Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Inbox Is Not a Glove Compartment

Posted by Soulskill on from the until-gmail-unveils-support-for-glove-storage dept.

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

35 of 316 comments (clear)

  1. My computer is in the glove box by fotoguzzi · · Score: 5, Funny

    you insensitive clod!

    --
    Their they're doing there hair.
  2. Decision Formalizes What Already Happens by onionman · · Score: 3, Insightful

    This decision doesn't really change the common practice of law-enforcement agencies does it? Haven't we all already known that the government (and gmail/yahoo/hotmail/your boss etc.) is scanning our email pretty much whenever it wants to?

    1. Re:Decision Formalizes What Already Happens by rolfwind · · Score: 5, Insightful

      If this stupid decision goes through, it makes all unwarranted searches of email admissible in court. The government tortured in Guantanamo, since we all "know" that is happening, should we all go "Oh well" and then when a court legalizes it say "This decision only frmalizes what already happens, whoopey doo!"

      As an aside, when I give my car to service, the employees of the dealership/repairshop can conceivably search through my glovebox. I guess cars shouldn't need warrants. And when I have a plumber/electrician fix my house, he can snoop, so might as well strike houses from the list of things needing warrants.

      Its pretty evident I have no expectation of privacy on my email, that's why it has no password, and if it did, I give it to everyone, Mr. Idiot Judge.

    2. Re:Decision Formalizes What Already Happens by onionman · · Score: 5, Insightful

      Well, one of the benefits of formally recognizing what is occurring is that it allows the practice to be formally challenged without the issue of "state secrets" being relevant.

      As the old saying goes, "the problem with unwritten rules is that no one knows where to go to erase them." Here we have formal decision which puts one judge on record as agreeing with the common practice. This decision may now be appealed. The appeals process can allow the judicial branch to decide on the entire practice of warrantless wiretapping without any state secrecy issues being involved! That seems like a good thing to me.

    3. Re:Decision Formalizes What Already Happens by Interoperable · · Score: 2, Informative

      The government does have to notify Google/Yahoo/etc., it doesn't just scan all correspondence without warrant. What it does mean, is that it can read your e-mail by issuing a warrant to Google without ever notifying you. Google complies promptly with all warrants issued but is not in the habit of forwarding correspondence to the FBI just for fun.

      The key here is not to treat any information stored on remote servers as belonging to you. Anything on your computer is in your possession but the moment you send it into the aether it is potentially in the possession of a third party that can do whatever they want with it (read the privacy policies!). If you want to keep your e-mails secure, encrypt them; try gnuPG.

      --
      So if this is the future...where's my jet pack?
    4. Re:Decision Formalizes What Already Happens by nedlohs · · Score: 4, Informative

      No. They still need a warrant, it's just that the warrant is shown to the ISP who gives them the email and the actual owner is none the wiser. So it works like a phone tap instead of like a search and seizure in your home.

      Just run your own mail server and now the warrant needs to go to you, so you get notified. Doesn't stop them reading it of course...

    5. Re:Decision Formalizes What Already Happens by rolfwind · · Score: 3, Insightful

      Yes, but once erased, they'll keep on spying on email in secret, landing us back to step 1 and this will be the perpetual cycle. The best spot we can hope for is step 1, unfortunately, secret, court unsanctioned spying.

      As reported days ago, the biggest opponent to the three strikes rule in britain were the spooks, because they fear a rise in encryption use. That is what people should start using to defend themselves because the formal set of rules won't help here, but at least the court shouldn't ever sanction and admit it. Even if sucessfully challenged this time, there will come a time in the repeating cycle where it doesn't get erased, doesn't get overturned, and then we're stuck at the worst possible case.

    6. Re:Decision Formalizes What Already Happens by Forge · · Score: 2, Insightful

      This is what comes from deliberately inventing definition for what is really just new technology to perform an old function for which there is well established law.

      In this particular case, Email is still mail. It just travels faster and as photons or electrons rather than as a collection of atoms.

      So all we had to do is transpose the rules which apply to snail mail over to email. I.e. A postman is not allowed to open and read your mail. He just has to pass it on to the destination address. That same principle applies to private mail providers (FedEx, DHL etc...).

      That is what should have been done. What has actually been done is quite different. The authorities routinely go throgh email in circumstances where they would not have been allowed to go throgh snail mail. They "ask" (read order) ISPs to do things that they dare not ask of FedEx.

      --
      --= Isn't it surprising how badly I spell ?
    7. Re:Decision Formalizes What Already Happens by MetalPhalanx · · Score: 2, Interesting

      "The problem with unwritten rules is that no one knows where to go to erase them."

      Wait a minute, laws are erased?

    8. Re:Decision Formalizes What Already Happens by Red+Flayer · · Score: 4, Informative

      Not this troll again. The USPS is sustained on its own income, not on tax money.

      Don't be so sure of that... the USPS has fallen on very hard times. Currently they have a substantial operating deficit and will likely required emergency funding from Congress this year or early next year.

      The USPS has received emergency funding several times in the past -- and as mail volume drops while costs go up, it's only going to get worse.

      Currently the USPS is losing over $3 billion a quarter... recession + online billpaying + email + spiraling healthcare costs == USPS bankruptcy. Renegotiating union contracts and other cost-cutting measures will help, but it won't be too long before the USPS is dependent on constant infusions of cash from the general treasury.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    9. Re:Decision Formalizes What Already Happens by TheCarp · · Score: 2, Interesting

      > Not to mention, of course, that for most of us, running an email server on our home computer would violate our ISP's terms of
      > service. Jumping from a "home" account at $30/month to a "commercial" account at $130/month is a big hit for most of us.

      You can put a physical machine in colo for half that. You can go even less if you get a hosted virtual machine, potentially allowing you to even shop around jurisdictionally, even internationally. (companies do it, why shouldn't you?)

      Clearly the solution is email offering ISPs that put right into their customer agreement that customer information will only be divulged as authorized by the customer or in compliance with an official court order. It seems to me that is the standard of customer privacy that people should be demanding from their ISPs, in writing, with truly motivational levels of monetary penalty for their violation.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    10. Re:Decision Formalizes What Already Happens by pugugly · · Score: 2, Insightful

      I'm okay with that - because sooner or later secret, court unsanctioned spying blows up in their face.

      So yeah, I want this decision overturned, so that when it blows up in their face there are consequences.

      Pug

      --
      An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
  3. Makes me glad I run my own mail server by Iphtashu+Fitz · · Score: 3, Interesting

    If the government wants access to my inbox they'll need to talk to me since I'm the admin of my mail server.

    1. Re:Makes me glad I run my own mail server by Again · · Score: 2, Interesting

      And are you also your own ISP or does your email pass through someone else's routers? Hope you don't mind them recording packets and saving every DNS lookup and every website you visit as part of the "ordinary course of doing business".

      Well you could always give them information overload. Make a bot in Ruby that is constantly going to random websites, sending random emails to random addresses and just constantly doing things online. Have the bot run all day and the information the ISP stores of you will become meaningless gibberish because the vast majority of it will be random from your bot.

    2. Re:Makes me glad I run my own mail server by 0100010001010011 · · Score: 2, Insightful

      Have the bot run all day and the information the ISP stores of you will become meaningless gibberish because the vast majority of it will be random from your bot.

      They'll just assume you're a 4chaner.

    3. Re:Makes me glad I run my own mail server by realityimpaired · · Score: 2, Interesting

      Did you set up your mail server such that it can be viewed by people other than yourself?

      Mine's in colocation, rather than being a virtual server, but there's a ton that I've done to lock it down... there's volume encryption on the drive. There's a BIOS password to prevent the settings from being viewed/changed. CDROM and booting from USB are disabled, as are all of the unused SATA ports (the mobo doesn't have any PATA ports). And it's a standard *nix setup with a very secure root password.... it's a passphrase, written in a foreign language with a non-latin alphabet, transcribing keystrokes from where they would be on that language's standard input keyboard to a QWERTY keyboard, and it's a non-grammatical sentence. Special characters, mixed-case alphanumberic, completely random to an English speaker, and 34 characters long. Only one user has ssh access, and that user also has a very secure password, in the same vein as the root's password, but using a different non-latin language.

      In other words, even if they did try to execute a search warrant on my colocated system, they wouldn't be able to do anything with it without asking me for the password. Can't you set up your mail server to be the same?

  4. One flaw by Todd+Knarr · · Score: 5, Insightful

    One flaw in this argument: ISP employees do in fact have access to your e-mail. Hopefully it's only a small number, sysadmins and others with root access, and ISPs usually promise not to use that access except in limited ways without the customer's permission, but that doesn't change whether they have access or not. And the courts are concerned with whether the ISP has access, not whether or not he's promised to use it.

    A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents. If you want an expectation of privacy in your e-mail, you need to insure that your ISP literally cannot access it's contents. A promise from them that they won't isn't sufficient if they can.

    1. Re:One flaw by rolfwind · · Score: 4, Informative

      A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents.

      Up until the 1970s, you're bankrecords were, in fact, confidential and the customer had as much expectation to privacy there as with his health records entrusted to his doctor.

      Then this was assaulted by the "Right to Financial Privacy Act" in 1978, which "let federal agents write their own search warrants, but limited the subjects of those warrants to financial institutions."
      http://www.lewrockwell.com/orig6/napolitano2.html (I don't respect Lew Rockwell so much, but Judge Napolitano seems to know what he is talking about, and this was in a speech of his as well here: http://www.youtube.com/watch?v=t8QwTKKSvR8)

      I heard various things about Government unwarranted snooping and seizure on safety deposit boxes, but I can't find a credible link about that at the moment.

    2. Re:One flaw by nine-times · · Score: 4, Insightful

      My landlord has keys to my apartment. Does that mean I have no expectation of privacy in my own apartment, just because a third party theoretically has access to it? Even if I haven't given permission for my landlord to enter my apartment?

    3. Re:One flaw by demachina · · Score: 2, Interesting

      The big problem here is that chances are the NSA is directly tapping all the backbone fiber in the Internet already, and they are building giant new data centers in Utah and Texas to store Yettabytes of data which is 1,000,000,000,000,000GB. Chances are the NSA is already and will certainly be in the future recording every email, IM, URL GET and POST and phone call flowing through every fiber they manage to tap and they will probably tap them all in this country, in all their allied countries like the UK and Australia, all the ones crossing the oceans, and of course have listened to all the RF bouncing around the planet for decades. They started tapping Soviet undersea copper cables decades ago using submarines so if somehow a telecomm wont let them tap their cables they will probably just do it anyway.

      As nearly as I can tell Joe Nacchio, the CEO of Qwest, is the only exec that said no when the Bush administration told the telecoms to let the NSA taps their backbones. They responded with a dubious insider stock trading case against him and threw him in Federal prison to show what happens to people who don't "cooperate". The beauty of American law is just about everyone has cheated on their taxes, traded on an insider stock tip, used illegal drugs, or done something else the government can use against you to force compliance and obedience.

      Once they have total surveillance I kind of doubt the government will even need to go to an ISP or a warrant to get access to your inbox. Its really messy for them to have to go to an ISP because telling the sysadmin who the target is risks compromising the "investigation". It is much cleaner and simpler for them to just record EVERYTHING at the backbone so they can data mine it at will, and can hop in the way back machine to see in detail what someone did years ago without relying on an ISP to retain anything.

      --
      @de_machina
  5. Sure they do. by mindstrm · · Score: 4, Insightful

    "But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails.""

    It might be a bit far reaching... but come on, system administrators have had access routinely to people's mailbox contents since forever (on most mail systems). Not that we go around snooping on your mail, but we can and do have access to it, if it's plaintext, at any time. If you are sending emails through any provider without encryption and assuming that some staff at that provider are not technically capable of reading and copying your emails, you are delusional.

    This is not like snail-mail, where although you know the postman could open your mail, you also know he'd go to prison for it.

  6. Media Mail by jDeepbeep · · Score: 4, Insightful

    So how is it any different if I give an envelope to a USPS employee? It's no longer under my control, but I expect it to be private.

    I'm not sure about other types of mail, but media mail can be searched at any time, by any postal employee. The sign at my post office states this to be a fact, but I can't find the specifics on their website to give a link here.

    --
    Reply to That ||
  7. Not Just E-Mail. Anything in the "cloud" by wiredog · · Score: 3, Interesting

    As James Fallows asks in The Atlantic Are we naked in the cloud?

    But the reader's point is less about the ins and outs of this ruling than about the broader legal/privacy implications of storing information "in the cloud." When you're working in Google Docs, as opposed to using a spreadsheet or document that lives on your computer, have you essentially surrendered custody and control of that information? What if you rely on online "cloud" systems -- Carbonite, SugarSync -- to back up or sync your files? Have you given up custody of those files too?

    The answer he supplies is "yes" you have given up custody.

    --

    Best Slashdot Co
  8. Nothing changed for me. by daid303 · · Score: 5, Funny

    Because I use hotmail...

  9. /. may need to change the category name... by No+Grand+Plan · · Score: 5, Insightful

    ... because pretty soon we're not going to have any rights online.

  10. Caveat Lector by Grond · · Score: 5, Insightful

    From the essay: "Now, most of us don't have the expertise to comment on the legal technicalities"

    Mr. Haselton is, as far as I can determine, not an attorney and has no formal legal education. So bear in mind that the above statement applies to the author of this essay as well.

    You know how Slashdot contributors often bemoan poor science journalism written by reporters who obviously don't understand the subject matter? The same danger exists when people like Mr. Haselton, who is a freelance programmer, try to analyze and report on legal issues.

    Again, from the essay: "But in the game of analogies, we're all experts, insofar as we're qualified to comment on...whether our "expectations of privacy" in the two areas are similar."

    The expectation of privacy is a legal term of art. It does not simply refer to the individual's subjective feeling about whether he or she, personally, expects that a given communication, act, etc will or should be private. So, no, we are not all necessarily qualified to comment on the similarity of the expectation of privacy in two areas because there is a second, objective component of the expectation of privacy. The objective component is highly context-dependent, and its contours have been defined over the years by numerous court cases, none of which Mr. Haselton has cited, distinguished, or applied here.

    And this is the glaring issue with Mr. Haselton's essay: he has analyzed the opinion in a vacuum. He does not cite or apply any supporting precedent or statutes, nor does he distinguish the facts of the case from the precedents that the judge cited. This kind of reasoning is not legal reasoning, and it can easily lead to all kinds of errors.

    Note that I have, apart from the meaning of 'expectation of privacy,' refrained from critiquing the substance of Mr. Haselton's argument. It is possible that his argument could well win the day in an appeal; on the other hand, perhaps it is hogwash. I merely want the readers here not to be mislead into thinking that this is a rigorous legal argument or that Mr. Haselton is some kind of expert on the subject matter. Indeed, his lack of citations or argument from precedent would probably get him laughed out of court.

    1. Re:Caveat Lector by nomadic · · Score: 3, Interesting

      Yet he seems to have become slashdot's resident legal columnist. I don't think I've read anything of his that hasn't irritated the hell out of me.

    2. Re:Caveat Lector by TheRaven64 · · Score: 2, Informative

      I don't think I've read anything of his that hasn't irritated the hell out of me

      That's okay, I don't think I've read anything of his...

      You do know that we're not meant to click on the links in the summary, right?

      --
      I am TheRaven on Soylent News
  11. Re:/sigh by bertoelcon · · Score: 2, Funny

    I could see the internet being the highway, and every user (and their data) being a vehicle. Emails being about the size of a glove compartment and porn being the size of a fleet of wide mobile homes on the highway. It works better if you think of streaming as a carpool lane that doesn't get in traffic like everything else.

    --
    Anything can be found funny, from a certain point of view.
  12. Re:The #1 Lesson by King_TJ · · Score: 2, Insightful

    Umm... let me get this straight then? You believe it's an undeniable *fact* that email not only IS not private as it currently stands, but SHOULD not ever be considered private?

    I'd argue that in reality, the expectation of privacy for electronic mail by the general public is no different than the expectation of privacy they have for physical mail. Unfortunately, the implementation most often used today doesn't live up to the expectations people have. (People tend to think that because they can't check their mail without the proper login and password, that means the mail is "secure". They're used to thinking that passwords = security when it comes to computers.)

    With the right software and proper configuration, it's possible to encrypt all outgoing email automatically, and ensure it really is private. IMHO, it's too bad the systems administrators didn't foresee the need for this when paid customers (usually using dial-up modems with a local ISP) started signing up and trying this stuff out for the first time. (Perhaps the truth is, many of them rather *liked* the idea that if they so desired, they'd be able to snoop into the emails of any of their users, as desired?)

    Now, we're reaching a point where the courts are playing "catch up" with the technology, and they're starting to make legal rulings on this stuff. If it's codified into law that it's ILLEGAL to ensure emails have true privacy, that'd be a shame and a big loss for the userbase as a whole.

    I know companies like to claim that because they own the servers and the Internet connections the corporate emails travel over and get stored on, they own the "rights" to all of the employee emails as well. But to me, that's rather like an owner of an apartment complex claiming he/she can legally go through any of the tenants' physical mailboxes at will, because he/she owns the panel of mailboxes in the wall that it all gets put in! (Even in my apartment scenario though, the landlord could possibly get away with opening people's individual mailboxes, if all he/she was doing was counting the number of envelopes a tenant received each day, or was just reading the postcards before putting them back. The fact that most mail is inside an envelope that can't be opened without leaving behind evidence it was opened/tampered with adds another layer of security for the tenant. That's where our current email infrastructure is lacking. The law is effectively saying "Everything's written on the equivalent of postcards that anyone can see as they handle it, anyway - so why should we grant it any legal privacy rights?")

  13. Re:The #1 Lesson by Zerth · · Score: 3, Insightful

    The law is effectively saying "Everything's written on the equivalent of postcards that anyone can see as they handle it, anyway - so why should we grant it any legal privacy rights?")

    That's exactly why I don't care. When I send an unencrypted email, my mail server sees it, my router sees it, my ISP can see it, and 10 or 20 other servers between me and the destination mailerserver can probably see it too.

    If someone sends unencrypted mail, I don't feel in the least bit bad when it gets read. If you wouldn't send it on a postcard, you shouldn't email it unencrypted. If whomever you are sending it to can't deal with that, contact them by another method.

  14. Re:Not Just E-Mail. Anything in the "cloud" by cawpin · · Score: 2, Insightful

    The entire basis for this case is illegitimate. They are saying, since email is handled by a third party, the actual owner doesn't need to be notified. This would widely apply to damned near everything we do nowadays. My money is under the control of a third party, my bank. Does this mean they can get my bank records without notifying me? Does it mean they can search my house without notifying me? After all, I don't actually own it yet, the bank does.

  15. Re:First they came for your emails . . . by Chaos+Incarnate · · Score: 2, Informative

    (1) and (2) can be acquired via warrant served to the healthcare provider or the financial institution, same as with the e-mails in question. (3) is a red herring since you don't expose the contents of your apartment to the landlord in the ordinary course of business.

    --
    Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
  16. Public Storage by DeanFox · · Score: 2, Insightful


    So I rent space at a Public Storage facility that only I have the key to for $xx a month. In this 20'x20' storage facility, locker, room, whatever you want to call it are my personal belongings including boxes and boxes of personal financial statements, letters, etc. no different than if I had them at home in the attic had I the space.

    Because I have my belongings stored with a "third party" they do not need a search warrant to search my off site storage facility? I thought they did. If they do, how is this different than me storing bits and bites in a storage facility owned by a third party? Because they're bits and bytes rather than phyiscal boxes of documents?

    How is this different than my apartment? The storage facility labeled APT 2B in building six is owned by a third party. So the apartment where I live can be searched without a warrant? You know... My home is not paid for. Technically it's still owned by the bank, a third party...

    As far as solving all this computer usage eavesdropping and abuse when (in the $@#%@#) are we as programmers going to make encryption ubiquitous. Nothing is on a drive, sent via whatever protocol in the TCP/IP stack, email, P2P that isn't encrypted. Upon OS installation, like the user password we ask for an user/OS passphrase or whatever it takes that nothing and I mean nothing is available in cleartext on the server, in the cloud or traveling over a wire? When? The ASCII standard is what should be made illegal. This is one problem we CAN solve.

    JMHO
    -[d]-

  17. Uh-oh. Taxes! by Polo · · Score: 3, Funny

    Does this mean the IRS will find out about the MILLIONS of dollars people in Nigeria have for me??

    My taxes will go through the roof!!