would understand it was not truly private. Near everyone has heard of data encryption, secure e-mail, or seen a disclaimer in a message saying "if this was misdelivered please be nice and discared and not redistribute the contents." Certainly you've gotten e-mail meant for someone else, or sent a message to the wrong person (or reply all instead of reply). This alone indicates a failure of complete privcy, and thus the government knowing that still needs a subpeona, but they can get one without required 4th amendment noitification (you can still defend the findings in civil or criminal court if they did not have probable cause, or to exclude certain findings).

      --
      There is no contest in life for which the unprepared have the advantage.
  8. Re:Geeks may say by TheGratefulNet · · Score: 5, Insightful

    I run my own mail server, you insensitive clod!

    of course, the 'ever so smart judge' does not know this fine nuance.

    the fact that packets travel along routers, bridges and gateways means that some of your 'property' is stored/forwarded outside your 'house'. BUT SO WHAT??

    US mail travels in a store-forward way. are they allowed to read your mail because its 'not in your house, at the time' ?

    finally, why is this moran allowed to concluded that ALL mail sits on 'webservers' ? even if it IS web-based, oftentimes its pop/imapped to your home system and then deleted off the server. or maybe you run old style port25 mail and it truly does go point to point and never 'sits' on an ISP for more than transit-time.

    I'm really annoyed by judges who make decisions based on FALSE assumptions and lack of understanding. this judge should be fired or even tried for treason. his crime is THAT great; its a threat to some fundamental privacy that the constitution (once) allowed us.

    those who seek to over-rule constitutional laws ARE traitors. look it up.

    --

    --
    "It is now safe to switch off your computer."
  9. Consequences by SlipperHat · · Score: 2, Insightful

    By that logic, that judge's emails should be open to being searched.

  10. 3rd-party doctrine by MobyDisk · · Score: 5, Insightful

    When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP

    Yes, just like:
    - Mail
    - Safe deposit boxes
    - Bank accounts
    - Voice mails
    - Telephone conversations
    - Storage units

    As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!

  11. PGP by Yobgod+Ababua · · Score: 3, Insightful

    Oh certainly, if everyone you get email from uses PGP, you're already good.

    I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.

  12. Re:I wonder if you can use the DMCA to your advant by Sir+Holo · · Score: 4, Insightful

    A postcard is public, a letter in an envelope is private.

  13. Re:Unencrypted e-mail is like postcards by JoshuaZ · · Score: 4, Insightful

    A postcard isn't a good analogy. If I send a postcard, lots of people might see what is on it by simple chance. For example, the mail carrier might see it when they pick it up. In order for someone to read an email they need to go out of their way to access it in some form. That such access is easy doesn't say much. It is easy for someone to access physical mail often when people use a physical mailbox in the suburbs. Moreover, anyone in the postal service can easily access the internal contents of your mail without getting caught (steaming open a letter is really easy and hard to notice). That doesn't mean that the government has a right to read all my physical mail without a warrant. Just because something is possible doesn't mean that it is considered either normal or acceptable practice.

  14. Summary is not quite right. by DaveV1.0 · · Score: 3, Insightful

    The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.

    Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.

    I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".

    --
    There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
  15. Re:Stop using FedEx by rtb61 · · Score: 4, Insightful

    Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.

    Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.

    Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.

    --
    Chaos - everything, everywhere, everywhen
  16. Re:Geeks may say by pyr02k1 · · Score: 5, Insightful

    I would like a warrant for the Senates email accounts please... All of em...

  17. Re:Geeks may say by Aldenissin · · Score: 2, Insightful

    Mod parent up.

      I am in shock that we would even debate this. The judge is wrong, end of story. If you can't take the time to get familiar enough to make an adequate ruling, then you shouldn't be ruling on it. Why can't we challenge the courts ability to make an informed decision and for them to either learn the subject matter or get counsel who does know it?

    --
    Like a city whose walls are broken down is a man who lacks self-control.
  18. Re:Geeks may say by nomadic · · Score: 2, Insightful

    of course, the 'ever so smart judge' does not know this fine nuance.

    Why would he care whether you run your own mail server? His holding is that the police don't have to notify you when they're executing search warrants on your e-mail held by third parties. If your e-mail is held by you, and not a third party, then the warrant has to be shown to you.

  19. Re:Stop using FedEx by CoderBob · · Score: 2, Insightful

    Wow, I completely replied to the wrong post. Wanted to reply to http://yro.slashdot.org/comments.pl?sid=1424201&cid=29918707

  20. Re:Stop using FedEx by Beve+Jates · · Score: 2, Insightful

    Yes, and if the police show up and say "we wanna open this package" FedEx will say "I've gotta see a warrant or I'll be liable for you violating someone's 4th amendment rights"

    That's not true at all. It is well known that FedEx and UPS can and will search packages on a whim. There are no laws protecting anyone there because these are commercial companies and they have full legal access to your stuff. In fact, that's how many packages of contraband are seized. Most often it's through one of the commercial carriers because it's easy for law enforcement to do their searches due to the fact they can search anything they want without a warrant. Of course the shipping companies cooperate because they don't want the government coming down on them too.

    The US mail is the one protected by laws and can't be searched unless there is probable cause.

  21. By this logic by sheepofblue · · Score: 2, Insightful

    By this logic it would seem two things happen that law enforcement might not like. First since it is not in your possession how can you be compelled to provide a key for decryption of something that is not 'yours' Further providing that key might even be a violation of law since you are cracking an encrypted piece of software.

    Though the original logic actually makes sense from a law enforcement perspective what of general access. If you have no expectation of privacy could an ISP open every piece of email and sell the contents?