Federal Judge Says E-mail Not Protected By 4th Amendment

DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."

Stop using FedEx

[QuantumG]

Wow, best to stop using FedEx and other *private* companies to send mail then.

Re:Stop using FedEx

[JordanL]

I was going to say... doesn't the US Postal Service also take temporary possession of your messages?

I guess the 4th Amendment doesn't apply unless there is an unbroken chain of ownership between private parties.

Re:Stop using FedEx

[rtb61]

Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.

Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.

Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.

Re:Stop using FedEx

[badboy_tw2002]

Its also a good place to organize raves and that type of thing, and is generally free from these AOL newbs that seem to be cropping up more and more on the World Wide Web. But anyways, on other topics I hear 1997 is going to be the year of the linux desktop.

Re:Stop using FedEx

[QuantumG]

Yes, and if the police show up and say "we wanna open this package" FedEx will say "I've gotta see a warrant or I'll be liable for you violating someone's 4th amendment rights". Or, at least, that's what will happen if the person the police are talking to actually speaks english...

 

Re:Stop using FedEx

[CoderBob]

Wow, I completely replied to the wrong post. Wanted to reply to http://yro.slashdot.org/comments.pl?sid=1424201&cid=29918707

Re:Stop using FedEx

[tunapez]

it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved.

Not necessarily. In "One Party" states, only 1 party(the recorder) in the conversation must have knowledge of the call being recorded. I've recorded a convo w/ a "2 Party" state business(o-line retailer) who's number was toll free and I was "unaware of their location at that time". Man she was super-pissed when I called out her lies. She threatened to press charges and created quite a stink! Management refunded my monies and then some. I doubt she works for there anymore.

States Requiring One Party Notification
Alabama, Alaska, Arizona, Arkansas, Colorado, District Of Columbia, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Oklahoma, Oregon, Ohio, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wisconsin, Wyoming.

Re:Stop using FedEx

[Beve+Jates]

Yes, and if the police show up and say "we wanna open this package" FedEx will say "I've gotta see a warrant or I'll be liable for you violating someone's 4th amendment rights"

That's not true at all. It is well known that FedEx and UPS can and will search packages on a whim. There are no laws protecting anyone there because these are commercial companies and they have full legal access to your stuff. In fact, that's how many packages of contraband are seized. Most often it's through one of the commercial carriers because it's easy for law enforcement to do their searches due to the fact they can search anything they want without a warrant. Of course the shipping companies cooperate because they don't want the government coming down on them too.

The US mail is the one protected by laws and can't be searched unless there is probable cause.

Re:Stop using FedEx

[QuantumG]

Yes.... but if the police want to search your package they still need a warrant.. no matter whether your package is currently in the hands of FedEx or not.

Re:Stop using FedEx

[Nikker]

As QuantumG said they can definitely open it but can that use that as evidence against you? It may be grounds for further investigation but they might not be able to submit it in a trial.

ok

[nomadic]

I cannot see how this won't be overturned on appeal. People have a general expectation of privacy in regards to their e-mail, and the fact that it's being physically hosted somewhere doesn't defeat that.

Re:ok

[JoshuaZ]

Agreed, the appropriate analogy would be to physical mail where people have a clear expectation of privacy. Unfortunately, the attitude among judges frequently seems to be that "oh wow. That has do with that complicated internet-thingy. That must function in a completely different way. Never mind that we've had no problem seeing how new technologies fall under the Constitution before. This time it is clearly different. Besides, that web thing scares me."

Re:ok

[dgatwood]

More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.

This will definitely get overturned on appeal unless the lawyers involved are inept.

Re:ok

[Jeremiah+Cornelius]

Funny, in the UK we had police smash into almost 7,000 safe-deposit boxes.

More than 500 officers smashed their way into thousands of safety-deposit boxes to retrieve guns, drugs and millions of pounds of criminal assets. At least, that's what was supposed to happen."

It was a warrant-expansion, from one of those "seizure of criminals assests" laws, that were started first in the States. Gone ALL wrong, 'tho'.

"Many of the clientele were families who had fled turmoil, pogroms, coups and wars and long had a cultural preference for locking away money and jewels, building up a vehement distrust for the integrity of traditional banks. Here, stepping down the spiral staircase at the back to the darkened boxes below, they felt reassured that their most important possessions were safe."

Read more: http://www.dailymail.co.uk/home/moslive/article-1222777/The-raid-rocked-Met-Why-gun-drugs-op-6-717-safety-deposit-boxes-cost-taxpayer-fortune.html

Re:ok

[Jeremiah+Cornelius]

Emphasis on the "positive". :-) Medieval? There's a certain pride that the rights and privileges we are losing were established back in the Middle Ages. Hellooo... Magna Carta!

Re:ok

[laughingcoyote]

no, the proper analogy would be to telephone, where the information travel on infrastructure owned by a third party. They also have the technological mean to listen to your conversations, but elect not to. Your isp could (technologically) read your e-mails, but he elects not to.

There is also no technological means to keep a postal employee from opening an envelope and examining its contents, as it is a trivially simple task. The restriction is a legal one, not a technological one, but despite that, senders of mail in sealed envelopes have a reasonable expectation of privacy.

There are tools that can help

[Mrs.+Grundy]

It's a real shame that email encryption never really hit the mainstream.

Re:There are tools that can help

[JonTurner]

This is precisely the sort of action that could lead to encryption taking hold.

Re:There are tools that can help

[Haxzaw]

The only tool around this story is the judge.

Re:There are tools that can help

[dpilot]

The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.

Of course another option would be to get common carrier status for the internet, at least within the US.
Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.

I wonder if you can use the DMCA to your advantage

[atlasdropperofworlds]

As a bit of an aside, does it matter if you try to make the data private via encryption?

There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?

As Half Life 2 taught us...

[Stormwatch]

Mossman is a traitor.

*splutter*... US Mail?

[alispguru]

The Government does have to get a warrant to open your mail. Don't they?

By this logic...

[TrebleJunkie]

...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.

Re:By this logic...

[DaveV1.0]

Actually, they are private because there is a law saying they are private.

Re:By this logic...

[jwilty]

Although I may agree with the concept, the analogy is only possible due to the HIPAA law. Their privacy is not a guaranteed constitutional right. Medical records are treated separately under the law and therefore cannot be used to justify treating other information in the same way. Could we pass a law that explicitly states that electronic communication is personal regardless of the route? Sure, but we don't have one. One could also make a similar analogy to cell phones and voicemail. I assume (IANAL) that they also have laws explicitly protecting privacy of communications sent via them.

Re:By this logic...

By this logic, the Sarah Palin email hack wasn't a violation of Sarah Palin's privacy, either.

Does this mean...

when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?

judges: stay the HELL out of tech and ..

[TheGratefulNet]

and I'll stay out of law.

deal?

I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.

hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?

I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.

Re:judges: stay the HELL out of tech and ..

[srothroc]

While I can understand where you're coming from, I think it's a bit arrogant to look down on them like that. Judges are just people doing their jobs to the best of their ability with the information given to them. You also see judges ruling in areas as diverse as medical issues, building codes, traffic codes, food safety, and so on, yet I doubt all of those judges are doctors, architects, civil engineers, or chefs. There's a reason judges have expert witness testimonies and amici curiae. If you want to improve how these things turn out, why not try to be a lawyer that specializes in technology issues? How about looking into submitting an amicus curiae brief for cases that you feel you have knowledgable input in? Or maybe there isn't really much you can do but hope that people with the relevant expertise can help.

Re:judges: stay the HELL out of tech and ..

[TheGratefulNet]

Judges are just people doing their jobs to the best of their ability with the information given to them.

sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.

don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.

given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it just doesn't show that he has done any research. 'mail is stored on your isp' he says. ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

when you have this much power over the population, you have a DUTY to be smarter and wiser than joe sixpack.

the amount of damage to our freedom that these clowns have upsets me no-end. our legal system is quite broken and judges need to live UNDER the laws they pass (first) before hoisting it upon the rest of us. lets see how he likes his mail 'searched'. let him live with this for, say, 5 years. then lets see how enthusiastic he is about privacy.

Re:judges: stay the HELL out of tech and ..

[nomadic]

ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.

Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.

Re:judges: stay the HELL out of tech and ..

[digitalunity]

There is no way to escape having your email stored by a 3rd party. I run my own mail server and even I cannot guarantee there are no 3rd parties who will have storage of my email.

The reasoning is simple. Companies often use 3rd parties to store or filter their email. For example: I send an email to a friend. His company's mail server routes all mail to Messagelabs and they filter out the spam and route it back. Messagelabs, being a 3rd party has access to my email and reads the contents of it to make a decision. Therefore, I have no expectation of privacy because my friends company has hired a 3rd party to filter spam?

Rulings like this would make our founding fathers roll in their graves. Is the only way to have an expectation of privacy for myself and all my correspondence recipients to use our own mail servers that physically lie in our homes? If this doesn't get reversed on appeal, I'm contacting my senator. Legislators can fix this, if we can get them off their asses.

Re:Glove Box in a Leased Car

[DaveV1.0]

While you have the car in your possession, no. But, once you turn it in, yes.

And, that is a bad analogy.

Not the same, in several aspects

[Yobgod+Ababua]

It's not about transportation, it's about destination.
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

There are options, potentially, for the more privacy minded:
* POP email with "delete from server" active will limit how much of your mail your ISP has access to.
* Run your own mailserver.
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...

Re:Not the same, in several aspects

[drinkypoo]

* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

We have this already, it's called PGP. ECHELON already reads the To:, From: and Subject: lines of all email sent over any significant hops, so you don't really need to secure those.

Re:Not the same, in several aspects

[klingens]

It's not about transportation, it's about destination.

Every PO-box is then unprotected under 4th amendment too?

Re:Not the same, in several aspects

[Volante3192]

I was thinking the same thing about safety deposit boxes.

Re:Not the same, in several aspects

[wizardforce]

Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

So does the phone company regarding your phone calls. That doesn't mean that there isn't a reasonable expectation of privacy.

Re:Not the same, in several aspects

[dgatwood]

Indeed, if you'd like a citation that agrees with you, http://cyberlaw.stanford.edu/packets001954.shtml is a good place to start.

Re:Not the same, in several aspects

[whoever57]

Let's say I send an email from my home mail server to a family member using gmail.

The email leaves my home network is sent to my personal mail server. This transfer uses TLS.

My mail server sends it to GMAIL. This transfer uses TLS.

Gmail stores it. Google promises to only disclose my information with my permission or with other controls on dissemination. See Google's privacy policy and the Gmail privacy policy

I have ensured my family members use https/pops to download from gmail.

How do I not have an expectation of privacy in that transaction?

Re:Not the same, in several aspects

[jeffrey.endres]

No it is about notification. The judge has ruled that the government should notify the ISP and not the person who uses the email. IMHO, the obvious flaw is that the judge rules that for the 4th Amendment to take effect, it has to be in your home.

Re:Not the same, in several aspects

[whoever57]

Replying to my own post, but I see from RTFA that the judge addressed the privacy policies. However, he seems to have read them differently to me. He says that Gmail uses agree to google disclosing the information in response to a lawful request (ie, a subpoena) and somehow reads from this that users dont have any expectation of privacy. Personally, I would think that expecting disclosure to require a warrant was pretty much an expectation or privacy. Otherwise, we can never have an expectation of privacy. Perhaps he means that because Google employees can read the emails, there is no expectation of privacy, but this is using a black and white test where is it not appropriate. I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

Re:Not the same, in several aspects

[digitalunity]

I run my own mail server. Would this precedent then not apply to me? I have a reasonable expectation that I alone have access to my mail server.

This is a bad precedent regardless. When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery. When you make a cell phone call, you are giving data packets representing your voice to a 3rd party for delivery. Extrapolating the argument further, would then the only way to have a reasonable expectation of privacy in your communication is when you are speaking face to face with the intended recipient?

The intentions of the 4th amendment need to be upheld in a rapidly changing world. Most people have only a minuscule understanding of the technology they use and most people DO expect their emails to be private communication. Precedent like this might move people to explore encryption, which I think law enforcement can overwhelmingly agree will make their job much more difficult.

Re:Not the same, in several aspects

[Shadow+of+Eternity]

I rent an apartment, am I fucked as well?

Occasionally I am just absolutely struck fuck-dumb by the sheer level of pants on head retardedness displayed in decisions like this. Then I realise the 1st and 2nd amendments come into play.

Re:Not the same, in several aspects

[BitZtream]

Yes and the spy sats can see through your roof and read what you are typing on your comp00ter right now!

Seriously, get a grip, they aren't watching you. REALLY, they aren't. If Echelon were reading those, don't you think it would be exactly the thing to obsfucate if you've got something to hide? And thats done with SSL, not PGP.

If you're going to suggest something for encryption, PGP is entirely not it on any number of levels. There are several reasons why only geeks use it, first being its obnoxious to keep your key data up to date, even with the key servers. This is a prime example of why the 'OMG DECENTRALIZEDQ%!@%!@%' crap people go for is retarded. You decentralize it, then add back centralized servers so you can make it usable again, but not usable enough that everyone is on the same page.

S/MIME is far more useful in the general sense of email since there are 3rd party 'trusted' stores for validating certificates AND revoke them.

PGP users are too into the idea of a decentralized web of trust which is fine for geeks who have 4 friends and thats the end of it, for those of us who communicate with others outside of our basement it falls apart. It was a great first implementation of encryption for the masses, but we're past that now, will you geeks please get over it. Its not going to take over the world, the general public isn't going to bother, hell I'm a geek who writes encryption software and I don't deal with PGP.

Re:Not the same, in several aspects

[erroneus]

Tacit approval? I cannot agree. Most people consider their email to be the same as their real mail. There is no reasonable cause to consider the technical details of the email process as the common user has no knowledge of such details and typically believes his email is secure whether or not that is actually the case.

This judge is simply wrong to assert that the technical details disqualifies email from having 4th amendment protection.

FedEx has the same access to the contents of the mail as an email host provider has to read a user's email. One has but to access it. We "trust" FedEx not to tamper with or damage our mail. We "trust" email service providers not to tamper with or damage our email. I see no cause for technical details to play as a factor primarily because the constitution makes no qualifications for protection and it is not for legislators, judges or presidents to add qualifications that aren't stated. I believe it is unconstitutional to attempt to do so.

Re:Not the same, in several aspects

[CoderBob]

Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail,

Seeing as I accidentally replied to the wrong post...

Yes, there is. When you get a shipping account from FedEx, you explicitly allow them to open and inspect any package at any time for any reason.

Re:Not the same, in several aspects

[Attila+Dimedici]

I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.

Re:Not the same, in several aspects

[Crudely_Indecent]

This isn't new, and there isn't anything to stop your ISP from siphoning your emails in transit. Many companies are required to keep all email communications stored for an amount of time and have systems in place that capture and store for later discovery. Even deleting the message doesn't mean that it's really gone. The cold hard fact is that while your data is in transit on a system not owned by you, you don't own it. It's like your trash on the curb, the sanitation workers can (and probably do) go through it if it looks interesting enough. The best you can do is make it look boring.

I have a t-shirt (that I got from thinkgeek) that reads "I read your email" and it's absolutely true, in more than one respect. As an administrator for an ISP, the mail server, all accounts and subsequently all data stored in those accounts is in within my sphere of influence. I can legally read any message present on the server. Included in those numbers are mail accounts for several city and county governments as well as many businesses that host their domains on our server. As a forensic examiner, I also am given access to much information and many email messages, so I do indeed read your email.

At this point in the explanation of my t-shirt, is where I explain my personal ethics.

It is because I have no faith in the ethical boundaries of others that I have a private server for my personal email.

One note about one of the potential options listed above. Storing mail in an encrypted folder would be a great idea if the mail server didn't have to read and write to the mailbox. If the server doesn't have the key, then the incoming messages cannot be encrypted. You could always use PGP though.

Re:Not the same, in several aspects

[whoever57]

That is where the judge gets the interpretation that there is no expectation of privacy. If you understand that Google employees can read your email in gmail, then you don't expect that your emails are private.

And, following that logic, my banking details are not private because bank employees can read them, my medical details are not private because insurance company employees can read them, my phone calls are not private because telephone company employees can listen to them, etc..

Re:Not the same, in several aspects

[pitterpatter]

Somehow you're reminding me: what makes me want to ROFL convulsively is watching the morons yelling into their Bluetooths in places like an airport or a downtown sidewalk, while clearly expecting privacy. Don't believe it? Try holding a running tape recorder near their face and see how they respond. Be ready to run (or fight).

I haven't assumed privacy on a telephone since 1954, and never, ever on a cell phone. For me this means that things I want to keep secret aren't mentioned on the phone. If I have to talk about them, it's face to face or STFU. Of course, it'd be different if I were in a business that required secrets. But still...

Re:Not the same, in several aspects

[loxosceles]

That's backwards.

S/MIME is easiest to use within, or between, large organizations. Large companies can afford to give all their employees s/mime keys. S/MIME scales within an organization in a way that PGP does not. While individuals can get s/mime keys for free from a few places (NOT Thawte any longer), they're a pain to administer.

There's a reason everyone and their dog uses pgp keys, and not s/mime keys. e.g.
http://w2.eff.org/Misc/EFF/?f=pgpkey.eff.txt
http://www.kernel.org/signature.html
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

The trusted 3rd party broker and revoker offered by S/MIME is meaningless for most email communications, because Verisign and other CAs cannot cost-effectively vet individual email senders. PGP acknowledges this difficulty and offers an infrastructure for people to be as paranoid or as trusting as they want to be of others' keys.

Re:Not the same, in several aspects

[rohan972]

When you send something via UPS or FedEx, you are giving your parcel to a 3rd party for storage and delivery.

I'm curious how US courts regard postcards. It seems to me that unencrypted email is more similar to a postcard than a package. I don't expect privacy for emails, not because I know how the law in my country treats that issue, but because I send them over a public network in plain text. Even if the law says it's private it still isn't.

A post under TFA: quotes "The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their papers, thus closed against inspection, wherever they may be." (Emphasis mine, I have reached a different conclusion than the poster who highlighted "wherever they may be" instead.

I've found a copy of the passage the quote came from, Ex parte Jackson http://www.altlaw.org/v1/cases/408308
Immediately preceding that is:
In their enforcement, a distinction is to be made between different kinds of mail matter,--between what is intended to be kept free from inspection, such as letters, and sealed packages subject to letter postage; and what is open to inspection, such as newspapers, magazines, pamphlet , and other printed matter, purposely left in a condition to be examined. Letters and sealed packages of this kind in the mail are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles.

It would seem to me that it is not inconsistent if there comes a judgement that email is not under 4th amendment protection and that to answer my own question, postcards probably aren't either.

Re:Not the same, in several aspects

[guardian2181]

I rent an apartment, am I fucked as well?

Occasionally I am just absolutely struck fuck-dumb by the sheer level of pants on head retardedness displayed in decisions like this. Then I realise the 1st and 2nd amendments come into play.

Actually, you are more fucked than any of the of the other topics on this page. There is actually case law that shows it to be an un-hesitated action to have your landlord allow them into every inch of the apartment unless it be a clad iron box and that they can seize until the search warrant for the box goes through. However, why do we even bother arguing anymore. Tag it as terrorism related and all the civil liberties go into the wind. However, that is another can of worms for another time.

Re:Not the same, in several aspects

[Sandbags]

No, there are explicit laws protecting that information through targeted legislation. That's actually part of the argument on why the CAN access your e-mail this way (if it's on a cental 3rd party system).

But, in contrast, they CAN subpeona your medical records, phone records, and more.... They do that every day!!!! This only extends that to e-mail. The difference is, you have no expectation of guaranteed privacy of e-mail as you do with medical records as those are protected by such targeted legislation and regulation, so they can subpeona access to it, and they don't have to provide you protection notice under the 4th amendment (though it does have to pass a judge's scritiny for them to get that subpeona). In other words, It;s not that they could not already get your e-mail through a court order, this just gives them the abiltiy to do so without first having to issue your lawyer notice (you can still fight to have the contents kept from a court case, it;s not public record, you still have rights).

Re:Not the same, in several aspects

[Sandbags]

The only expectation to privacy I have handing a package over to the postman is that if i can PROVE he opened it, i can sue.

The EXACT SAME is true of e-mail. They CAN NOT access it, even on a public server, without a warent or subpeona, both of which require an active litication in front of a judge to execte.

it does not:
1) prevent information from being opened and read by unauthorized parties
2) does not protect me from accidental opening (ever have a package damaged in shipping, or a backup that had to be restored, no different, someone's eyes other than you and the recipient can equally come upon it).
3) tampering can still happen, in either case of physical or electronic it;s near impossible to prove, even harder for electronic in most cases
4) mis-delivery
5) mail sent you YOU from someone else under active investigation would bring your inbox under scrutiny as well.
I could come up with a DOZEN reasons.

Anything not in my hands, and not bound by lock/key/(encryption) is NOT guaranteed private.

it is not wether or not you personally believe e-mail to be secure and private, it is wether a reasonable person presented with scenarios to the contrary would understand it was not truly private. Near everyone has heard of data encryption, secure e-mail, or seen a disclaimer in a message saying "if this was misdelivered please be nice and discared and not redistribute the contents." Certainly you've gotten e-mail meant for someone else, or sent a message to the wrong person (or reply all instead of reply). This alone indicates a failure of complete privcy, and thus the government knowing that still needs a subpeona, but they can get one without required 4th amendment noitification (you can still defend the findings in civil or criminal court if they did not have probable cause, or to exclude certain findings).

This is not the same everywhere.

[www.sorehands.com]

Recently in the second Circuit, it has been ruled that gmail users do have an expectation of privacy in their e-mail account. http://online.wsj.com/public/resources/documents/Bear1.pdf. Here the Court ruled that the warrant was too broad since it didn't restrict the inspection of e-mails that were unrelated to the investigation.

In light of both rulings, it may not prevent the government inspection, but could be grounds to suppress. Furthermore, the Stored communications act prohibits a warrant for this type of information unless, "offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

Re:Geeks may say

[TheGratefulNet]

I run my own mail server, you insensitive clod!

of course, the 'ever so smart judge' does not know this fine nuance.

the fact that packets travel along routers, bridges and gateways means that some of your 'property' is stored/forwarded outside your 'house'. BUT SO WHAT??

US mail travels in a store-forward way. are they allowed to read your mail because its 'not in your house, at the time' ?

finally, why is this moran allowed to concluded that ALL mail sits on 'webservers' ? even if it IS web-based, oftentimes its pop/imapped to your home system and then deleted off the server. or maybe you run old style port25 mail and it truly does go point to point and never 'sits' on an ISP for more than transit-time.

I'm really annoyed by judges who make decisions based on FALSE assumptions and lack of understanding. this judge should be fired or even tried for treason. his crime is THAT great; its a threat to some fundamental privacy that the constitution (once) allowed us.

those who seek to over-rule constitutional laws ARE traitors. look it up.

ECPA

I see that the electronic communication privacy act of 1986 is being ignored once again.

http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

Consequences

[SlipperHat]

By that logic, that judge's emails should be open to being searched.

3rd-party doctrine

[MobyDisk]

When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP

Yes, just like:
- Mail
- Safe deposit boxes
- Bank accounts
- Voice mails
- Telephone conversations
- Storage units

As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!

Re:3rd-party doctrine

[BitZtream]

You would be wrong.

Most those things have separate laws to cover them. Well some of them due, I do not think there are any such protections for safe deposit boxes other than the providers of said boxes have a reputation to maintain if they want people to use them. There aren't to my knowledge any such protections for storage units, although it may be covered as if it were your home by a different law.

Phones and mail have laws specific too them to protect them, nothing to do with the 4th admendment other than spirit and intention.

We're just going to have to get off our lazy asses and demand the same coverage for internet related communication.

The main difference with phones is historically, there has not been a recording of the call stored outside the persons home. The phone company doesn't record every conversation for you to listen too later. If they did, you'd be in a different arena. Its much easier for law enforcement to get records of your calls than it is to wire tap your calls, the records are already stored so you can be billed, and you and I demanded the phone company do so, as we expect detailed billing.

With email, ISPs DO record it for later, as part of the service, thats the way it works. Your email ISN'T private and its rather retarded that you think something stored on someone elses hard drive is private to you, regardless of the law.

Other cases

[phorm]

Just out of curiosity, what are the privacy rights on say,a storage facility.Can the cops just walk on in and open things up, or do they need a warrant?

PGP

[Yobgod+Ababua]

Oh certainly, if everyone you get email from uses PGP, you're already good.

I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.

Re:PGP

[Brian+Gordon]

I thought Hushmail did something like that. Like they store your email encrypted and your password decrypts it when you need access, so they can't read your mail even if they get a subpoena. I think it even sends it to your browser in its original encrypted form and the client decrypts the data.

Re:PGP

[Brian+Gordon]

What are they going to do, ignore a court order? The point is that they can give the court all of the customer's data but since it's all encrypted there's no harm.

I do remember something (probably on slashdot) about an easy web interface that let you send your password to the server for your data to be unencrypted over there for the session. They warned everyone "Don't use this because if we get a court order to keep logs on you, we'll log your password and hand it over to them."

Re:PGP

[mlts]

This was because Hushmail was forced to either allow the Interpol (which has clout in Ireland and other places Hushmail has their servers) to read what the server decrypted via the Javascript client, or likely face shutdown for not cooperating.

There is absolutely nothing Hushmail's developers could have done once the judge in their area handed the search warrent papers. I still highly recommend using the service, not just for E-mail, but a decent place to store some documents offsite.

Netzero?

[Rude+Turnip]

Get with the times, man...Juno is the ISP of the future!!!

Re:I wonder if you can use the DMCA to your advant

[Sir+Holo]

A postcard is public, a letter in an envelope is private.

Re:Unencrypted e-mail is like postcards

[JoshuaZ]

A postcard isn't a good analogy. If I send a postcard, lots of people might see what is on it by simple chance. For example, the mail carrier might see it when they pick it up. In order for someone to read an email they need to go out of their way to access it in some form. That such access is easy doesn't say much. It is easy for someone to access physical mail often when people use a physical mailbox in the suburbs. Moreover, anyone in the postal service can easily access the internal contents of your mail without getting caught (steaming open a letter is really easy and hard to notice). That doesn't mean that the government has a right to read all my physical mail without a warrant. Just because something is possible doesn't mean that it is considered either normal or acceptable practice.

Summary is not quite right.

[DaveV1.0]

The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.

Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.

I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".

Bush Appointee

[DigMarx]

Not to get all ad hominem or anything, but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.

Zo

TFA talks about notification not access

[Nkwe]

The fine article refers to a ruling that says you don't have to be notified if your email is accessed. It doesn't talk about if it is legal or not to access your email. I guess the theory being that if your mail is stored "publicly" at an ISP and that someone has the legal right to look at your mail, they don't have to tell you that you have been snooped on.

The article doesn't seem to make the distinction between mail at rest (on a mail server) and mail in transit (passing on the wire) so I don't know if running your own mail server makes any difference here or not. It would at least reduce the exposure time for "snapshots" to be taken and disclosed. If your mail was on your own server you would at least have to be approached by a court with a subpoena or similar that demands access, which you would probably notice.

Encryption is of course, the answer.

Re:Geeks may say

[pyr02k1]

I would like a warrant for the Senates email accounts please... All of em...

Wrong: E-mail is Protected by Fourth Amendment

[blavallee]

The title of the article is pure sensationalism.

E-mail is still protected by the 4th Amendment.

The ruling was that there is no 'constitutional requirement of notice to the account holder' for items in possession of a third-party.

Re:Geeks may say

[Aldenissin]

Mod parent up.

  I am in shock that we would even debate this. The judge is wrong, end of story. If you can't take the time to get familiar enough to make an adequate ruling, then you shouldn't be ruling on it. Why can't we challenge the courts ability to make an informed decision and for them to either learn the subject matter or get counsel who does know it?

Re:Geeks may say

[nomadic]

of course, the 'ever so smart judge' does not know this fine nuance.

Why would he care whether you run your own mail server? His holding is that the police don't have to notify you when they're executing search warrants on your e-mail held by third parties. If your e-mail is held by you, and not a third party, then the warrant has to be shown to you.

Re:I wonder if you can use the DMCA to your advant

[Tokerat]

Right, like posting on a Blog is public and sending an email (which requires a password "envelope") is private.

This is nothing new

[jc42]

We've seen this sort of "logic" before, and often. The general principle is "When a computer becomes involved, all precedent is forgotten, and centuries of hard-learned lessons must be learned all over again." I've forgotten who first pointed this out, but it's a useful thing to remember.

It took many centuries, and many deaths, for the freedoms that most of the "first-world" countries have were encoded in their laws. But over and over, we've found that the courts don't apply those laws to anything that involves a computer. It takes a good list of horror stories about the actions of ISPs and other people in positions of power, plus new laws, to get the older Real World laws applied to anything involving a computer. This is just one example of many.

It's sorta funny that computers, which are the ultimate in relentless, unforgiving, mechanical logic, have an effect on humans that can be characterized as destroying our ability to use logic as simple as saying that everything we knew before still applies when there's a computer in the vicinity.

In most of the First World, it's illegal for a postal or other delivery employee to open a package and make notes on the content. There are good historic reasons for this. It's interesting to read the history of the concept of "common carrier", and understand why it came to be. People did literally die before these rules went into effect, as the result of people opening and reading the contents of messages in transit, and selling the information to interested parties. This history isn't a secret. But when its a computer transferring messages, the carriers are permitted to inspect the contents and sell the information to interested parties. This will eventually lead to laws applying the common-carrier rules to computerized communications. But this will only happen after the same sort of disasters that led to the common-carrier rules for written, printed and analog telephone communications.

The only scheme that's stable over the long term is that "carriers" of messages should not be allowed to use the contents of the messages for any purpose. In exchange for this, the people in power agree to not punish the carriers for the contents of any delivered messages. Anything else will eventually be a disaster for the people in power, when they learn too late that the carriers have made "commercial" use of the contents of messages to/from powerful people.

This isn't a hypothetical scenario; it is exactly what led to the common-carrier laws in the past. Things like this court decision just shorten the time until such disasters occur. And it's all due to our mysterious inability to remember and apply historic precedent when there's a computer involved.

Re:I wonder if you can use the DMCA to your advant

[coolmoose25]

Here's my new email sig...

"Copyright 2009, All Rights Reserved - NOTICE: This email has been digitally encrypted with the Double ROT13 encryption algorithm. Any unauthorized access is a violation of the DMCA and will be prosecuted to the fullest extent of the law"

The blog's author has updated his analysis...

[steve+buttgereit]

The original author of the blog in the story has revised his analysis thus:

"In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers. I missed this because the reasoning closely resembles the argument for saying that the Fourth Amendment doesn’t apply at all, and I didn’t read the earlier section closely enough. That’s obviously a much narrower position, and I apologize for misunderstanding it the first time in the quick skim I gave it. Sorry about that: The fault is entirely mine."

http://volokh.com/2009/10/29/opinion-on-fourth-amendment-and-e-mail/

Just like regular mail

[wakaramon]

"When a person uses the postal service, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the postal service with a zip code and mailbox owned by the United States Postal Service. All materials in transit, whether they are letters or packages, are physically temporarely stored on facilities owned by the USPS. When we send a letter or a postcard from the comfort of our own homes to a friend across town the message travels from our home to facilities owned by a third party, the USPS, before being delivered to the intended recipient. Thus, "private" information is actually being held by third-parties."

I think the judge is

[bussdriver]

Ok, I didn't RFA. I'm too upset already...

The judge is trying to change the guidelines: http://www.usdoj.gov/—s&smanual2002.htm

I forget the court case, but I distinctly remember a case where the result was the "reasonable expectation of privacy" was enough to consider your papers to be private. I am not sure it was supreme court or not that did this. Many older cases without computers do apply to computers; yet for some reason we need to rehash resolved issues because of widespread computer ignorance.
My gym locker, car, parking ramp, office desk, etc are now fair game? My papers must reside on my property now?

I remember 5th amendment stuff.. coming from non-computer situations but totally relevant; but this guy decides that email is somehow DIFFERENT than the physical mail services. (BTW, the USPS has gone private which is one reason postage has been constantly going up...) At least if you ENCRYPT email you have supreme court rulings protecting your keys (FISHER v. UNITED STATES) the "Fisher Test."

One could argue that unencrypted insecure access to external systems removes the reasonable expectation of privacy; and therefore makes it publicly accessible in a way, like biometrics which are pubic - in a way. (BTW, biometrics are not private-- don't use them for 'private' keys!) Then you could take stuff like Trash-- if you trash an email, is it private? could they claim digital trash is like physical trash?? (your trash is public once it leaves your property.)

By this logic

[sheepofblue]

By this logic it would seem two things happen that law enforcement might not like. First since it is not in your possession how can you be compelled to provide a key for decryption of something that is not 'yours' Further providing that key might even be a violation of law since you are cracking an encrypted piece of software.

Though the original logic actually makes sense from a law enforcement perspective what of general access. If you have no expectation of privacy could an ISP open every piece of email and sell the contents?