IRS Can Read Your Email Without Warrant

kodiaktau writes "The ACLU has issued a FOIA request to determine whether the IRS gets warrants before reading taxpayers' email. The request is based on the antiquated Electronic Communication Protection Act — federal agencies can and do request and read email that is over 180 days old. The IRS response can be found at the ACLU's website. The IRS asserts that it can and will continue to make warrantless requests to ISPs to track down tax evasion. Quoting: 'The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 "Search Warrant Handbook" from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that "the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications." Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the "4th Amendment Does Not Protect Emails Stored on Server" and there is "No Privacy Expectation" in those emails.'"

Okay, so, just to be clear...

IRS good, but Russians, Chinese, Iranians bad, yes?

Live in fear only of half the world, but the IRS, we should be comfortable with THEM making our lives miserable, got it!

Re:Okay, so, just to be clear...

They're all jerks, but the IRS isn't going to nuke us. And in theory, we could potentially, in theory, actually force the IRS to act human. Maybe.

Of course, I certainly wouldn't object if someone did a little Regime Change on them.

Re:Okay, so, just to be clear...

[amiga3D]

I have no expectation of privacy at all. If I want something held private I'll be sure not to put it in a damn e-mail. Not just the government but all kinds of people can look at e-mail, it's less secure than frigging snail mail. Face it, you must be crazy to mention criminal shit in an e-mail or on any kind of phone. There are ways of getting secure messages around but those aren't included.

Re:Okay, so, just to be clear...

[skids]

For years us folks who run networks have been telling users not to write anything in an email that they would not put on the back of a postcard.

Problem is these days the kids don't know what a postcard is.

People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email and their ISP service, the same way a person walking around in the nude in their apartment does as long as they aren't standing in front of an open window. And no, fine print in the terms of use doesn't cut it in today's busy world, no more than a landlord busting in with a camera rolling on our nudist would be able to get over on pointing to the part of the lease that says they can enter to check the fire alarms. The IRS might lose this one if it gets taken to court.

Re:Okay, so, just to be clear...

IRS good, but Russians, Chinese, Iranians bad, yes?

Live in fear only of half the world, but the IRS, we should be comfortable with THEM making our lives miserable, got it!

IRS, IRA, sometimes it's hard to keep track of which is which.

Re:Okay, so, just to be clear...

[Synerg1y]

Obviously, the American people are A ok with this as it's been going on for a while now. Nobody's proposing a new plan or ECPA at that. Then again, the state of cyber law in the US is a joke full of loopholes and free passes. The real question is do you blame the IRS for doing what it legally can to function as an entity, or the people for allowing it?

Re:Okay, so, just to be clear...

[causality]

Obviously, the American people are A ok with this as it's been going on for a while now. Nobody's proposing a new plan or ECPA at that. Then again, the state of cyber law in the US is a joke full of loopholes and free passes. The real question is do you blame the IRS for doing what it legally can to function as an entity, or the people for allowing it?

There is plenty of blame to go around.

What I don't understand is this idea that the Fourth Amendment applies to one communications channel (say, postal mail) but not other communications channels (e-mail) that achieve the same transfer of information. I say the burden of proof is on those who assert this. What's the rationale here?

Re:Okay, so, just to be clear...

[Wookact]

Rationale? Because it is easier to do.

Re:Okay, so, just to be clear...

[SeanBlader]

This assertion is fuckin' offensive. If any member of Congress was caught using this method, it'd be a top story and the first bill said Congress person would next file.

Re:Okay, so, just to be clear...

Mqybe I missed something. Can you point at where anyone said something vaguely along the lines of "IRS good?" I have never even heard of a single American who doesn't viscerally hate the IRS with all their heart.

Re:Okay, so, just to be clear...

[gd2shoe]

The real question is do you blame the IRS for doing what it legally can to function as an entity, or the people for allowing it?

Both. The IRS is more culpable because they actually have their hand in the cookie jar. Legislators who know about this are also guilty, but that's harder to prove.

Re:Okay, so, just to be clear...

[networkBoy]

Given that some people post to their (public open) wall on FB their criminal exploits...
Good luck with the e-mail thing. People have no idea how the internet works. I showed someone a wireshark dump from their computer. E-mail, address, server, login credentials, etc. They were flabbergasted, but then said "but you have to be on my computer to do that...
tried to explain hops and how things get from point a to point b....
They didn't get it. /facepalm

Re:Okay, so, just to be clear...

[eugene6]

If postal mail passes through an IRS person's hands for some legal reason, I believe they are legally entitled to read all the postcards in your mail, as there is no expectation of privacy on them, given that they're postcards. Email is the same way: the contents are naked, written on the side of the packets for anyone on a given network segment to view if the traffic comes their way. Just as we put mail in envelopes, we should encrypt our email if it's not for anyone and everyone to read if they happen to be standing "near" it when it goes by.

Re: Okay, so, just to be clear...

It started with the "no reasonable expectation of privacy" doctrine, handed down by courts in years past, that actually made some kind of sense at the time. You can't (easily) stop someone from seeing you in public or who you might be with, etc.

All well and good, except that the doctrine has been abused beyond belief where technology is concerned, and the Supreme Court is too cowardly or too intimidated to fix it.

If I see you walking down the street but we've never met, unless you do something to call attention to yourself, I'm probably not going to remember much about you after too long except in very general terms. It is possible for me to record my observations, but there is a lot of effort in that. It is possible for the police to follow me around when I'm in public, but that is a lot of effort and it is an insurmountable effort to try to do that to large groups of people. Even taking pictures or video, where the abuse of this doctrine started, still requires a lot of effort to make information out of hours of video or thousands of pictures.

Until we get things like GPS bugs, cell phone location data, facial and automatic license plate recognition, etc. Here is the abuse writ large. It is now possible to have a searchable record of the whereabouts of people you didn't know you were looking for at the time. So....you may not be invisible in public, but do you have a right to not be thoroughly identified, tracked, and data mined? I think so. A lot of people do. The law is still very backwards in this and stubbornly avoids the question of whether the original doctrine is fatally flawed because we are humans in a human world being stalked by non humans with unknown and unannounced abilities.

The email problem is that the text of an unencrypted email can be read by anybody in the line of transmission. Postcards are similar. If I'm holding it I could read it. There isn't an expectation of privacy or secrecy there, though I at least would argue that I have reason to believe the US mail isn't constantly being spied on. It is not, or was not, practical to image every postcard in the mail system though. It is totally possible to capture every single email that goes by. Again, abuse of doctrine which was written before these things were practical at any scale.

Something's got to give, and it's got to give in favor of humans and against the subhumans and their machines who want to violate our privacy at every turn.

Re:Okay, so, just to be clear...

I know what you mean. Afterall the IRA is also funded by so many American's it's not funny!

Re:Okay, so, just to be clear...

Stop being so paranoid about people nuking us, you god damn warmonger. You're no better than those people who say the terrorists are going to get us to justify the TSA's existence.

Re:Okay, so, just to be clear...

Rationale? Because it is easier to do.

Yeah. Seek forgiveness after, not permission before. The USA gov't is such a !@#$ing mess, it's ridiculous.

Re:Okay, so, just to be clear...

Oh, and if you're a lawyer, continue to lie, cheat and steal; make shit up. If you're an agency's staff lawyer (or not) just tell the client what they want to hear. Don't worry, judges are lawyers too, as well as most politicians. You have to be pretty horrible (Prenda) to stick up above the froth of the rest. Your get out of jail card in case you're reversed? "Oh, I stand corrected. I won't do that any more." Then go on from there ("My hourly rate, my hourly rate, ...").

Re:Okay, so, just to be clear...

[tqk]

People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email ...

The other day, we were told that the DEA believed that Apple's iMessage service was unbreakable crypto opaque to them. Should those "People not so warned" believe they have a reasonable expectation of privacy using it? It turns out, that message is bogus and Apple stores iMessages, and can hand over decrypted cleartext. Should those "People not so warned" now believe they do not have a reasonable expectation of privacy using it?

Which is it? What are we supposed to believe? How the !@#$ do we get the law on our side when this level of wiggle room is involved? Was the game rigged recently, or has it always been this corrupted?

Re:Okay, so, just to be clear...

[Synerg1y]

Tampering with a mailbox is a felony, tampering with an email mailbox should be too. And me sending mail doesn't give the USPS a right to read.

Re: Okay, so, just to be clear...

[Synerg1y]

What hasn't quite happened yet is these privacy abuses hitting some high level people with resources, then the law will truly be tested and fingers crossed that it gets fixed then, but the only reason the IRS is able to snoop emails is because the law lets them, challenging it in court in a manner that presents email similar to physical mail would make it very difficult for the IRS to do so moving forward, however, such a challenge is 6-7 figure cost for the individual.

PAY YOUR TAXES !! CRIMS BEWARE !!

We look !! We will find !! We will get YOU !!

If you're not doing anything wrong...

obviously you have nothing to hide...

Re:If you're not doing anything wrong...

[mark-t]

Factually, *EVERYBODY* has something to hide... not because they are necessarily doing anything wrong, but because some things are simply private.

To anyone who would say that they agree with such a notion, consider asking them why ordinary people wear clothes daily. Clothes, after all, cover up one's body, and therefore hide it from view. If the only reason to hide something is because something is wrong, is someone who is wearing clothes necessarily saying that there is something necessarily wrong with their body?

Unless the person you are talking to is a nudist who also happens to firmly believes that other people should openly practice nudity as well (sort of like an evangelical nudist, I guess), or else thinks for some reason that everybody *does* have something wrong with their body, they should realize the inherent flaw in their previously held assumption once this is pointed out to them.

Re:If you're not doing anything wrong...

[K.+S.+Kyosuke]

"obviously you have nothing to hide..."

Have you ever needed to pee or poop when you were in a group of people? Did you just do it on the spot or what?

Re:If you're not doing anything wrong...

[CanHasDIY]

"obviously you have nothing to hide..."

Have you ever needed to pee or poop when you were in a group of people? Did you just do it on the spot or what?

Doesn't everyone?

Huh, that may explain all the odd looks...

Re:If you're not doing anything wrong...

[causality]

It seems that a key tenet of authoritarianism is the assumption that privacy is not legitimate.

Without the information provided by putting that into practice, it would be much more difficult to micromanage daily life. An income tax in particular is a control freak's wet dream: it provides both carrots and sticks that can be used to manipulate behavior. Unlike impersonal excise taxes or sales taxes, where the only relevant information is a dollar amount, an income tax inherently requires getting to know the mundane details of a person's life. You have to know who they are, what they do, what they've been up to lately, and you need invasive powers to make sure they aren't cheating or otherwise lying to you.

There is a reason why the Constitution had to be amended to allow for an income tax. As far as I know, that reason wasn't because the Founding Fathers never heard of such a concept.

Re:If you're not doing anything wrong...

[K.+S.+Kyosuke]

Huh, that may explain all the odd looks...

Are you sure the even ones were any better?

Re:If you're not doing anything wrong...

[steelfood]

Depends on how much alcohol was consumed just prior.

Re:If you're not doing anything wrong...

[alva_edison]

There is a reason why the Constitution had to be amended to allow for an income tax. As far as I know, that reason wasn't because the Founding Fathers never heard of such a concept.

The reason why the Constitution had to be amended is that the Fuller court (incorrectly) decided that whether income was from property or not determined whether it was a direct tax or duty. Prior to this ruling it was understood that an income tax was always a duty and not a direct tax, so did not have to be apportioned. The 16th amendment doesn't create the income tax, it just says that the income tax doesn't have to be apportioned even if under the Fuller interpretation it would be a direct tax.

Re:If you're not doing anything wrong...

[mark-t]

It seems that a key tenet of authoritarianism is the assumption that privacy is not legitimate.

It seems then, as I said, that a key tenet of such authoritarianism is the assumption that everyone ought to be a practicing nudist.

Re:If you're not doing anything wrong...

[Alex+Belits]

Huh, that may explain all the odd looks...

Are you sure the even ones were any better?

At least they weren't from people wearing stereotypical pirate outfits, as eyepatch automatically changes the parity of your look to odd.

Re:If you're not doing anything wrong...

If the only reason to hide something is because something is wrong, is someone who is wearing clothes necessarily saying that there is something necessarily wrong with their body?

Given the obesity rate in America, yes, something is drastically wrong and they should keep their clothes on.

Re:If you're not doing anything wrong...

I did it on her chest... there's a video of it somewhere

Re:If you're not doing anything wrong...

[HappyPsycho]

Can I get your SSN, bank account numbers and e-mail passwords?

Hmm, this person is hiding these details from me, he must be doing something wrong...

Turnabout!

Does that mean we can read their email?

Re:Turnabout!

[tnk1]

Yes, actually. Especially if you can get a FOIA request written in such a way as to include them. Not saying it is easy, but it could be done.

Assuming they don't simply delete them by default at 180 days. I know that many companies have an archival policy that requires you delete all emails older than 180 days, and they do so automatically on your inbox if you leave your mail in there. That wouldn't stop you from archiving your mail, of course, in some other place/folder.

Re:Turnabout!

[Applekid]

Yes, actually. Especially if you can get a FOIA request written in such a way as to include them. Not saying it is easy, but it could be done.

Maybe they might not return a big black box on a sheet of paper with the page number being the only thing that isn't redacted.

Re:Turnabout!

[RabidReindeer]

Yes, actually. Especially if you can get a FOIA request written in such a way as to include them. Not saying it is easy, but it could be done.

Maybe they might not return a big black box on a sheet of paper with the page number being the only thing that isn't redacted.

Hey! those page numbers are a matter of national security! No telling what a terrorist organization could do with a sensitive set of page numbers.

Re:Turnabout!

[tnk1]

Yes, but it's the government, so they'll probably find some way to screw up redacting it. For instance, by putting it in a Word doc, selecting highlight with black as the color, and then they send you the doc.

Re:Turnabout!

Does that mean we can read their email?

The IRS servers can potentially keep email for years. IRS employees could keep local email copies even longer (if they don't clean them out).
On the other hand, the IRS encrypts its email by default. The IRS figures that anyone who wants privacy would do the same.

I posted AC because I used to work for the IRS.

No expectation

[MyLongNickName]

I certainly expect my email to be private. Okay, I expect it SHOULD be private. But the bottom line is if you are storing your data on other people's equipment, you have no guarantee of anything.

Re:No expectation

[sheehaje]

How does anyone expect email to be private? I still scratch my head at how many times emails have been used for indictments, yet people feel it is a reasonable secure mechanism - and this is internal email....

Use encryption for sensitive data. We have a secure email system. It's reasonably protected. Sending plain email to the wild isn't.

The simple of it - if you are putting stuff in unsecured email that can be used against you for tax evasion - you're doing it wrong.

Re:No expectation

[MyLongNickName]

I agree. The difference is in the meaning of "expect". The IRS is using it in a legal sense, and they are wrong here. From a practical sense, one should not expect email to be confidential. From a legal aspect we should have that expectation.

Re:No expectation

[jedidiah]

The fact that something can be accessed with a court order does not make it public. Your personal papers are free from search and seizure. The fact that it's easy enough for a burglar to steal doesn't alter their private nature or your rights.

Re:No expectation

[tnk1]

I think here the IRS is making a poor argument. Yes, while your mail is in other hands, you can't expect it to be absolutely private. On the other hand, your snail mail, or your phone conversations also go over other people's equipment/hands too. What matters is not the reality of whether it *can* be intercepted, because the answer with communications is almost always "yes". What matters is if we make sure that we define a domain of expected privacy and hold to it.

It is clear to me that email, being person to person, or person to select group, is no less (or more) private than a letter passed through the mails. What is missing is a legal protection for that. The government wants to pretend it is different while there is no good decision or law on the case.

Re:No expectation

[gstoddart]

Your personal papers are free from search and seizure.

Except they've construed 'papers' so narrowly that unless it's actual paper in a file cabinet, it's fair game.

Your phone, computer, email, and everything else is somehow excluded from this.

Re:No expectation

[geekoid]

Are they? I haven't heard a good argument on why anyone should expect an email to be private. It's read and scanned by countless systems just to get it to its destination.

Hint:postcards aren't private either.

Re:No expectation

[sycodon]

So my regular (snail) mail is kept in U.S. Post Office bins, trucks, planes, etc. during its transit to destination. Because it's "stored" on/in other people's equipment, it's fair game?

Re:No expectation

[geekoid]

no, not at all.

If you had a postcard, and it was passed hand to hand from person to person, each person reading it to pass it on, you would have no expectation of privacy.
Not until you put it into an envelope.

With electronic communication that envelope is called encryption.

Re:No expectation

[Zcar]

Except in the case when your email is stored on a third party's server. There's quite a bit of case law that you don't have a legal expectation of privacy with regards to information revealed to a third party, e.g. emails stored on a web mail provider's server.

From the EFF (https://ssd.eff.org/your-computer/govt/privacy):
"...some Supreme Court cases have held that you have no reasonable expectation of privacy in information you have "knowingly exposed" to a third party — for example, bank records or records of telephone numbers you have dialed — even if you intended for that third party to keep the information secret. In other words, by engaging in transactions with your bank or communicating phone numbers to your phone company for the purpose of connecting a call, you’ve "assumed the risk" that they will share that information with the government."

It's certainly a reasonable interpretation that you knowingly expose the contents of you email to your provider and so it's not protected by the 4th amendment. Even if you encrypt it, the envelope (from/to addresses, etc.) wouldn't be protected.

Re:No expectation

[Sarten-X]

The IRS is using it in a legal sense, and they are wrong here. From a practical sense, one should not expect email to be confidential. From a legal aspect we should have that expectation.

I am not a lawyer, but this guy is, and he illustrates well how email is not legally private.

Re:No expectation

[Thruen]

Part of me does agree that you should encrypt sensitive data. On the other hand, if anybody else broke into and read your email, you'd never say it was your own fault for not encrypting it, nor would anyone else. Encryption can be a pain, and if you're emailing back and forth with someone who isn't computer savvy, there's a good chance they won't be able to figure it out anyway. Privacy shouldn't be an opt-in situation, you don't default to not having any because you don't go out of your way to keep it. We have laws that state you can't record a conversation that happens in public without their permission, I can't think of a time where you would have less of an expectation of privacy than a conversation in a public place, but even that isn't legal to record (State by state, check yours!) without permission.

Re:No expectation

[SirGarlon]

But the bottom line is if you are storing your data on other people's equipment, you have no guarantee of anything.

You have whatever guarantee the law and/or lawful contract provides. If you keep your money in a bank account (not a deposit box) then you are trusting the bank's guarantee they will not tamper with your balance. In most countries, that's a perfectly reasonable thing to expect.

You are not going to get very far in life without trusting your data to someone else's server. For instance, you can't file taxes...

Re:No expectation

[dougmc]

But the bottom line is if you are storing your data on other people's equipment, you have no guarantee of anything.

Does this argument also apply to meatspace?

If you're living in a place that is owned by somebody else, but you're paying rent on it, do you have any guarantee of privacy there?

If you're storing your stuff in a storage locker that you're renting, do you have any guarantee of/right to privacy there?

They're rhetorical questions, I do in general know the answers already, but really ... the answers regarding your e-mail, even if it's on a server somewhere, *ought* to be the same.

Re:No expectation

I host my own email server, so unless they know who sent it or who received it, my server could experience a catastrophic failure should the need arise...

Re:No expectation

So my regular (snail) mail is kept in U.S. Post Office bins, trucks, planes, etc. during its transit to destination. Because it's "stored" on/in other people's equipment, it's fair game?

Do you really think the government hasn't opened your mail?

Re:No expectation

[Jane+Q.+Public]

"Are they? I haven't heard a good argument on why anyone should expect an email to be private. It's read and scanned by countless systems just to get it to its destination."

No, it isn't.

The header is, but that's what the header is for. No intermediate system (or email server, for that matter) has any reason to read or "scan" anything in the body of the email. There just isn't any valid technical reason to do that.

I should point out that as far as "header" information is concerned (i.e., signalling required for source-destination communications), telephone lines are absolutely no different. There is source and destination information that is perfectly analogous to email headers, and then there is the "body" of the message: the actual voice content.

Yet people DO expect phone conversations to be private. So explain to me why there should be any difference.

Re:No expectation

A letter is more like an email - there is a modicum of privacy but, of course, the postman could, for example, steam open the envelope, read the letter, and reseal it.

A postcard is more like a blog post - the contents are there for anyone who handles/passes by to see.

Re:No expectation

[Jane+Q.+Public]

" There's quite a bit of case law that you don't have a legal expectation of privacy with regards to information revealed to a third party, e.g. emails stored on a web mail provider's server."

But there is no reason that emails on a server should be "revealed" to that party. Tell me: if you gave someone a sealed envelope and asked them to not read the contents -- even though there is absolutely nothing stopping them from tearing open the envelope and reading it -- does that constitute "revealing" the information?

An ISP has to take positive, affirmative steps to read an email that is stored on their server. Just as someone working for a phone company has to take positive, affirmative steps to access the content of a phone conversation, or your voice mail.

And voice mail, in particular, is comparable. Why should voice mails be private, yet emails not? Explain please.

Re:No expectation

[mk1004]

I'm wondering how this compares with snail mail. If I write a letter, hold on to it a few days at my home, mail it, the recipient reads it then holds on to it for some period of time. Except in cases where the sender or recipient voluntarily gives up the information, wouldn't a search warrant be required for any government official to get the info? They must get a warrant to search either house. They can't intercept mail without a warrant either, I believe.

For email, usually a user name and password is required for you to access your email client so that you can read or send emails. That implies, even if the email is transmitted in clear text, that some sort of privacy is expected. Just like wire taps on telephones, you should need a warrant to 'tap' into the net to capture emails as they are sent. Where I'm storing the email is irrelevant; username/password is something like a locked door, or even an unlocked door. Without probable cause, the government can't just walk in.

Re:No expectation

By your reasoning all non encrypted phone calls, non encrypted web traffic, any windows without blinds, etc should not need a warrant to be tapped either. Forgive me if I don't agree.

Re:No expectation

[Jane+Q.+Public]

"The fact that something can be accessed with a court order does not make it public. Your personal papers are free from search and seizure. The fact that it's easy enough for a burglar to steal doesn't alter their private nature or your rights."

The EFF is arguing in the courts that today, email definitely qualifies as someone's "papers and effects", and therefore is Constitutionally protected from seizure or intrusion.

Re:No expectation

[Jane+Q.+Public]

"With electronic communication that envelope is called encryption."

Definitely not.

For all practical purposes, that envelope is called SMTP.

Let's get this perfectly straight: there is NO reason that any intermediate relay OR your ISP should have default access to your email. In order to do so, they have to take positive action to access it... akin to opening an envelope.

Taking the concept of "envelope" as far as encryption is just wrong. SMTP and secure storage should be your envelope. Encryption is more like transporting your papers in a portable safe. Not the same thing at all.

Re:No expectation

[skids]

The catch is in the "knowingly exposed" part. Not all users know that by typing an IP address in a box called "SMTP gateway" in their mail client that they are exposing their email to a third party.

Re:No expectation

[DDWDDS]

I am surprised more people do not use any encryption technology like PGP encryption for Outlook, etc. You can send and receive encrypted emails all day long with no more effort than typing a regular email. One can never assume email is going to be private, even if you send an email to your attorney, there is always the chance it can be intercepted in-between or even when it's on the destination mail server. Encryption should be a must these days.

Re:No expectation

[RabidReindeer]

Are they? I haven't heard a good argument on why anyone should expect an email to be private. It's read and scanned by countless systems just to get it to its destination.

Hint:postcards aren't private either.

I am under the impression that actual separate envelopes for mail, at least as an everyday thing, are a fairly recent development. Farther back - when the US was formulating the laws about privacy that we're now busy shredding along with virtually every other ideal - a letter was "private" if you folded it up and sealed it with wax or a stamp.

Technically, I think even postcards are supposed to be "private", despite having their entire content in plain sight.

So just because email is transmitted over open channels in plain text doesn't mean that it should be any different than similar communications done on paper.

Disclaimer I: As far as I know, the entire concept of private communications is legally only guaranteed for as long as the transporters of those communications are the US Postal Service. Since most email travels through non-government channels, there's probably a loophole there. Mostly that the various private/corporate intermediaries wouldn't be held to USPS standards of non-snooping. It should still require a warrant for government inspection via those intermediates, though.

Disclaimer II: IANAL. The above is common-sense reasoning. Which is in short supply where people, corporations, governments and the law are concerned. Actual results can and most likely will vary.

Re:No expectation

[cervesaebraciator]

Telephone calls on a land line are not encrypted. They pass through a great deal of wire to get from point A to point B. Even so, the very notion of a reasonable expectation of privacy come from a case involving a call from a public pay phone booth. From the Wiki article:

The Court ruled 7-1 in favor of Katz, with Justice Black in dissent. Justice Marshall did not participate in the vote. Writing for the majority, Justice Stewart wrote, “One who occupies [a telephone booth], shuts the door behind him, and pays the toll that permits him to place a call is surely entitled to assume that the words he utters into the mouthpiece will not be broadcast to the world.” Certain details, such as shutting the door on the telephone booth, help determine if a person intends for a conversation to be private. Thus, private conversations can be made in public areas. Justice Harlan’s Concurring opinion summarizes the essential holdings of the majority: “(a) that an enclosed telephone booth is an area where, like a home, and unlike a field, a person has a constitutionally protected reasonable expectation of privacy; (b) that electronic as well as physical intrusion into a place that is in this sense private may constitute a violation of the Fourth Amendment; and (c) that an invasion of a constitutionally protected area by federal authorities is, as the Court has long held, presumptively unreasonable in the absence of a search warrant.”

This line of reasoning easily applies also to email especially if the burden of proof is, as it should be, on those who would restrict legal and constitutional protections.

Re:No expectation

[RabidReindeer]

So my regular (snail) mail is kept in U.S. Post Office bins, trucks, planes, etc. during its transit to destination. Because it's "stored" on/in other people's equipment, it's fair game?

Do you really think the government hasn't opened your mail?

The Postal Service has a legal right, and sometimes duty to open items for inspection. But that right was not granted in order to facilitate "fishing expeditions".

Opening them at the behest of other agencies, government or private, should only be permissible when a legal basis has been presented.

Re:No expectation

[RabidReindeer]

If you keep your money in a bank account (not a deposit box) then you are trusting the bank's guarantee they will not tamper with your balance.

Actually, that's not a good example. FDIC regulations, I think. The goddam gubmint guarantees your balance as long as it doesn't exceed the FDIC insurance limit, and despite all the recent shenanigans, there are some things that banks know better than to screw around with even today.

Deposit boxes, if what I'm told is true, have very little protection at all, once you get beyond the "big locked vault" part.

Re:No expectation

[Zcar]

Tell me: if you gave someone a sealed envelope and asked them to not read the contents -- even though there is absolutely nothing stopping them from tearing open the envelope and reading it -- does that constitute "revealing" the information?

Not exactly the same. It's more akin to sending a telegraph. "Here's this message, in plain text. Give it to this person." Your email provider is given the message in a plainly readable format with no protections (even as flimsy as a sealed envelop).

An ISP has to take positive, affirmative steps to read an email that is stored on their server. Just as someone working for a phone company has to take positive, affirmative steps to access the content of a phone conversation, or your voice mail.

Again, not exactly. The phone company doesn't store a recording of your phone conversations as a matter of course. Your email provider does.

The point here isn't whether it's right (morally, or even legally) for your ISP to turn this over but rather whether it's a violation of the 4th Amendment for the government to receive and use the emails with a warrant. And there's a clear argument that it's not. I don't know the argument would win in court (indeed, it didn't in the 6th Circuit), but it's not settled law across the United States. If it's not protected by the 4th Amendment, any protections are statutory, not Constitutional. And that can lead to seemingly similar things getting treated differently. I don't agree with this line, but the argument exists and I can't dismiss it out of hand.

I'm not an expert on the matter. Are voice mails held to be protected by the 4th Amendment, or are the protected by statute? If it's by statute, then they may well be treated differently than emails, receiving additional protects beyond those constitutionally required.

Why should voice mails be private, yet emails not? Explain please.

That shouldn't be the case. But that doesn't mean it's not the case. It sounds like you're expecting the law to make sense to non-lawyers.

Re:No expectation

Your link says no such thing.

Re:No expectation

This was described by PRZ way back in 1991. An E-mail is a postcard open and readable to anyone.

Encryption is trivial to do. S/MIME is available in almost all mainstream E-mail applications. PGP/gpg is available as well (and preferred since we all have seen CAs get compromised, and WoTs tend to be a lot more resilient overall.)

With the laws as they stand, the only place you have a chance/right to not be watched are at endpoints. The second the data leaves your machine/LAN, the upstream can do whatever they want with it.

Re:No expectation

[Ash-Fox]

My mail server scans the body for spam and various malware.

Re:No expectation

[mk1004]

You have whatever guarantee the law and/or lawful contract provides. If you keep your money in a bank account (not a deposit box) then you are trusting the bank's guarantee they will not tamper with your balance. In most countries, that's a perfectly reasonable thing to expect.

Obligatory "except in Cypress" comment.

Re:No expectation

[causality]

I host my own email server, so unless they know who sent it or who received it, my server could experience a catastrophic failure should the need arise...

They always told you to make backups, but you never listened. Damn, what a tragedy.

Re:No expectation

[mk1004]

Oops, Cyprus.

Re:No expectation

With electronic communication that envelope is called encryption.

Funny. I'd think that the analog counterpart to encrypting your email would be... hey, encrypting your letter.

Re:No expectation

[Xenx]

This is so very true. I've even sat there and explained to people(in simple terms) how email comes in to the server and then out to them and then the reverse when sending. A number of them still didn't get it and assumed the mail just goes directly to that single computer.

Re:No expectation

[cowdung]

I don't know about you.. but the terms of service I agreed to had some very strong language regarding privacy that do cause me to expect that my email would remain private. So I don't think the IRS would have a legal leg to stand on..

Re:No expectation

[EvanED]

Privacy shouldn't be an opt-in situation

This is the quote of the story.

Re:No expectation

I like that particular blog and all, but honestly, the link you provided has zero references to multi-party electronic communications that have been archived by a third party. I don't have time to search through his archives to find the comic that actually deals with expectations of privacy on such communications.

Is there an actually relevant link you could provide?

Re:No expectation

[Hatta]

Yet people DO expect phone conversations to be private. So explain to me why there should be any difference.

People expect phone conversations to be private, but they are not. Just a couple hours ago I got a call on my lab phone, picked it up and heard a conversation already in progress. Said "Hello" several times, and no one heard me. If something senstive was being discussed, I could have heard it all and no one would have known.

The reality of the situation is that any expectation of privacy is unreasonable unless your communication channel is encrypted end to end.

Re:No expectation

[LVSlushdat]

You forgot "Disclaimer III:" .. When a legal system becomes such a morass that it requires someone with 8+ years of schooling to make ANY sense of it, and the common man, who is expected to know EACH and EVERY law he's subject to, has to pay extortionate sums of money to hire someone to figure it out, and *try* to protect this common man from being ground up and spit out by the "Justice system", said "Justice systen" is FUCKED UP BEYOND ALL HOPE OF REPAIR.. yeah.. I know I could have just said FUBAR and 99.99% would know what I meant.. but the FUBAR-ness of America's "Justice system" is WAAAAAAAAAAAAAY beyond the mere old-school original military definition of FUBAR... Since our "representatives" no longer pay ANY attention to us, and when we do have an election, there is so much voter fraud.. such as dead people voting, or over 100% voter turnout in a given precinct, all of which occurred in the last election.. You will NEVER convince me that the 2012 election was not rigged by the left/unions... In short, we are well and truly screwed.. Its becoming apparent to anybody who is paying attention that BOTH sides of the isle are driving America over the cliff. I love this country, but its becoming apparent that staying here may not be an option for much longer, with no place to go thats not going down the same authoritarian road that America is.. I took "RestAndRecreation" leave in 1971 to Australia, and came very close to emigrating there after seeing the beauty of the country, but current events show they're going down the same road as we are, hell-bent on becoming a dictatorship, just like Obama's new America... I cry for America...

Re:No expectation

[Sloppy]

The header is, but that's what the header is for. No intermediate system (or email server, for that matter) has any reason to read or "scan" anything in the body of the email. There just isn't any valid technical reason to do that.

You're talking like a lawyer or civic rights advocate/idealist, and he's talking like a security-conscious person. You're saying there's no technical reason it's valid; he's saying there's no technical barrier which prevents it (unless you encrypted the body).

It's not that you're wrong; it's that people are talking about two different things.

And the fact that there are two different meanings of "expect", which are sometimes diametrically opposite, is what GP MyLongNickName was really talking about. You can argue 'til you're blue in the face about what some judge might say to a lawyer about what "reasonably expectation" people have and you might even be right as a matter of law, but any layman is going to be staring in shock at the abuse piled upon the plain meaning of words like "reasonable" and "expect." The law is not reality. With regard for communications security especially, we have all learned that the law is INSANE; we just like to pretend it's not insane, since in its delusion, the law happens to take We The People's side on this issue.

I don't mean it's insane as in immoral, or out of step with our desires; I mean it's insane in the clinical sense, like someone babbling in a psych ward about things that don't really exist no matter how much we wish they did.

And the only entity that you ever even might expect [literal usage, not legal] to respect the law, is a prosecutor (*) who could have the 4th Amendment thrown in their face. Everyone else who is reading your email, doesn't give a flying fuck about what you expect [legal]. And you should expect [literal] that whenever you give out secrets in plaintext and transmit them through untrusted SMTP systems to untrusted IMAP storage systems.

Yet people DO expect phone conversations to be private.

Wrong. The courts expect them to be private (**). People know better.

(*) Interesting how the 4th amendment reads as though it's a limit on the government's overall power, but the only time we ever really hear about it, is in discussions about the details of the criminal justice system's process. It's almost as though the people never took that amendment seriously.

(**) by default; except when they're not private, thanks to lawful warrants combined with the mandated insecurity of CALEA. I love how it is illegal for phone providers to offer a secure service, yet some people "expect" it to be secure. Did I say the law is insane? No, we are insane.

Re:No expectation

No intermediate system (or email server, for that matter) has any reason to read or "scan" anything in the body of the email. There just isn't any valid technical reason to do that.

Sure, as long as you're okay without any anti-spam or anti-virus processing before you receive the message.

Re:No expectation

Even on your equipment... fire up wireshark and have a look at how private your email really is: about as private as a cell call with speaker phone while shouting on a packed bus.

Re:No expectation

You're wrong. Just wrong. Most email systems that I've seen scan for malware/viruses, filter attachments and spam. The mail system I worked on in the '90s did some of this. Not to mention all the personal filters that email readers have.

Re:No expectation

[Gindjurra]

Your snail mail box is also someone else's equipment. Other people besides you have access to it. Does this mean you have no expectation of privacy for letters sent to you by the U.S. Postal Service? Of course not. The same applies to an electronic mailbox.

Re:No expectation

in the beginning, there was god, and there was a usenet like system that was from one person to many....

on the second day, god said let there be a system the goes from one person to another person... so that many could not see it...

that intention of only one seeing it... is what the word private means... ain't it...

how long till people get tired of this...

Re:No expectation

[Jane+Q.+Public]

With or without your permission?

Re:No expectation

[Jane+Q.+Public]

"The reality of the situation is that any expectation of privacy is unreasonable unless your communication channel is encrypted end to end."

You are talking about something completely different. In this context, "expectation of privacy" is a legal phrase that has certain conditions attached to it.

Re:No expectation

[Jane+Q.+Public]

"You're talking like a lawyer or civic rights advocate/idealist, and he's talking like a security-conscious person. You're saying there's no technical reason it's valid; he's saying there's no technical barrier which prevents it (unless you encrypted the body)."

Not really. What we were differing about is simply where to draw the line.

There is NO technical barrier to opening your physical mail. Yet society says it's illegal. Why?

If you can answer that, maybe you can answer why email should be any different.

Re:No expectation

[Jane+Q.+Public]

"Wrong. The courts expect them to be private (**). People know better."

No, it's not wrong and you are (incorrectly) nitpicking. The courts have ruled that The People have "a reasonable expectation of privacy" in their phone calls.

Re:No expectation

[shimage]

I know there are anonymous cowards that have pointed this out already, but the linked comic has nothing to do with email. Can you point us to something relevant?

Re:No expectation

No intermediate system (or email server, for that matter) has any reason to read or "scan" anything in the body of the email.

Spam filters you idiot. They work on more than just headers.

Re:No expectation

[b4dc0d3r]

You're confusing the conversation here (collective "you"). To be clear, if you use a third party mail service, you are bound by their terms of service, and the laws of the country in which they operate. Depending on where the service is provided and other jurisdictional quibbling of course.

Your argument seems to be more along the wiretapping vein - what they do without asking. That is a completely separate argument, and unrelated. The difference in the Warshak decision was that compelling a provider required a warrant. If the provider fulfills a request without objection, no compelling took place and no warrant is required. I can't tell why the ACLU would expect otherwise.

If I send mail outside of my country, I would not have any reason to expect those to remain protected by any statute or term of service, so that's effectively a public e-mail.

If I an in the United States, and my provider says they will comply with law enforcement requests, it doesn't matter what any law says. My provider will probably hand over information without a warrant. Any agency of the local or federal law enforcement can just phone, write, or ask in person for whatever they want to know. That's a public e-mail, no matter who expects it to be private.

Now, what if your provider says no, or has said no enough in the past that law enforcement doesn't feel like asking politely? This is apparently a corner case. And it is the only one to which your argument is applicable. And, your expectation of privacy is just as unrelated, because it is your provider's decision to fight the request on your behalf. If the agency gets a court order or warrant, it is constitutional and your expectation of privacy vanishes.

The IRS is saying that if they suspect tax evasion, they will ask your provider for e-mail records. They will use strong-arm tactics like the Electronic Communication Protection Act to encourage hesitant providers. They will do anything and everything they can to get your mail, legally, without a warrant. This is not surprising, nor is it a Fourth Amendment violation. Fourth Amendment protections are from illegal searches, not legal ones. If they ask for records and your provider provides them, that's a legal search. If they compel the provider without a warrant, that is currently neither constitutional nor unconstitutional - it is undecided outside of the Sixth Circuit. Opine and argue if you like, but it is undecided. And outside of the Sixth Circuit, an appeal could be decided in favor of the government.

But here's the catch. No one who has mail with a third party provider is going to have standing to question the legality of a search when the provider did not object. You may have a complaint against your provider, but that will change neither the policy of law enforcement nor the law.

Argue about principles all you want, but unless you specifically choose an e-mail provider which guarantees they will reject any requests other than court-ordered, you have nothing to complain about except your poor choice in provider. If you send mails to a provider without those same terms, your sent mails could become private. Your recipients could voluntarily turn over your mails without a warrant, for that matter.

The only question is, does such a provider exist? It would be awfully expensive to have a fleet of lawyers to take on fighting every request until reaching the Supreme Court.

... the IRS hasn't told the public whether it is following Warshak everywhere in the country, or only within the Sixth Circuit.â

This only matters if the provider objects, and the IRS does not feel like getting a warrant, and the provider is outside the Sixth Circuit. If there were a known case of this, I think the ACLU would be fighting for that person instead of tilting at windmills here.

Re:No expectation

[b4dc0d3r]

The sword guy, who had a personal expectation of privacy, but didn't have a legal expectation of privacy. Sarten-X was replying to this, which is clearly incorrect: "The IRS is using it in a legal sense, and they are wrong here. From a practical sense, one should not expect email to be confidential. From a legal aspect we should have that expectation."

Legally, you would not have that expectation, and the link illustrates why. And you probably would have a personal expectation unless you really understand how SMTP operates "under the hood".

You send mail to your provider to relay to someone else, and expect to have privacy. Since the hardware where your data resides is property of the provider, it's essentially their house, not yours. Since this thread is about expectation of privacy, it seems relevant to me. Putting your personal information outside of your personal domain removes your legal expectation of privacy, even if your personal expectation is that the contents of your account are private. You don't even have standing to object, so the question of constitutionality does not even come up.

The article, however, is about the ACLU wanting the IRS to apply the Sixth Circuit ruling to the IRS policies operating outside the Sixth District. In fact, it can continue to ignore the ruling in the Sixth District and just take the chance that if it comes to an actual court case it will lose.

It may convict enough people before someone fights back and it gets fined that it is worth it to risk. If the provider cites Warshak, IRS just falls back on a warrant. An ignorant or acute provider would let themselves be compelled. The acute provider would then inform you and let you fight your own legal battle, which you might lose through incompetence or ignorance on your representation's part.

The ignorant provider would let you find out on your own that:

1) this was illegal
2) the evidence should be suppressed
3) you should file your own lawsuit against the IRS
4) The IRS punishment should go beyond just suppressing your e-mails

The IRS is under no obligation to apply Sixth District rulings outside of Michigan, Ohio, Kentucky, and Tennessee, and the ACLU has no way to make the IRS do so. If a provider is not compelled to give up your e-mails, then Warshak v. US doesn't even apply, and the IRS doesn't need a warrant to conduct a constitutional "search".

So the link is maybe 5% relevant, in case that helps. But it was interesting.

Re:No expectation

[grantspassalan]

If a judge gives permission, it is not illegal for law enforcement to steam open a sealed letter and read its contents. Society just does not see fit to extend this to email.

Re:No expectation

[marka63]

With a telegram you have a telegraph operator who types up your message for you then sends it. With a postcard you have a sorter / deliverer who reads the address and sees the message even if it is not read. Neither process is fully automated.

With email you type up your own message and send it into a system that does not require human interaction to deliver the message. The only time a human other than the intended recipient sees a email is when there is a delivery error.

Re:No expectation

[grantspassalan]

The United States with its Constitution will soon be no more. We have been and still are to an extent the only world power holding up the coming of a world dictator who will soon take power. The UN and the world bankers will soon crown this world ruler. Obama and his administration are working feverishly that this can happen sooner rather than later.

Both the prophet Daniel (700 BC) and Jesus Christ foretold of a coming time near the end, when there will be a totalitarian world dictatorship. There will be no place on the planet that will be beyond this dictators reach. In the New Testament he is labeled "the antichrist". He will preside over the final war of humanity, the war of Armageddon.There is a way out for individuals, but discussing that here is out of place.

Re:No expectation

[marka63]

You mean the encrypted data streams. :-)

SMTP, IMAP, POP all support encrypted data streams. There really is no reason these days for email to be sent in the clear other than laziness.

Re:No expectation

Bullshit. When I use an ISP to hold email for me, I certainly expect that they do that as a (sub)contracted service. I pay my ISP for internet access, including transission, reception, and transient storage of email. They in turn, have peering arrangements with other ISPs, regarding transmission. I "trust" them the same way I "trust" the post office.

I don't expect my email to be unreadable in the technical sence, unless I encrypt it, but I do expect it to be unlawful for the state to get it without my permission or a search warrant.

Of course, I've taken steps to sink my own email for decades, so the storage point is moot, but the transmission (giving rise to the possibility of interception) remains a problem.

Re:No expectation

[grantspassalan]

Cyprus is only the most recent example, but this sort of thing has happened many times in other countries. My parents lost all their money they put into savings in banks in Hitler's Germany. This happened also in the US after the Civil War where Confederate money became worthless, whether in a bank or in a mattress.There is absolutely nothing that says that this could not also happen to the US dollar.

Re:No expectation

[Jane+Q.+Public]

"If a judge gives permission, it is not illegal for law enforcement to steam open a sealed letter and read its contents. Society just does not see fit to extend this to email."

But that was my point. I was wondering when somebody would see it. Actually two points:

(1) This is not a technical issue. The line can be drawn wherever society decides to draw it.

(2) Society SHOULD decide to draw the line such that email is private.

Re:No expectation

Call the cat by it's name. You really want to IRS to acquire their information illegally. That is your ticket out. The last thing a tax fraud, or any of the fancy lawyers would want is for the IRS to actually comply with the law. IRS will continue to acquire illegal evidence until it is used against a big fish. While the smaller fishes are going to pay their fines, the big fish will pay his lawyers.

Re:No expectation

People expect phone conversations to be private, but they are not.

Yes, legally they most certainly are. You are confusing technical aspects with legal ones. Hopefully by accident. This discussion is about the legal side of things. I hope this helps.

Re:No expectation

Mod parent up, please. Actually, all of parent's posts in this discussion. Jane Q. Public gets it.

Re:No expectation

[Ash-Fox]

With or without your permission?

It never asks, so it never got it.

Re:No expectation

The United States with its Constitution will soon be no more. We have been and still are to an extent the only world power holding up the coming of a world dictator who will soon take power. The UN and the world bankers will soon crown this world ruler. Obama and his administration are working feverishly that this can happen sooner rather than later.

Both the prophet Daniel (700 BC) and Jesus Christ foretold of a coming time near the end, when there will be a totalitarian world dictatorship. There will be no place on the planet that will be beyond this dictators reach. In the New Testament he is labeled "the antichrist". He will preside over the final war of humanity, the war of Armageddon.There is a way out for individuals, but discussing that here is out of place.

I think you need to have your medications checked.

Re:No expectation

[Zcar]

Which may be the crucial difference. But I don't know that it's an open and shut case. Does that make a legal difference? I hope it does.

Re:No expectation

[SirGarlon]

The point I was trying to make that those FDIC regulations protect your account balance: whether the guarantee comes from the government or the bank is hard to sort out, because both have obligations that contribute to the guarantee.

It is theoretically possible to do the same thing with email privacy. Imagine if the FCC required Internet service providers to provide reasonable safeguards on privacy, instead of requiring them to violate it. Would that be a better world?

Re:No expectation

[Zcar]

Another wrinkle is some email providers look at your email as a matter of business for various (advertising, marking spam, etc.) purposes. Would these emails then be protected?

Assume emails would enjoy 4th Amendment protection if the email provider doesn't know the contents. Even if they're only scanning headers, it seems to me there's an argument that the email provider now knows what your headers contain and I'd guess the IRS or other government agencies could glean quite a bit from that as well as who you're sending to and from. If they're scanning the contents as well, are they still protected?

Re:No expectation

[Reziac]

Back in the days of dialup, because that email went over a telephone line, it was held that it did require a warrant. However, this was also taken to NOT apply if it went over a network. (There was a court case over it, tho that's all I remember about it. This was back so long ago that broadband was rare.)

Re:No expectation

[Reziac]

I'm wondering how they can hold that email (a collection of electrons) isn't private, ie. privately owned by its author, but an MP3 (also a collection of electrons) is indeed private property that could be 'stolen'.

Either falls under 'effects', ie. "your stuff".

Re:No expectation

[Sloppy]

The courts have ruled that The People have "a reasonable expectation of privacy" in their phone calls.

The courts were mistaken, or they said that before Congress (and other governments) enacted law that mandated phone service providers make sure that phone calls aren't private, or they said that before the people read all the news stories which provided evidence that the aforementioned law was being used, or they said that before the combination of CALEA (and -alike laws) and technical incompetence ("lawful intercept" is not the source of all our problems), resulted in the proliferation of unusually-easy-to-tap systems which have sometimes been exploited by parties other than (!) law enforcement.

The courts have the power to rule that messages shouted in the town square shall be legally treated as private, but they don't have the capacity to make such messages be private or make people think they're private. Don't you see the difference?

This is what I meant by the two usages of "expectation." You're right that the courts declared you have a reasonable expectation that your phone call is private. But others are right, when they say that your reason tells you to predict or believe (the other meaning of "expect") there is a significant risk of your phone conversation not really being private. You know, for sure (this isn't even a matter of risk or tinfoil hat territory) that your phone service provider deliberately went to extra trouble and expense to reduce the privacy of your phone call. And (much of the time) you don't know what other systems and media that your phone call passes through or how secure they are, which is very much unlike the situation your grandparents faced in 1970. The person on the other end might be using a 2.4 GHz cordless handset without any crypto at all, or they might be using Skype, or there might be some other obscure VoIP link with broken key exchange, or whatever. In some ways, this stuff (even when it uses crypto, if done with the wrong priorities) can be worse for privacy than a plaintext signal on an analog wire.

You can feel confident that if you say something incriminating in that phone call, and someone in Law Enforcement happens to be listening illegally, they won't be able to use that particular statement as evidence in court (but it won't be private; the knowledge will be known and the LEO will now know it might pay off to begin investigating you legally). You can feel confi^H^H^H^H^H hopeful that if someone other than LE is listening and you can prove it, you might be able to have them prosecuted. But none of this will actually impact, much, your estimate of how private the conversation is. And that estimate is far lower than someone's estimate would have been a few decades ago. This, your estimate of how private it really is, is what I (and any other non-lawyer layman) mean by "expectation of privacy." You don't think it's private; you hope it's private, and believe that sometimes the government may take your side in punishing those who take unfair advantage of your known-false hope.

The danger here, is that eventually the courts are going to wake up to the actual realities; the courts may someday realize that people don't really believe some forms of communication to be private, and then they'll change their mind about whether the false-privacy will remain virtualize and the fiction given legal protection. The legal sense of expectation, is going to shift toward the real-life expectation. I think we've seen a lot of this within the example of email.

The good news is that we actually have the capacity, at the endpoints, to make our communication become secure, and gain a reasonable expectation of privacy which

Re:No expectation

Encryption is more akin to writing all you correspondence in code. The recipient then has to decode the message. Opening the envelope only gets the carrier a paper full of gibberish.

The safe analogy is just a heavier envelope. I can still open it and read your letter if it isn't encrypted.

Re:No expectation

But the bottom line is if you are storing your data on other people's equipment, you have no guarantee of anything.

As opposed to communication using the phone lines/satellites/antennas that each of us own?

Re:No expectation

[marka63]

The messages are processed automatically and are not read by humans other than the recipient. They are reject or filtered to a "SPAM" folder. The expectation of privacy is still met. The ISP is processing the email for acceptance or rejection, it is not redirecting it to another party. Additionally the checks are being done on behalf of the recipient and can often be disabled by the recipient.

Re:No expectation

[Zcar]

How is it met? On what basis does that maintain the legal expectation of privacy (which is definitely NOT the same as, "I expect them to keep it private.")? Why does it matter that it's a machine examining the content or a human being? And, you asking them to do so on your behalf isn't material: once they have the information it's out of your control unless there is a legal expectation of privacy or other legal protection.

There are counter examples where there is not expectation of privacy surrounding information likely not viewed by any human, e.g. your bank transactions.

If you read the EFF link I included above you'll find this:

As the Supreme Court has stated, "The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." This means that you will often have no Fourth Amendment protection in the records that others keep about you, because most information that a third party will have about you was either given freely to them by you, thus knowingly exposed, or was collected from other, public sources. It doesn’t necessarily matter if you thought you were handing over the information in confidence, or if you thought the information was only going to be used for a particular purpose.

Also:

There may be privacy statutes that protect against the sharing of information about you — some communications records receive special legal protection, for example — but there is likely no constitutional protection, and it is often very easy for the government to get a hold of these third party records without your ever being notified.

IMO it's far from clear that emails stored on a third party server would receive constitutional protection under the 4th Amendment if/when this gets to the Supreme Court. There do seem to be some limited statutory protections in place.

An analogy might be postcards. If you send a letter in an envelope the contents enjoy 4th Amendment protections (but the to/from addresses do not). If, on the other hand, you write a postcard, the contents are NOT protected by the 4th Amendment regardless of whether anyone actually reads it because it is exposed to anyone who may look. Similarly, for a plain text email stored on a third party, any employee of the third party with sufficient privileges can look at your email. If this analogy holds, then there's no 4th Amendment protection from such an email. I don't see that it really matters if it's exposed on a physical object or exposed in a file. Ultimately, you decide to hand it over to a third party in a form they can read at which point there's a pretty strong argument you lose the reasonable expectation of privacy.

That said, I think email should be protected. But 4th Amendment protections may not apply and statutory measures are needed.

Re:No expectation

Case law is irrellevent when it contradicts fundamental rights.

Legal professionals are in a position of ethical conflict of interest with respect to the primacy of case law. The more cases allow fundamental rights to be infringed, the greater the fear the public has of the legal system, and hence the greater the demand for legal professionals to "protect" the public from their own government. Greater economic demand, of course, leads to greater income and job security, given the inelastic supply of legal professionals.

Ethical conflict of interest leading to increased business for legal professionals is the primary reason why we have so many cases (and laws) that infringe the 1st Amendment ("no law") and the 2nd Amendment ("may not be infringed") in US legal history. The trend continues with respect to fundamental rights that are less explicit, such as rights arising under the 9th Amendment ("retained by the people") and the 10th Amendment ("reserved to the people").

Unfortunately, the long history of USA legal professionals choosing not to act ethically in situations involving ethical conflict of interest (it's not an accident that the USA is known as the "land of the lawsuit", for example) suggests that this situation will not reverse without a major public effort, comparable to the Civil Rights movements of the 60's (which, while on the surface was about stopping racial discrimination, at a more fundamental level was about reversing illegal laws that infringed fundamental rights on a massive scale).

Under Nuremberg, of course (applicable to US law under the 9th Amendment), even if IRS officials are told they are allowed or required to violate fundamental rights, they must nevertheless refuse to do so.

In other news...

[crypTeX]

The IRS has a secret legal opinion that they CAN use lethal drone operations on a citizen noncombatant living in the United States.

Re:In other news...

Dead people don't pay taxes. It's only the threat that would be effective.

Re:In other news...

[therealkevinkretz]

oops.

http://triblive.com/x/pittsburghtrib/news/pittsburgh/s_720838.html

http://www.irs.gov/irm/part5/irm_05-017-013.html

Re:In other news...

[tnk1]

The IRS? Not a chance. Killing their targets would be too easy. What the government doesn't tell you is that the real bad terrorists are forced to sit through an audit. Twice.

Re:In other news...

[RabidReindeer]

oops.

http://triblive.com/x/pittsburghtrib/news/pittsburgh/s_720838.html

http://www.irs.gov/irm/part5/irm_05-017-013.html

One of the advantages of being a non-profit organization is that you can (and they cheerfully will) do things that cost way more than they recoup just to set an example.

Re:In other news...

Notice I said people.

But govt email is classified

We don't have reasonable expectation of privacy to our electronic communications, but apparently the govt does. On top of that we pay for it.

Re:But govt email is classified

[Em+Adespoton]

This is interesting actually
I should template all my email with

CLASSIFICATION DETERMINATION PENDING
PROTECT AS SECRET//SI/TK//NOFORN//X1

I wonder if it would be legal for me to read my own mail? Or would it just be illegal for most government agencies to read it?

Almost worth tagging everything with that just to see what automated systems it gums up ;)

Re:But govt email is classified

[BlueStrat]

We don't have reasonable expectation of privacy to our electronic communications, but apparently the govt does. On top of that we pay for it.

Government animals are more equal than others. Questioning Big Brother is double-plus ungood. You are on the list. Say 'hello' to Winston for us when you join him..

Strat

Re:But govt email is classified

[blueg3]

If you followed the procedures for storing classified information to store your personal communications, you would have a reasonable expectation of privacy and the government would need warrants to read your e-mail. Just encrypt any electronic data in transit or stored on publicly-accessible systems, keep paper documents and unencrypted electronic systems (which never connect to the Internet) under lock and key, and only send data to people who agree to follow the same procedures. Even better if you only ever let your data onto publicly-accessible systems when it's absolutely necessary, rather than when it's convenient.

Re:But govt email is classified

[gewalker]

Sarah Palin's personal account on Yahoo Email was hacked the guy that did this - got a 1 year sentence as a result. How is this any different in principal from getting into her email account vs. the IRS getting into email, other than the IRS being a bunch of government thugs?

Re:But govt email is classified

[grantspassalan]

The government is allowed to do a number of things that you as a citizen are not. They can supply guns to Mexican drug dealers, they can print the money and make war in other countries as well as other things. Congress critters and top administration bureaucrats also exempt themselves from Obama care and other laws.

Re:But govt email is classified

Anon US Government drone, here.

We're told that all our electronic communications are subject to oversight (regularly) and review (in case of legal issues). If I want to visit dodgy sites, check my personal email, or access my bank records, it's best to do so on my own connection so that they don't get automatically indexed by our IT folk.

Maybe it's that I'm not working for law enforcement/military?

But Do People Really Expect Privacy?

[dcollins]

With this kind of "No Expectation of Privacy" thing that comes up (re: emails, phones messages, etc.) -- Hypothetically, what if someone did a scientific survey of U.S. residents and asked: "Do you expect that your stored email messages are private from the government? Do expect that the text messages stored in your phone are private from the government?". Then would there be any possibility that the results of such a survey would be usable in a future court case to knock down such foolishness?

Re:But Do People Really Expect Privacy?

That's the wrong legal argument.
It's not 'by the government' - the government in this matter has no especial place as a violator of privacy.

Re:But Do People Really Expect Privacy?

[SirGarlon]

The "expectation of privacy" argument is bogus anyway. Here's how it works:

1. Government violates citizens' privacy in {airport, government building, email, whatever}

2. Citizens expect government to violate privacy elsewhere based on pattern of past abuse

3. Government justifies next abuse of privacy based on 2.

If I wanted to prove by mathematical induction that there is no such thing as privacy, this is how I would do it. What part of:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated

is so hard for the courts to understand? It seems the only wiggle room is what's "unreasonable," and I thought once upon a time that meant "without a warrant."

Re:But Do People Really Expect Privacy?

[b4upoo]

The entire legal issue of privacy is schizophrenic. Government agencies can now decode almost all encrypted material with ease. So how can they claim no expectation of privacy of emails? After all, some email is encrypted. Now picture a hacker breaking into the servers of a large corporation and simply looking around. What is the difference between a hacker viewing a corporations emails on their servers and a government agency viewing your email on Yahoo's servers? In essence we have lost the idea of the sovereignty of the individual being as vital as the sovereignty of the state or the corporation. So we have moved from a system based upon equality,law and natural and legal rights to a system that compels the subservience of the individual even when no wrong doing by that individual is suspected. In other words some people cheat on taxes and therefore we must have the right to examine all people. Yet we pass laws that give some people entirely different rules by which taxes can be applied. We even allow entirely different systems of accounting.
                    This is exactly why many people fear more gun laws. Look what has gone on with the income taxes. First income taxes were declared to be temporary to overcome and emergency shortage of funds. Then they became permanent. Then they became more and more oppressive. And now they want not only the right to audit and insist upon record keeping but also demand covert searches of emails.
                        Meanwhile an ignorant public relies on the notion that laws can fix things. Only laws the we can afford to truly enforce combined with real rehabilitation for offenders has any chance of working at all. As it stands already we don't enforce even 1% of our current laws. Yet we support an expensive congress whose only real power is to pass more laws. More gun control laws will do no good what-so-ever. We just had a lunatic run into a college in Texas and use a box cutter or some sort of razor knife to slash up 14 students. Passing gun laws is about as silly as passing laws against the public owning a box cutter or steak knife.

Re:But Do People Really Expect Privacy?

because the authors of the constitution failed to enumerate "and data on remote servers with a private account".

the 10th amendment has been dead for awhile now.

Re:But Do People Really Expect Privacy?

[tnk1]

They do appear to be swayed into making their decision based on what is popular at the time, so polling like this could fuel a different judgement eventually as attitudes shift.

Now, should it work that way? Probably not. The courts are at most, to interpret and clarify the law, and that interpretation probably should be consistent no matter what the time period. Otherwise, they are effectively legislating. Having legislative power bleed out into the executive and judicial branches does tend to blur separation of powers.

Re:But Do People Really Expect Privacy?

Semi-auto weapons were used to kill approximately 500 Americans last year..and Obama wants them banned.
According to government stats, 25 people are killed each day by illegal aliens (that's 9,000 people a year)..and Obama wants to legalize them. Does anyone at all believe gun control has ANYTHING to do with saving lives????????

Re:But Do People Really Expect Privacy?

[idontgno]

The entire legal issue of privacy is schizophrenic. Government agencies can now decode almost all encrypted material with ease. So how can they claim no expectation of privacy of emails? After all, some email is encrypted. Now picture a hacker breaking into the servers of a large corporation and simply looking around. What is the difference between a hacker viewing a corporations emails on their servers and a government agency viewing your email on Yahoo's servers?

One of the great architects of current Executive thinking crystallized the philsophy best:

Well, when the President does it, that means that it is not illegal.

President Richard M. Nixon, Interview with David Frost (19 May 1977)

Re:But Do People Really Expect Privacy?

This is why I run my own mail server at home...They DO need a warrant to gain access to my server.

It's sucks, but they're sorta' right.

[preflex]

Really, if you're not encrypting your email, you have no reasonable expectation of privacy. If your communications are in plaintext, being passed around from server to server in plaintext, it would be absolutely stupid to expect that would be in any way private. It's about as private as a postcard: no envelope, all information plainly visible to anyone that handles it..

Re:It's sucks, but they're sorta' right.

[iggymanz]

oh? if you're not encrypting your landline call you have no reasonable expectation of privacy? how about a snail-mail letter? e-mail does have an "envelope" to protect it, it takes either the equivalent of "wiretapping" for the government to get it in transit, or username/password to pick it up as regular user. however weak we know those protections are as geeks, the government should be held to warrant whenever it tries to stick its nose in a citizen's business.

Re:It's sucks, but they're sorta' right.

more like, if it's plain text you expect that someone could intentionally read your email if they so choose, thereby invading your privacy. maybe it's trivial for them to do so, but the expectation is that it's somewhat private. maybe similar to mailing a letter in a transparent (or semi-transparent) envelope. maybe the contents are trivally accessable if one wants to peek in, and using such an envelope is perhaps naive with regard to what others might do, but still.. it's expected to be private, to a degree.

Re:It's sucks, but they're sorta' right.

[h4rr4r]

You are correct on the landline.
If you expect that to be private you are very naive. All phone lines should be assumed to be tapped at all times.

Regular mail is likely safe, but not very trustworthy. International mail is not safe and very likely to be opened.

Re:It's sucks, but they're sorta' right.

[emt377]

It's not illegal for a service provider to read email they've stored for you. The only thing preventing them is internal policy - a google employee found reading email would likely be fired. But there's no criminal act there. By comparison, a postal worker who opens letters and reads them will go to prison. A telco worker who taps your phone likewise. Email isn't considered more private then you make it, so doesn't have legal protections.

Re:It's sucks, but they're sorta' right.

[Em+Adespoton]

The thing about email, is there's not even any expectation of an expected routing path -- and anything leaving your jurisdiction is fair game as far as interception goes.

As a result, an email going from you to someone else in your local state-based company may go through some router that's not even physically in your country -- and your country's government has no restrictions against inspecting private correspondence upon (re)entry to your country. Not to mention wherever it went in the meantime.

Since you can't guarantee where an email actually goes, you can't logically (or legally) expect privacy.

That doesn't even get to the minefield of storing your sent/received email "in the cloud"....

Re:It's sucks, but they're sorta' right.

[darkfeline]

No, not really. If I leave my door open, then very likely I'll be robbed. But does that make the robber's actions legal? No. Just because your email is plaintext and "asking to be read" doesn't make it okay for anyone, let alone the government, to read it at leisure.

Yes, postcards aren't very "private", but there's a certain expectation of privacy, that everyone in the mail service will refrain from reading it as much as possible, and won't gossip, hand it to other people, share private info, etc. Again, chances are, someone is going to do just that eventually, as many people are assholes, but that doesn't justify it. Especially the government has no excuse for doing so.

Re:It's sucks, but they're sorta' right.

[geekoid]

You suffer form delusions of paranoia.

Re:It's sucks, but they're sorta' right.

Google has an entire department set up for their employees to read your emails, warrant free, and give them to whoever pays.

Re:It's sucks, but they're sorta' right.

[Predius]

Clarification - In the US a service provider can view customer content on or transiting their equipment IF IT'S REQUIRED FOR NETWORK OPERATIONS. IE if there is a mail delivery problem an ISP IT monkey would be ok trolling through mailbox files looking at the smtp headers. Same ISP IT monkey would NOT be legally in the clear if he decided on a random Tuesday to read customer Bob's email for fun. If he went further and acted on the contents of Bob's email he'd really be setting himself up for a legal hurting.

Re:It's sucks, but they're sorta' right.

[Amouth]

You know i wonder if you could argue another angle, the "and effects". Every e-mail I write is my own work, which has it's own copyright. the Media industry has pushed extremely hard for more than a decade to have digital copies of copyrighted works be treated as if they were physical goods. under that logic, them copying/reading my e-mails is equivalent to them stealing my personal copyrighted works.

Just a random thought to throw out there.

Re:It's sucks, but they're sorta' right.

[PortHaven]

Well, you didn't use a strong enough encryption on your door. I used a bump key. "ALL YOUR VALUABLES ARE NOW BELONG TO ME"

Re:It's sucks, but they're sorta' right.

So you and how many other geeks send each other encrypted emails? Do you send each other official decoder rings? Does your Mom have one?

Re:It's sucks, but they're sorta' right.

[h4rr4r]

No, I am cautious.
I know that 99.999% of the time my phones are not tapped. I don't know when that .001% is so I must treat the phone as tapped 100% of the time.

Re:It's sucks, but they're sorta' right.

[phantomfive]

And yet, he's right. Tapping a normal phone line is the easiest thing in the world, you can learn how to do it in an hour or less.

The question isn't whether your landline is private, the question is whether anyone cares enough to listen in on your conversations. If you want to be sure that your communication is secure, don't use a landline phone.

Re:It's sucks, but they're sorta' right.

[h4rr4r]

Non-landline phones are not substantially more secure. Setting up fake towers and such is well known. Slashdot had an article about it in the last week.

Like I stated I bet my phones are never tapped in my life, I am too boring. Since I cannot be sure of that, I must act as though they always are.

Re:It's sucks, but they're sorta' right.

[the+eric+conspiracy]

It's only legal for a service provider employee to read your email if he is doing so as part of the technical requirements for providing the service. Otherwise it's a criminal offense.

If he does read it, it is illegal for him to disclose the content to others.

Re:It's sucks, but they're sorta' right.

Really, if you're not encrypting your email, you have no reasonable expectation of privacy.

Really, if you have windows on your home, you have no reasonable expectation of privacy.

Oh yeah, that's right. Step out of that shower, all wet and hot. Giggity.

Re:It's sucks, but they're sorta' right.

[h4ck7h3p14n37]

Citation please?

I'm pretty sure the provider is within their rights to assist law enforcement without requiring a warrant. Warrants are required if they don't want to do so voluntarily.

IANAL, but I don't think users of IP networks get the same protections as users of old-school telco networks.

Re:It's sucks, but they're sorta' right.

[ClioCJS]

You have provided a moving target via the intellectually dishonest tactic of morphing the original question - Is there privacy - to a new question - Is it exploitable. Shame.

Re:It's sucks, but they're sorta' right.

[Montezumaa]

I must have missed the portion of the Fourth Amendment to the US Constitution that requires me to encrypt my "...papers, and effects..." In order to receive protection against "...unreasonable searches and seizures...". I always had to obtain a warrant, and would never have acted otherwise, regardless of whatever unconstitutional laws or orders from superiors, when I was pursuing any person I suspected of committing the violation, or violations, that I was investigating. The issue is that agents and officers are yet another check in the system, and said people are required to refuse illegal orders and not utilize any authority that violated the Constitution, or the law.

There are punishments for violating an individual's rights, including Title 18 U.S.C., Section 242.

Re:It's sucks, but they're sorta' right.

Really, if you're not encrypting your email, you have no reasonable expectation of privacy.

So how is it decrypted? With a key?

How does the recipient get the decryption key? By email? Through a web site? What prevents a man-in-the-middle? A certificate authority?

How can you trust the certificate authority? Maybe the certificate authority didn't do a good job at authentication. Or maybe they will collude with the authorities and enable a man-in-the-middle.

Or will you physically meet every recipient and hand them your key on a slip of paper?

Maybe the federal government will set up a central site for authentication and key distribution. But before you know it, they might cooperate with the IRS...

Re:It's sucks, but they're sorta' right.

It would be foolish to not lock the door to your house, but you'd still have a reasonable expectation that nobody breaks in. We "expect" people to behave according to social norms. Making it impossible or irrational to act otherwise is something else. Plus, e-mail encryption is rare enough to be ignored for this discussion.

Re:It's sucks, but they're sorta' right.

[iggymanz]

you are confused, I don't care about a random punk getting his jollies listening to me tell my wife sexual things, we're talking about government which in fact does have prevention for casual wiretap and moreover then using that in court. That's true even with patriot act, etc.

Re:It's sucks, but they're sorta' right.

[phantomfive]

Yes, but once again the question is whether anyone cares enough to listen to your line (ie, go through the process of getting a warrant in the best scenario) or not.

IRS needs to go

[emho24]

The US tax code needs a massive overhaul and simplification, and the IRS simply needs to be dismantled.

Maybe I should send that as an email so the IRS will read it.

Re:IRS needs to go

[h4rr4r]

The entrenched tax preparer industry would never allow that. They need complicated regulations to exist. If we simply made all income tax X% above Y dollars and Z% above W dollars, then made business taxes X% on Y profit they would be out of jobs. There are likely billions of dollars in the tax preparation, avoidance and evasion industries. From the guy at the HR block to the lawyers helping the 1% setup trusts in the Caymans there are simply too many folks in those jobs to allow simplifying the tax code.

Re:IRS needs to go

[ISoldat53]

Or another solution is if the IRS doesn't win a case, that citizen doesn't have to pay any taxes for the period of time that they were in jeopardy of.

Re:IRS needs to go

[geekoid]

"The entrenched tax preparer industry would never allow that."
HAHAHahhaha.

They very people you seem to think would benefit from a complex tax code actually benefit from simpler tax code.

Re:IRS needs to go

[Anne_Nonymous]

Well, that would certainly fix the overabundance of lawyers in society.

Re:IRS needs to go

You want to bet they want a simpler tax code? => TurboTax Maker Funnels Millions To Lobby Against Easier Tax Returns

Re:IRS needs to go

The US tax code needs a massive overhaul and simplification

The tax code is set by Congress so it can only be changed by Congress (with Presidential approval or a veto override by Congress). So contact your congress(wo)man and senators and ask for some simplifying changes.

Good luck with that and let me know how it works out for you.

Re:IRS needs to go

[h4rr4r]

Please explain.
If tax preparation was simpler, far less of these people would be employed. They could not charge as much either. Heck, entire tax avoidance/evasion schemes would go away. When all income is taxed the same way there will be no need to move some income into various investments and schemes to avoid paying taxes.

Re:IRS needs to go

If tax preparation was simpler, far less of these people would be employed.

Exactly. Those people wouldn't have to worry about taxes at all!

And the few that remain will have a vastly easier time doing their own taxes.

Everybody wins!

Wow. I kind of meant that sarcastically, but yeah, honestly - everybody wins. I'm sorry, dying industries need to be allowed to pass. The fact that refuse - as a society - to grow a pair and tell fools who refuse to retool/retrain to deal with their unemployed funtimes - is slowly destroying our economy. These turds shouldn't count as 'everybody', because they sure as hell don't want to pitch in and do their share.

Gah, and now I sound like some kind of Communist. Their share is, you know, taking personal responsibility for their own well being. And probably improving their station in life by learning, rather than coasting by on past achievements.

CAPITALISM IS HARD D:

Re:IRS needs to go

"The US tax code needs a massive overhaul and simplification" and "the IRS simply needs to be dismantled" might prove to be counteracting in a federal state such as the US, although it probably would give tax lawyers lot more work state by state. Republicants will never allow the raise in taxes following the simplification and the demockkerycrats will never allow a fair and balanced tax code reformulation. The states would never allow the necessary raise in federal power over tax legislation following the simplification.

Re:IRS needs to go

Most of the CPAs and the majority of the industry is focused on business accounting not individual citizens. There are all sorts of quarterly filings, semi-annual and annual filings and regulations at every level from the local township to the Federal government that constitute taxes in one form or another. If the IRS is dismantled there is still plenty of work for them and there would be more customers for them with less regulation and a more free marketplace.

As explained to me by CPA relatives that work for large public auditors, and they want simplified flat filings for individuals and businesses.

fine line

[deodiaus2]

Where does this stop? If the IRS can search your mail, why not the other agencies. Maybe the forestry department thinks you have printed the document on paper which was from an endangered pine tree.
I guess if you had encrypted that email, you would also be expected to provided a decryption key because of some other law about citizens having access to encryption technology. Shit, I bet even rot13 is considered an encryption technology.
I heard about a story about some guy who was growing pot inside his house and out of view. Apparently, if a cop can smell the pot, he has "probable cause" to search the premises. The case went to the Supreme Court because the cops brought a drug sniffing dog, which indicated that there was pot inside, and that was "probable cause". This case seems to have lost, but just like "The Miranda Rights", which were quickly regressed within 2 years of that ruling.

Re:fine line

[sconeu]

Shit, I bet even rot13 is considered an encryption technology.

Yes, it is. Ask Dmitri Sklyarov.

IIRC, Adobe used ROT13 and claimed it as an "Effective Access Control" method under the DMCA.

Re:fine line

[causality]

The drug-dog loophole certainly is convenient.

What is a trained drug-sniffing dog, if it is not a (living) device for the sole purpose of performing a search? Using a dog to search your home or your car is not fundamentally different from the cop just using his hands and his eyes to search the same places. Yet the dog gives a cue and *poof* there goes your Fourth Amendment.

Of course they have to have such a loophole to keep up the War on (some) Drugs. A war on drugs (really a war on personal freedom) simply couldn't be conducted by the federal government under a reasonable reading of the Constitution. So we're losing some of our more precious rights and freedoms in exchange for being able to ineffectively tell other people how they should live. What a bargain.

Email is Plaintext

[rmandevi]

By default, email is plaintext. It isn't sent in an envelope, it's more of an electronic postcard. You aren't guaranteed a particular routing, so email may pass through any number of ISPs of varying nationality, legality, and morals. You want privacy? Use encryption.

In snailmail, enveloped mail has an expectation of privacy, postcards less so (if at all). Email is not snailmail. All it takes is a packet sniffer in the right place to read your mail, not even much of a cracking package. So there is no de facto privacy. The only expectation of privacy comes from people who keep expecting email to behave like snailmail, and it's a false expectation.

The case that the fourth amendment applies to unencrypted data sent across arbitrary connections is weak. I'm no fan of the IRS, and they are often above the law and a law unto themselves, but I don't think that applies here.

Re:Email is Plaintext

[iggymanz]

by defaut, an analog telephone cause is plain speech.....

Re:Email is Plaintext

Wait... wait... wait...

Email ISN"T private because if you have the "gear" (software/hardware, skills to use it/access to the place to use it/them) it's easy to see. But snail mail, in an envelope, written in a common language IS private... And all it takes is a letter opener?

Why is this thinking bizarre to me?

Re:Email is Plaintext

[GigsVT]

Email isn't private because it can be relayed through any server on the Internet, in plain text.

Complicated email routing these days isn't as common as it used to be (though, with third party spam services, it's getting a little more complicated once again), but it used to be common for a server operator to handle a large volume of email that wasn't intended for them as the final destination.

The protocol is inherently insecure by design, and there should be no expectation of privacy. Any mail server admin on the Internet could read your email in theory.

Re:Email is Plaintext

Any mail server admin on the Internet could read your email in theory.

Any admin of a server your email passes through, you mean. Just like how any letter carrier could open your snail mail letters.

Re:Email is Plaintext

[whoever57]

Email isn't private because it can be relayed through any server on the Internet, in plain text.

A lot of my email is encrypted between servers using SMTPTLS. It's not going through "any server on the planet", although the packets may be going through any router on the planet. There is a significant difference. The routers don't decrypt the email (unless there is an active MITM attack) and so there is some expectation of privacy.

Re:Email is Plaintext

[h4ck7h3p14n37]

DNS providers as well. Remember when outfits like GoDaddy were returning bogus MX records for non-existent domains?

Re:Email is Plaintext

[ClioCJS]

So if your door's lock is insecure, that means you have no expectation of me not robbing you? Fucking crazy, man.

Re:Yea because this happens all the time

[TWiTfan]

The IRS gonna read yo' mail!!!

Only after they get in line behind the FBI, NSA, DHS, any bored state cop, any bored local cop, any corporation that feels like it, your ISP, etc.

But dare to be a private non-corporation-affiliated citizen and we'll thrown your ass in jail forever for even accessing information public information, you terrorist motherfucker!!

BFD

So can Google.

why do we need a password?

[MacColossus]

If I didn't have an expectation of privacy, I wouldn't password protect it.

Re:why do we need a password?

Quite the reverse, you need a password to access the email in your account, that password is the expectation of privacy, that is the envelope equivalent of physical mail.

Re:why do we need a password?

[h4rr4r]

To protect it from other users, not the server admin nor police. Also to prevent others from pretending to be you, again not the server admins as that would be trivial.

Re:why do we need a password?

[CanHasDIY]

To protect it from other users, not the server admin nor police. Also to prevent others from pretending to be you, again not the server admins as that would be trivial.

It would be trivial for my mail carrier to open the envelopes I place in his care as well, but still not legal.

Re:why do we need a password?

[The+Rizz]

Also to prevent others from pretending to be you, again not the server admins as that would be trivial.

It's trivial for anyone to pretend to be anyone else in email. Servers never verify sender information.

Re:why do we need a password?

[h4rr4r]

Actually smtp can require Auth, it is normally done on port 587.

Re:why do we need a password?

[The+Rizz]

SMTP only requires AUTH when you're sending out of their domain. You can always connect to the receiving server and give it mail claiming to be from whoever you want.

Re:why do we need a password?

[h4rr4r]

Only if that person is not in the same domain.
Junking all mail from user@domain.com to user@domain.com that did not use auth is not uncommon.

Helpful for profiling

This citizen received 300 emails from ebay and 150 emails from Bodog and Betonsports.eu.
Elivated likelihood of major tax evasion.

Time for an encrypted email service.

I think they just invented...

[MasseKid]

a new renewable energy source. All we have to do is put some magnets on our founding father and the amount of energy they exert spinning in their graves over this and things like this would power the whole united states with some to spare.

Re:I think they just invented...

[Entropius]

I'm racing you on that one -- I want to cut a hole at the top of the Capitol Rotunda and replace it with a turbine, powered off of the hot air coming out of the folks inside.

Re:I think they just invented...

[wierd_w]

Sadly, the decadent lifestyles often enjoyed by said windbags consumes a substantial quantity of energy, so the overall net production rate of politically powered enegy genration is going to be remarkably poor.

Supernatural patriarch electrodynamos, however, are clearly over unity.

Re:I think they just invented...

[geekoid]

You should probably read their papers and letters before making such a statement.
You might be surprised at how little they would be turning over.

Re:I think they just invented...

"Supernatural patriarch electrodynamos, however, are clearly over unity."

That's not a sentence you read every day.

Re:I think they just invented...

You want to generate electricity, not re-create a cosmic rebirth (Big Bang)!

Residence?

[Jeremiah+Cornelius]

Relocate.

Citizenship?
Renounce.

Bug out now, Mr. and Mrs. America. Before they lock the gate.

Or? You didn't think all that TSA and "no fly list" was to keep people out, did you?

Re:Residence?

Yeah, but bug out to where?

Any ideas on locations that might be better?

No expectation of privacy

Well, the IRS has no reasonable expectation of my paying taxes either.

Why no CEO convictions then?

[tekrat]

If the IRS can read email without a warrant, then it should be EASY to convict nearly every overpaid CEO in the USA who hides their money via creative accounting and tax dodges. Why have there been no convictions then for the 2008 Economic Crash where the fatcat bankers stole trillions and then got free billions to cover their losses? Surely that money can be traced and found and certain wall street types convicted if the IRS is reading *their* emails.

Oh, but they aren't -- because those people own the government. Because those people are "too big to fail". Because those people have friends in high places and lots of lawyers to defend them. They aren't easy targets, even though they are big targets.

No no, prosecutors want easy convictions from people with no means to defend themselves, using the same tactics as high school bullies -- pick on the weak.

The IRS reading your mail? Pfft. It's to keep the proles in line. The elite have their own laws and their own justice that flows from power. The rest of us just try to survive under the heel of their boot.

Re:Why no CEO convictions then?

[GigsVT]

Why would they need to trace the money? The fed was the one writing the checks to people and foreign governments to buy the worthless junk MBS. They know where it went.

Re:Why no CEO convictions then?

[geekoid]

becasue they didn't steal it. You should probably try to understand that.
The vast majority of them made reasonable decisions based on the information they had. The people creating the information were the problem.

Of course there where a few that did actual illegal things. Make a bad investment is not illegal.
Getting paid to make investments is not illegal.

The loosening of requirements is the big issue.

Re:Why no CEO convictions then?

[phantomfive]

it should be EASY to convict nearly every overpaid CEO in the USA who hides their money via creative accounting and tax dodges. Why have there been no convictions then for the 2008 Economic Crash where the fatcat bankers stole trillions and then got free billions to cover their losses?

Because they didn't break the law. They knew the law, and were careful to instruct their underlings to not do anything that would land the CEO in jail. I don't even know why you think they broke the law. Who told you that?

Re:Why no CEO convictions then?

[tekrat]

It sounds to me like you have poor information regarding what took place before the 2008 crash. Banks were taking the bad mortgages, packaging them into complex financial instruments that were impossible to understand, and then selling them to their clients as AAA+ rated securities (paying off Morningstar to even rate them as such), and then privately betting against these securities because they knew they were junk. What part of FRAUD do you not understand. They did break the law. To the tune of thousands of billions, and they all got away with it. Many in fact, got huge bonuses for fraud.

The CEO of HSBC did not lose his job or go to jail for laundering Hundreds of Billions of dollars for drug cartels, terrorists and even helping to flow money to Iran for their nuclear program. The Bank was fined $1.6 Billion, but that's it, nobody went to jail. My guess is that the fine didn't even impact their bottom line in the slightest, and even if it did, they'll lay off 100 people who had nothing to do with it, and raise fees on their customers to make up for the impact (if any). No top dog's bonus will be affected.

Re:Why no CEO convictions then?

Warrant-less email search may not apply to a CEO. If their email was hosted on their company's private email server I don't think it would technically fall under the abandonment/no expectation of privacy categories they use to request emails from publicly available email servers. It would be no different that the IRS demanding access to the CEO's office at the company's headquarters. Additionally, if they had used a personal publicly hosted email account for their wrongdoings they were probably smart enough to remove the incriminating email from the server. Then it may not be retained by their email provider and the IRS would have nothing to request.

Disclaimer: I'm not a lawyer

Re:Why no CEO convictions then?

The SEC and Fed (ie. the bank regulators) have access to ALL electronic communications in financial institutions. Even many phone calls are recorded. There's basically no privacy in finance with your regulator. Fabrice Tourre certainly learned this when his *emails to his girlfriend* were used by the SEC and quoted out of context to embarrass him.

It might be hard for you to believe, given your exaggerated beliefs, but not much illegal activity went into the 2008 crisis. It was caused more by widespread optimism (real estate asset bubbles) than any malice.

Re:Why no CEO convictions then?

[LordNightwalker]

Oh, but they aren't -- because those people own the government. Because those people are "too big to fail". Because those people have friends in high places and lots of lawyers to defend them. They aren't easy targets, even though they are big targets.

As amusing as that little stark raving mad streetcorner lunatic act was, I believe it has more to do with big companies running their own mail servers instead of relying on third-party providers. It's easy for the IRS to request emails from an ISP since it's not in the ISP's interest to antagonize them by protecting a $50/mo customer's privacy. It's quite different if the company you're sending an email access request to is the very same company you're investigating.

Don't want the IRS to read your mails? Do as I did for years: run your own IMAP server at home and have all your mails forwarded to it. I did it for technical reasons, but it's equally applicable to this situation. Of course, that only works for as long as they don't decide they should also have access to mails in transit. I'd suggest using encryption, but good luck getting all your contacts to adopt it...

TLS and private mail server

[Gothmolly]

So, when you have TLS and a private mailserver, how does this work exactly? Who are they tapping?

Re:TLS and private mail server

[GigsVT]

If you don't host the server yourself they could always go to your hosting provider, but I assume this is more about gmail/comcast/etc.

Re:TLS and private mail server

[blueg3]

If you're hosting the mail server yourself, it doesn't work. They're only absolved from the need for a warrant when a third party is storing the data on your behalf.

Is it that hard to get a warrant?

[RobXiii]

I don't get all these government arguments for warrantless this or warrantless that. Shouldn't we err on the side of the constitution? Is it that hard to get a warrant??!

Re:Is it that hard to get a warrant?

[wierd_w]

Warrants, as defined in the constitution, must cite specific papers, and specific places. You can't get a constitutionally aboveboard warrant to go "fishing".

Since the government is looking for unidentified persons who may be infringing, so that can then identify and prosecute, they really can't get a warrant.

This is intentional. The limitations on how warrants work were *intended* to frustrate magistrates and government agents.

Making it "easier" for them is how you lose your freedoms.

Re:Is it that hard to get a warrant?

[Reziac]

That sounds good in theory, but in practice, if the cops want to raid someone, they can always find a judge willing to sign a warrant.

private property rights?

[roman_mir]

Of-course this is IRS, they are above the law, they don't have to comply with any laws, their entire operation is completely lawless, not based on any laws. They are used to violating your private property rights, that's what income taxes are - a violation of your private property rights. They are used to discriminating against people, that's what graduated ('progressive') income taxes are - discrimination against individuals, the laws are not applied equally. They are used to taking away your freedom of movement.

Saying that your email is not private is not something out of character for IRS.

Just because some third party hosts your emails it doesn't mean they are not your property, there is your NAME on it, the company gave you your space. Is your BANK ACCOUNT your property?

Re:private property rights?

[fascismforthepeople]

Why do you care? You said there should be no public property, and in your fantasy fascist world there would be no private property, either. Property would only be corporate or soon-to-be-corporate. Private property would be a thing of the past in your fantasy world. Your world would do that to further produce wealth and excess for the wealthy, and fascism for the people.

Where do I get privacy?

[characterZer0]

Do I get privacy if my mail is stored on a mail server in my house that I own? What if it is a colocated server that I own? What if it is a rented server? What if it is a VPS?

"No Privacy Expectation"

[fustakrakich]

So why do we need passwords to log in then? And let's stop calling it email, and call it e-postcards..

Re:"No Privacy Expectation"

[fustakrakich]

Oops, mark previous post redundant... I feel so very sorry

Moral of the story

[Ukab+the+Great]

Be careful about what you put into writing; if it will be read your bestest friend, it will also be read worstest enemy. Tried and true security strategy used for millennia.

Sarah Palin email hack

[TerraFrost]

The Sarah Palin email hacker should have used that line! "Mrs. Palin has no privacy expectation". Might have saved him from his misdemeanor conviction of "unauthorized access to a computer".

Re:Sarah Palin email hack

This is spot on! There is no way government officials by into the "no expectation" of privacy when it comes to their own email accounts...

Re:Sarah Palin email hack

Might have saved him from his misdemeanor conviction of "unauthorized access to a computer".

Why? He was convicted of doing exactly that. He wasn't convicted of violating Palin's privacy.

Then should the government expect privacy?

Shouldn't the government be transparent and release emails over 180 days old? Especially non-critical stuff: Interior department, Education, Housing, etc.

Re:Yea because this happens all the time

FBI, NSA, DHS, any bored state cop

I don't worry much about law enforcement or intelligence services. Outfits like the IRS or the EPA are a much bigger threat to my life.

So wrong.

[Thruen]

Have you ever rented a home? By your logic, you have no expectation of privacy in a rented property or hotel room. You might be interested to know that it's already well established that (outside of television) your landlord can't even consent to a police search of your property, unless they meet the normal requirements for such consent such as if they also live there. Your email being stored on a server is like that, you're renting the space from the server owner, according to the terms they set forth when you signed up for the account. Unless those terms say they can go through your email or grant permission for others to go through your email, this is still illegal. I'll admit, laws regarding the physical world and the internet don't line up 1:1, but suggesting that there should be no privacy at all on the internet because of the way the internet works is a bit nuts.

Re:So wrong.

[MyLongNickName]

I think the two terms are being confused, and we are actually agreeing on our positions.

I agree there is a legal expectation of privacy.
I know that there is not practical expectation of privacy. That is why you should encrypt email if you care about privacy.

Re:So wrong.

[Thruen]

Ah yeah I see what you mean now. I do agree!

Re:So wrong.

[nabsltd]

Have you ever rented a home? By your logic, you have no expectation of privacy in a rented property or hotel room. You might be interested to know that it's already well established that (outside of television) your landlord can't even consent to a police search of your property, unless they meet the normal requirements for such consent such as if they also live there. Your email being stored on a server is like that, you're renting the space from the server owner, according to the terms they set forth when you signed up for the account.

Although I agree that e-mail providers should require warrants to release e-mail to any government agency, there really is a big difference between the two examples you cite.

The term "house" is specifically used in the text of the 4th Amendment, and courts have basically ruled that this term refers to your home, whether that's a building you own or a single room in a shared apartment...essentially your "personal living space", where a polite person would be required to ask permission to enter. On the other hand, the e-mail on the server is no different from you giving your personal papers to any random third party, mostly regardless of the relationship, with a few exceptions.

One of these exceptions would be your lawyer, so a solution to the e-mail search issue might be for you to pay the e-mail provider a retainer to be your legal counsel. Then, the effect is that you are storing your correspondence with your lawyer, and that should give you the privacy of lawyer/client privilege. The e-mail provider would, of course, have to have a lawyer who is licensed to practice law in your state for this to have a chance of being valid.

Re:So wrong.

[Jane+Q.+Public]

"I agree there is a legal expectation of privacy. I know that there is not practical expectation of privacy. That is why you should encrypt email if you care about privacy."

In that case I agree too, except that I have some problems with the "practical expectation of privacy" choice of words.

It takes MORE work for an ISP to find and view an email of yours on disk, than it does for a postal employee to open an envelope. Yet when people send physical mail, they have a "practical expectation of privacy".

I assert that the "practical expectation" comes from what should be a social and legal barrier to opening and reading the file, just as there is currently a social and legal barrier to opening the envelope. After all... there is absolutely nothing else stopping anyone from doing it.

Having said that, of course the only way to be sure is to encrypt your email... but the exact same is true of regular mail a well.

Re:So wrong.

> a bit nuts

Indeed. And:

rea-son, noun: the power of comprehending, inferring, or thinking especially in orderly rational ways; proper exercise of the mind; the sum of the intellectual powers.

rea-son-able, adjective: being in accordance with reason.

Re:So wrong.

[causality]

The term "house" is specifically used in the text of the 4th Amendment, and courts have basically ruled that this term refers to your home, whether that's a building you own or a single room in a shared apartment...essentially your "personal living space", where a polite person would be required to ask permission to enter. On the other hand, the e-mail on the server is no different from you giving your personal papers to any random third party, mostly regardless of the relationship, with a few exceptions.

Yes, because if the standard were the other way around, people would have too much privacy and obviously that would bring society to its knees!

I think the difference is that the case law pertaining to your dwelling was established long ago, back when people thought the USA was special, back when the USA would ridicule many other nations of the world for treating their citizens more like subjects who had no rights, only privileges. Electronic communications were invented long after the US government became something much more sad and typical, interested only in the expansion of its own power via the flimsiest claims to legitimacy.

<sarcasm>Because as we all know, anyone familiar with people like Thomas Jefferson would immediately understand that the Founders really did mean only physical hardcopy paperwork. Obviously, these men who wanted The People to be respected and left alone by their government when it came to things like postal letters and private notes definitely wanted The People's privacy completely trampled should any new medium of written communication come along. Duh.</sarcasm>

Just think, some of the Founders were opposed to having a Bill of Rights at all because they feared that other rights not specifically mentioned in the Constitution would be overlooked!

Re:So wrong.

[Thruen]

I'm not sure what big difference your pointing out in the way the law should be carried out, you seem to agree that you need a warrant to obtain emails, which is the same case as searching a house. As for the 4th Amendment using the term "house" specifically, it actually says "persons, houses, papers, and effects," so there shouldn't be any difference at all in the way it's interpreted for your email, unless you want to claim that because people use digital documents now instead of actual paper there are no rules.

Re:So wrong.

[lahvak]

There is a difference in email, though. An unencrypted email message gets transferred through any number of other servers, ones that you have absolutely no legal agreement with, and anybody with admin access to those smtp servers can intercept and read your message. I believe that is what they are talking about when they say there is no expectation of privacy.

Re:So wrong.

[grantspassalan]

The problem is that as soon as anything leaves your house, different rules apply. Whether this is a physical object or some information is irrelevant. If you want to transport a physical object from point A to point B, you would have to put it into an uncrackable safe and then ship that safe. Good strong encryption is the safe for information. Laws will only protect you and your property, as long as all parties are law-abiding. People and our governments are increasingly ignoring laws and doing whatever they want.

Re:So wrong.

[serviscope_minor]

On the other hand, the e-mail on the server is no different from you giving your personal papers to any random third party, mostly regardless of the relationship, with a few exceptions.

You mean just like giveing letters to a random third party like the nice man from the post office, Fedex or UPS or even some random courier?

Re:So wrong.

[Reziac]

But if it only applies to a "home", then no warrant would be required to search a business.

Re:So wrong.

[Reziac]

And they forget that the Constitution, and in particular the Bill of Rights, is not a set of limits on what the People may do. Rather, it is a set of limits on what the *government* may do.

However, the common modern misinterpretation is that it's more in line with the old Soviet jape: "All things not compulsory are forbidden."

Re:So wrong.

[nabsltd]

As for the 4th Amendment using the term "house" specifically, it actually says "persons, houses, papers, and effects," so there shouldn't be any difference at all in the way it's interpreted for your email, unless you want to claim that because people use digital documents now instead of actual paper there are no rules.

There is no difference in the interpretation for physical vs. electronic.

In either case, handing your "papers and effects" to a third party who isn't your legal counsel means that they are free to do whatever they want with them, and the government doesn't have to get a warrant. Now, that third party might refuse to give them up without some sort of legal force, and in this case the 180-day law is the force being used.

Re:So wrong.

[nabsltd]

But if it only applies to a "home", then no warrant would be required to search a business.

One isn't required if the target of the search isn't the business itself.

For example, if the police suspect that an employee of Initrode Global committed a murder, they don't need a warrant to search that person's office desk. All they need is permission from someone in the company. In this case, even though the desk is a "personal area", it's not a "private" one.

Re:So wrong.

[Reziac]

That's an interesting distinction, and good to know.

Tho I was thinking more in terms of just barging in and searching the whole business. (Well, if I remember what I meant, ha.)

"Trust us."

[Impy+the+Impiuos+Imp]

> "A 2009 "Search Warrant Handbook" from the IRS Criminal Tax Division’s Office of Chief Counsel"

Yes, criminal, in the same way England was being criminal, abusing power to search.

Exactly the same. Anyone in government reading this? You are behaving in exactly the same way as the evil government we shucked off. Yes, you, you ass. You.

Re:"Trust us."

[GigsVT]

I don't think strongly worded comments on Slashdot would have worked in 1776 either.

Advice from you, troll? No thanks.

Especially after you trolled us 100's of times last month http://slashdot.org/comments.pl?sid=3581857&cid=43276741 in March 2013, but you forgot to submit that one as anonymous coward like you did all the others idiot, and instead you used your registered username here. You got played: You played yourself, moron.

Re:Advice from you, troll? No thanks.

What a douchebag that guy is.

Re:Advice from you, troll? No thanks.

Wow... I'm genuinely curious why one of earliest users on Slashdot is trolling.

Re:Advice from you, troll? No thanks.

[ichthyoboy]

Some people take up shuffleboard in their old age, others take up trolling at /.

Re:Advice from you, troll? No thanks.

Maybe he bought the account?

Re:Advice from you, troll? No thanks.

[Reziac]

And that page spit up this tagline:

QOTD: "I don't think they could put him in a mental hospital. On the other hand, if he were already in, I don't think they'd let him out."

Warrants

[onyxruby]

Is it really that unreasonable to get a warrant before doing the following activities?

Reading your email?
Tracking your car?
Tracking your phone calls?
Tracking your cell phone?
Tracking your every movement?
Entering your private home?
Entering your private car?

In today's society it is highly difficult to function without these capabilities, yet we are expected to check our constitutional rights out the door when we want to operate as normal members of society. Expecting nothing more than asking a judge to review if law enforcement has a reasonable reason to invade your privacy for legal purposes - as the constitution demands - should not even be a debate.

Re:Warrants

In today's society it is highly difficult to function without these capabilities, yet we are expected to check our constitutional rights out the door when we want to operate as normal members of society.

Constitutional rights are so 1787.

Get with the times.

We own you. //The Rich

Re:Warrants

[CanHasDIY]

We own you. //The Reich

FTFY.

none, nope

[AndyKron]

the government has no laws. It is not by the people, but against the people.

No Worries

[sycodon]

Biden says the chance of the U.S. Gov becoming oppressive is virtually nil.

Re:No Worries

[CanHasDIY]

Biden says the chance of the U.S. Gov becoming oppressive is virtually nil.

... isn't that the same dude who said the best method of home defense is to step outside and fire shotguns randomly into your neighborhood?

And here I thought all the clowns left with the last administration...

Re:No Worries

[redneckmother]

Biden says the chance of the U.S. Gov becoming oppressive is virtually nil.

The keyword here is becoming. The US Govt is already oppressive.

Re:No Worries

[tqk]

Biden says the chance of the U.S. Gov becoming oppressive is virtually nil.

He's correct. When you're already oppressive, how can you become oppressive?

I respect people's privacy when their mail isn't

[PseudoCoder]

addressed to me. Most people respect that in return. Does that count as a reasonable expectation of privacy? Could we apply the same standard to e-mail?

Antiquated Legal Standard

[necro81]

The 180-day limit is based on an antiquated legal standard, the Electronic Communications Privacy Act, which was signed into law in 1986 - more than 25 years ago. At the time, email was still in its infancy, and "cloud"-based email providers like Yahoo, GMail, etc. simply didn't exist.

Efforts are underway to update the act so that, among other things, law enforcement will need to obtain a warrant anytime they want to access email. But those updates aren't law yet, so the old statute still applies.

Re:Antiquated Legal Standard

[jfengel]

Hey, that's interesting:

For instance, email that is stored on a third party's server for more than 180 days is considered by the law to be abandoned

A lot of the thread above has been predicated on the idea that they get this right because email is more of an e-postcard, but if that article is correct, that's not it at all. That explains why this is acceptable but wiretapping a phone conversation isn't: phone conversations are expected to evaporate.

Presumably that means that you're expected to delete your emails from the server if you really consider it private, which doesn't actually seem entirely unreasonable. Or at least, it didn't in 1986. Now we consider our GMail accounts a personal, private chunk of the universe, more akin to our homes even if they're sitting out on some server somewhere.

Does make me wonder, though... I'm sure Google and other email providers have thought of ways to encrypt email end to end, doing the decryption on the client side, and making encryption the default (or at least easily accessible). I wonder if DoJ and others have asked them not to.

Re:Antiquated Legal Standard

[causality]

The 180-day limit is based on an antiquated legal standard, the Electronic Communications Privacy Act, which was signed into law in 1986 - more than 25 years ago. At the time, email was still in its infancy, and "cloud"-based email providers like Yahoo, GMail, etc. simply didn't exist. Efforts are underway to update the act so that, among other things, law enforcement will need to obtain a warrant anytime they want to access email. But those updates aren't law yet, so the old statute still applies.

That old statute outweighs the Fourth Amendment? Interesting.

Is a password considered a lock?

If I put a lock on my house, car, toolshed, etc... I expect that the contents are to be considered private.
If I put a password (a modern day lock) then I consider the material behind the password to be considered private.

It's also sort of like a phone conversation. I call someone and the conversation is considered to be between the caller and callee. What the callee does with the conversation is up for debate BUT only that call can be leaked. That callee can't access all my other conversations... thus the contents of calls should be considered private save for the other party.

So when did email become public?

In this day and age our Government needs ensure our rights are protected, not continue to erode them...

Email account with your ISP???

[stevegee58]

zomg that's so 90's

Re:Email account with your ISP???

email account with google? zomg that's so NOW!

So....

[n3tm0nk]

Let's see all of the IRS's emails..............or not.....

Joe Stack looks.....

[couchslug]

.....more reasonable every day.

Re:Joe Stack looks.....

[Reziac]

For those who had the same question I did:

http://www.csmonitor.com/USA/2010/0218/Who-is-Joe-Stack

Good timing actually...

I had just changed my email sig to "Fuck you IRS"

Constitution = null

[PortHaven]

Tis sad, and very sad....

We had a Constitution,
Now we have but laws,
That make it null and void,
Tis bad, and very bad....

Re:Constitution = null

[GodfatherofSoul]

Take a look at the 4th amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Meaning you can't search my body (person), my property, my records, my belongs (including my car) can't be searched w/out a warrant and you'll need probably cause to get that warrant. And, that search has to be reasonable (body cavity searches on a roadside seem pretty unreasonable). It gets raped on a daily basis; sometimes we get raped quite literally by law enforcement.

Re:Constitution = null

[PortHaven]

Oh, I think you may be missing my point. I'm in full agreement. We've basically gotten rid of almost every protection in the bill of rights. That's not a good thing. Just a sad reality.

Hence, now when you try to invoke the Constitution, it comes back null. :-(

Re:Constitution = null

[GodfatherofSoul]

I followed you, I was just posted the text to back up the point ;)

Re:Constitution = null

[PortHaven]

Oh, cool...

The necessity of privacy

Before anyone spouts off with the old, "if you have nothing to hide..." line, please read this recent study out of the Harvard Law Review, entitled "The Dangers of Surveillance":

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2239412

IRS Can Read Your Email Without Warrant

Oh no they can't, I encrypt all of my emails with ROT13...

How do they decrypt it?

[sl4shd0rk]

If you're using GNUPG or Enigmail* Thunderbird plugin, just what do they expect to find in the gibberish metadata?

[*] http://www.enigmail.net/home/index.php

Then you need to use encryption

They are partially correct. Since mail is generally sent in plain text, and stored on public servers, then there is no reasonable expectation of privacy. It's as if you mailed a post card. The mail carrier can read that, or anyone who happened to maybe look over the mail carrier shoulder. But once you put it into a sealed envelop, breaching the envelope is a federal offense without a warrant. If you encrypt your email to everyone (unfortunately no one does) then it is equivalent to it being mailed in an envelope and should be protected by the 4th amendment with a pretty strong expectation of privacy.

Anonymous - dump all IRS employee personal e-mails

Since e-mails are public, anything that the IRS or any IRS employee is doing via e-mail is most definitely public knowledge with NO expectation of privacy.

Let's see an immediate dump of every personal, non-work related e-mail they've ever received or sent...

Warrant? Don't need no stinking warrant, hand em over bub....

Take responsibility take back the network

[WaffleMonster]

Oh look what a shock...the third party doctrine striking again...who'd have guessed?

This is what we deserve when we depend so much on third parties for everything even when it makes little to no difference where the data is stored. With a little effort and slight inconvinence it does not have to be this way.

Run your own mail server, run your own web site. Say no to aggregation of control within "the cloud" where the US constitution is just a mirage.

Post all traffic to mail.irs.gov

can't be anything private, right?

Okay, soooo . . .

[Kimomaru]

I hate to be reasonable, but exactly how is this an issue (especially for the average Slashdot reader?) There's a long list of organizations that would be pleased as peaches to go through your email. If it's a serious problem, then 1) never keep email longer than a week old (so, yes, unfortunately, you're going to have to learn to not use your email account as a treasure trove of personal information that would ruin you if it fell into the wrong hands - a popular thing nowadays.) and 2) for God's sakes, you shouldn't be on a "free" webmail system at all ever for any reason, even if you adhere to number point 1.

What's that you say? "But not everyone knows how to build their own email server!" Yes, well, everyone SHOULD know how to read and follow directions - setting up a server with an MTA is one of the most common technical tasks in the world and the net is flush with forums that'll show you how to do it. If you have time to screw around on Facebook, you have time to set up a server and email on Azure or Amazon. If that's too hard to do, privacy isn't your biggest problem.

Preview mode FTW

Since it does not mark the email as "Read".

Interesting...

[arekin]

When David Kernell accessed Sarah Palin's email without permission he received a year in prison, when the IRS does it, it's not a crime. I think there may be a communication issue on what constitutes a crime.

Re:Interesting...

I think you missed the memo that says our government is not working FOR us anymore. We can no longer question it. It itself is beyond all law. Our government is now God.

Re:Interesting...

Wikileaks!

Canada is a bit better, but only for texts

[davecb]

Canada now requires a wiretap warrant to ready stored texts on pohone-company servers, which is harder to get than a regular one. See http://www.cbc.ca/news/technology/story/2013/03/27/technology-telus-text-messages-scc-decision.html [www.cbc.ca]

The Ontario appeal court separately ruled that one needs to put a password/passcode on your phone to demonstrate that you have and expect privacy in the data it contains. See http://www.cbc.ca/news/canada/ottawa/story/2013/02/21/ottawa-cell-phone-users-beware.html [www.cbc.ca]

Logically, a police force anywhere should need a wiretap warrant to read your (electronic) mail, and you have a duty to password-protect your email (:-)) At the moment this hasn't been tested in court, even in Canada. --dave

good

[jcfkgiv]

http://informaticall.altervista.org/how-to-be-diet/

What a shock

I would hope they could, for the most part my email is plain old pop3

Situation is changing

[the+eric+conspiracy]

The Senate Judiciary Committee had passed a bill that would require a warrant for any email interception. However it seems this didn't make it through congress in the lame-duck session.

It is very upsetting that the Netflix video data sharing bill did.

http://www.techspot.com/news/51175-congress-cuts-amendment-banning-warrantless-email-snooping.html

I gave my Congressman a raft of shit over this.

Stored on a server VS high rise buidling mail box?

[future+assassin]

So I guess those living in apartment/condos/highrise buildings do not have a reasonable expectation of privacy with their mailbox?

Just Clean-Up Your Email

[NoSalt]

I have my email program delete all emails after 2 weeks. That definitely falls within the 180 "safe" days.

Re:Just Clean-Up Your Email

Working around being abused by your government is certainly wise, but it really isn't as good a solution as getting your government to stop abusing you in the first place.

No reasonable expectation of privacy

[flimflammer]

It amazes me how often I hear this as an excuse to do something that shouldn't be done. Apparently to the US Government, you never have any reasonable expectation of privacy as long as there is a computer involved, despite in modern times, a huge portion of our life and financial information being chronicled there.

How can we not have a reasonable expectation of privacy for our email any less than snail mail? We don't expect the people running the servers delivering or receiving our e-mail actually reading it, just like we don't expect postal workers opening our letters and reading it. People would be outraged if they learned that server admins were literally reading their email. We do have a reasonable expectation of privacy, here.

Re:No reasonable expectation of privacy

[Reziac]

If there's no expectation of privacy, then it shouldn't be illegal to, say, hack into someone's PC.

Do as we say, not as we do!

Until protected by law, encrypt older emails.

[thedarb]

Just a little googling and I found: IMAPCrypt

Looks like a decent utility to automate running daily... it will go through and encrypt (via PGP), emails over any age you specify.

Then when they go in, tada. Encrypted! Now they have to go request the backups, if there were any going that far back.

Another option would be a script or filter that moves everything to your local folders at home.

Re:Until protected by law, encrypt older emails.

Another option would be a script or filter that moves everything to your local folders at home.

We already have that. It's called POP3.

Terrorism 2.0

[gmuslera]

What if people start getting spam asking about fake big sums of money they received in private transactions/payments? Your mail is becoming a vulnerability not because the software that you uses to read it, but the "automatic" action that will take the new readers of your mail, like social engineering targetting the 2nd row of spectators.

Safety Deposit Boxes?

[turp182]

Are the contents of my safety deposit box available to the IRS? That represents "data" stored on "other people's equipment".

Giving the GOP a heartburn

[inode_buddha]

They hate the taxes so much, and now they have to root for the "liberal" ACLU actually doing something to the IRS....

Re:Anonymous - dump all IRS employee personal e-ma

Oh boy here we go with the "eye for an eye" BS.

Re:Anonymous - dump all IRS employee personal e-ma

Sometimes it's called "justice," bro.

16,000 New IRS Agents Being Hired

Well, blame Bush if you want, you stupid idiots, but this is all yours and your little brown god's doing. Yes, healthcare for everyone! Yahoo!!

Nasty Pelosi said "we have to pass the bill so we can see what's in the bill." Well, thank you Mrs Stalin!

Why won't people just accept that fact

that the US Constituion doesn't apply to modern technology. If it did then the Founding Fathers would have mentioned it in an Amendment. Now just get over it.

Re:Anonymous - dump all IRS employee personal e-ma

No, it's called "let's vindicate their actions by doing the same fucking thing, that'll show em."

Doesn't apply huh

Like every government agency in existence, the IRS can CLAIM whatever they want. However, if they are ever taken to court they will be bound by whatever the current case law says.

Are you rain man?

So by your logic, the only airplane that is truly safe to ever fly in are the ones owned by Quantas.

Send a shit ton of emails to the IRS

[gelfling]

listing the home addresses of their senior execs. and pictures of their kids.

Re:Yea because this happens all the time

[grantspassalan]

The more things change, the more they stay the same. In the Bible, 2000 years ago, tax collectors and sinners were in the same category of scumbags.

Canada

`Canada just amended this and declared that emails are private just like other communication. this should be obvious. Sorry about this USA. you used to such a great country...

I didn't CC the IRS

That cartoon is garbage.

The IRS is asserting it doesn't need warrant, not that it can be 'misled' into incorrectly asking for a warrant from the wrong place. It's complicit into the deceit that it doesn't need a warrant.

Email *is* private, if it wasn't private they wouldn't have to ask the ISPs to get it for them, and they wouldn't have to have a legal advice that says 'get a warrant if the ISP might resist'. The ISP has a legal obligation to resist those requests, that data is private. The IRS clearly understands the illegality if their advice depends on how cooperative the ISP is.

Cartoon form doesn't make it right. The IRS is not some innocent party in these illegal searches, it's the active participant, in effect the IRS is the girl in the cartoon, deliberately misleading the law to get a search that it legally cannot get.

Why are we even discussing this, it's a private communication and is none of your or their business. If it was I'd have 'CC'd the IRS into the conversation, now it seems they've taken powers they don't have to BCC themselves into every email!

404 Logic not found

IRS logic on what "reasonable expectation of privacy" mean:

1. If you are paranoid and think that privacy does not really exist in this world then you don't have any expectation of privacy whatsoever. Which means they can do anything they want.

2. If you aren't paranoid then you have nothing to hide. Which means...

Reasonable expectations

If the majority of people expect email to be private, doesn't that become reasonable by default?

Privacy of paper mail v.s. email

Funny how the Law in different countries have tried to make sure that paper mail is supposed to be pretty-much sacrosanct, no matter who handles it, but now have no problem to claiming that email that is not directly in transit is free for grabs.

As for the "must encrypt to get some privacy" advocates: If the simple opening of an paper envelope is considered braking the Law in regard to the sacrosanctity of it, why than isn't doing extra effort as in using a computer to search for and display a specific message not ?

If you do not do that effort (for paper or email) there is no way you can read the contents of a mail, paper or electronic, by accident.

From my POV the "with a computer" prefix is here also used to change the rules of the game (ref: patents).

Typical of the government today

Typical of the government today. Constitution getting in your way? Just ignore if possible. Otherwise, argue the most abstract interpretation possible to a federal judge that will rubber stamp it into common practice.

George Orwell. The pigs are more equal.

Re:Anonymous - dump all IRS employee personal e-ma

No, it's called wake them the fuck up by exposing every little detail of their petty lives to the rest of the world, embarrass the fuck out of them, make them realize that "oh fuck, e-mails are private!".

It's what investigative reporters have done for a very long time to expose corrupt and petty bureaucrats on a massive scale.

download email to own storage

[feldmark]

If I download email regularly to my personal storage device in my home, there will be nothing 180 days or older on an ISP server. (Webmail BAD.) Of course I'm assuming that they do not keep caches of all email received around for 6 mo, which may be a bad assumption. Once in my home, any agency should need a warrant.

makes me think of the belgian constitution

[KingBenny]

which states that
Art. 29.
Het briefgeheim is onschendbaar.
De wet bepaalt welke agenten verantwoordelijk zijn voor de schending van het geheim der aan de post toevertrouwde brieven.
roughly : secrety of a letter can't be violated, the law dictates what agents can be allowed to 'violate' the secret (privacy) of letters who were delivered to the post office
any creative lawyer would see there's nothing about letters deliverd to the hotmail or google servers in there .. and not all judges are known to rule by the spirit but rather by the literal word of the law so ...
i have my doubts there

Re:makes me think of the belgian constitution

[KingBenny]

that's secrecy not -t in case of gremmar nazis i always miss the review button but i think my point should be clear enough