Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Federal Judge Says E-mail Not Protected By 4th Amendment

timothy posted more than 4 years ago | from the persons-papers-and-effects dept.

Privacy 451

DustyShadow writes "In the case In re United States, Judge Mosman ruled that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to e-mails under the third-party doctrine. 'When a person uses the Internet, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus 'private' information is actually being held by third-party private companies."" Updated 2:50 GMT by timothy: Orin Kerr, on whose blog post of yesterday this story was founded, has issued an important correction. He writes, at the above-linked Volokh Conspiracy, "In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers."

Sorry! There are no comments related to the filter you selected.

Stop using FedEx (4, Interesting)

QuantumG (50515) | more than 4 years ago | (#29918549)

Wow, best to stop using FedEx and other *private* companies to send mail then.

Not the same, in several aspects (5, Insightful)

Yobgod Ababua (68687) | more than 4 years ago | (#29918707)

It's not about transportation, it's about destination.
Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

There are options, potentially, for the more privacy minded:
* POP email with "delete from server" active will limit how much of your mail your ISP has access to.
* Run your own mailserver.
* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

That last one could also go a long way to helping solve the issue where private companies have to host their own mail and forbid employees from using other accounts solely to avoid the exposure of proprietary communications to third parties (the ISP). It also shouldn't be too difficult to set up...

Re:Not the same, in several aspects (2, Informative)

drinkypoo (153816) | more than 4 years ago | (#29918755)

* Develop a mailserver that stores mail in an encrypted folder and requires your key to access.

We have this already, it's called PGP. ECHELON already reads the To:, From: and Subject: lines of all email sent over any significant hops, so you don't really need to secure those.

PGP (3, Insightful)

Yobgod Ababua (68687) | more than 4 years ago | (#29918925)

Oh certainly, if everyone you get email from uses PGP, you're already good.

I'm talking about keeping all the plaintext and/or HTML mail you get from normal people/banks/mailing lists and having the mailserver know to automatically encrypt the content of new messages with your public key. An ISP running such a server could then HOST your normal mail without ever having access to it, or without ever implicitly getting your permission to access it.

Re:PGP (3, Interesting)

Brian Gordon (987471) | more than 4 years ago | (#29918987)

I thought Hushmail did something like that. Like they store your email encrypted and your password decrypts it when you need access, so they can't read your mail even if they get a subpoena. I think it even sends it to your browser in its original encrypted form and the client decrypts the data.

Re:Not the same, in several aspects (5, Insightful)

klingens (147173) | more than 4 years ago | (#29918761)

It's not about transportation, it's about destination.

Every PO-box is then unprotected under 4th amendment too?

Re:Not the same, in several aspects (4, Interesting)

Volante3192 (953645) | more than 4 years ago | (#29918847)

I was thinking the same thing about safety deposit boxes.

Re:Not the same, in several aspects (4, Interesting)

wizardforce (1005805) | more than 4 years ago | (#29918871)

Plus there's no expectation that FedEx would (or should) have access to the *contents* of your mail, but an ISP-hosted email account, currently, does have full access to the content, with your tacit approval.

So does the phone company regarding your phone calls. That doesn't mean that there isn't a reasonable expectation of privacy.

Re:Not the same, in several aspects (4, Informative)

dgatwood (11270) | more than 4 years ago | (#29918933)

Indeed, if you'd like a citation that agrees with you, http://cyberlaw.stanford.edu/packets001954.shtml [stanford.edu] is a good place to start.

Re:Not the same, in several aspects (3, Interesting)

whoever57 (658626) | more than 4 years ago | (#29918941)

Let's say I send an email from my home mail server to a family member using gmail.

The email leaves my home network is sent to my personal mail server. This transfer uses TLS.

My mail server sends it to GMAIL. This transfer uses TLS.

Gmail stores it. Google promises to only disclose my information with my permission or with other controls on dissemination. See Google's privacy policy [google.com] and the Gmail privacy policy [google.com]

I have ensured my family members use https/pops to download from gmail.

How do I not have an expectation of privacy in that transaction?

Re:Not the same, in several aspects (4, Insightful)

whoever57 (658626) | more than 4 years ago | (#29919153)

Replying to my own post, but I see from RTFA that the judge addressed the privacy policies. However, he seems to have read them differently to me. He says that Gmail uses agree to google disclosing the information in response to a lawful request (ie, a subpoena) and somehow reads from this that users dont have any expectation of privacy. Personally, I would think that expecting disclosure to require a warrant was pretty much an expectation or privacy. Otherwise, we can never have an expectation of privacy. Perhaps he means that because Google employees can read the emails, there is no expectation of privacy, but this is using a black and white test where is it not appropriate. I understand that Google employees can read my emails in gmail, but I have reason to expect that the contents won't go any further.

Re:Not the same, in several aspects (2, Insightful)

jeffrey.endres (1630883) | more than 4 years ago | (#29918961)

No it is about notification. The judge has ruled that the government should notify the ISP and not the person who uses the email. IMHO, the obvious flaw is that the judge rules that for the 4th Amendment to take effect, it has to be in your home.

Re:Stop using FedEx (2, Interesting)

JordanL (886154) | more than 4 years ago | (#29918717)

I was going to say... doesn't the US Postal Service also take temporary possession of your messages?

I guess the 4th Amendment doesn't apply unless there is an unbroken chain of ownership between private parties.

Re:Stop using FedEx (1)

WarJolt (990309) | more than 4 years ago | (#29918737)

Those types of deliveries are protected by law. 5 years in prison I believe. There are no laws that apply to e-mail. Easy solution is to encrypt all your e-mails you expect to be private.

Re:Stop using FedEx (4, Insightful)

rtb61 (674572) | more than 4 years ago | (#29919037)

Perhaps you can tell me the difference between a phone call and a email. Phone calls are protected by wiretapping laws, it is a criminal offence to listen in to private phone calls or record them without the permission of all parties involved. Both phone calls and email are simply digital transmission over wire, both pass through other parties to get to the final destination, the only difference is the hardware and coding to encode, decode and interpret them.

Face it, the judge is an idiot of the first order, I mean come on has the boob never heard of ADSL. It completely ignores the fact that email servers are completely automated and require no human intervention to reach their destination. It is time for email software to make use of the DMCA and, incorporate a simple encryption technique that prevents the email from being read as plain text but require a simple for legal reasons only decryption technique with a default warning if the person is not the intended recipient, for email where the default recipient email address does not match the target email address.

Basically am encryption technique that is no more secure than you typical envelope but still providing the full legal security of a typical envelope, with the added bonus of the DMCA to beat them over the head with.

Other cases (2, Interesting)

phorm (591458) | more than 4 years ago | (#29918913)

Just out of curiosity, what are the privacy rights on say,a storage facility.Can the cops just walk on in and open things up, or do they need a warrant?

ok (3, Insightful)

nomadic (141991) | more than 4 years ago | (#29918557)

I cannot see how this won't be overturned on appeal. People have a general expectation of privacy in regards to their e-mail, and the fact that it's being physically hosted somewhere doesn't defeat that.

Re:ok (3, Insightful)

JoshuaZ (1134087) | more than 4 years ago | (#29918619)

Agreed, the appropriate analogy would be to physical mail where people have a clear expectation of privacy. Unfortunately, the attitude among judges frequently seems to be that "oh wow. That has do with that complicated internet-thingy. That must function in a completely different way. Never mind that we've had no problem seeing how new technologies fall under the Constitution before. This time it is clearly different. Besides, that web thing scares me."

Re:ok (0)

Anonymous Coward | more than 4 years ago | (#29919073)

no, the proper analogy would be to telephone, where the information travel on infrastructure owned by a third party. They also have the technological mean to listen to your conversations, but elect not to. Your isp could (technologically) read your e-mails, but he elects not to.

Unencrypted e-mail is like postcards (1)

qbzzt (11136) | more than 4 years ago | (#29918859)

Do you have an expectation of privacy when you send a postcard?

Re:Unencrypted e-mail is like postcards (4, Insightful)

JoshuaZ (1134087) | more than 4 years ago | (#29918959)

A postcard isn't a good analogy. If I send a postcard, lots of people might see what is on it by simple chance. For example, the mail carrier might see it when they pick it up. In order for someone to read an email they need to go out of their way to access it in some form. That such access is easy doesn't say much. It is easy for someone to access physical mail often when people use a physical mailbox in the suburbs. Moreover, anyone in the postal service can easily access the internal contents of your mail without getting caught (steaming open a letter is really easy and hard to notice). That doesn't mean that the government has a right to read all my physical mail without a warrant. Just because something is possible doesn't mean that it is considered either normal or acceptable practice.

Re:ok (4, Insightful)

dgatwood (11270) | more than 4 years ago | (#29918901)

More to the point, it is clearly no different than a bank safety deposit box, and those cannot be searched without a warrant. The mere fact that we are talking about data instead of physical objects should have no legal bearing on the requirement of a warrant for search and seizure. This is a clear case of bailment, and in bailment cases with a corporate entity, one can generally assume a right to privacy.

This will definitely get overturned on appeal unless the lawyers involved are inept.

Re:ok (5, Informative)

Jeremiah Cornelius (137) | more than 4 years ago | (#29919013)

Funny, in the UK we had police smash into almost 7,000 safe-deposit boxes.

More than 500 officers smashed their way into thousands of safety-deposit boxes to retrieve guns, drugs and millions of pounds of criminal assets. At least, that's what was supposed to happen."

It was a warrant-expansion, from one of those "seizure of criminals assests" laws, that were started first in the States. Gone ALL wrong, 'tho'.

"Many of the clientele were families who had fled turmoil, pogroms, coups and wars and long had a cultural preference for locking away money and jewels, building up a vehement distrust for the integrity of traditional banks. Here, stepping down the spiral staircase at the back to the darkened boxes below, they felt reassured that their most important possessions were safe."

Read more: http://www.dailymail.co.uk/home/moslive/article-1222777/The-raid-rocked-Met-Why-gun-drugs-op-6-717-safety-deposit-boxes-cost-taxpayer-fortune.html [dailymail.co.uk]

Overturned: Doubtful: Reasonable Expectation (1)

blavallee (729704) | more than 4 years ago | (#29919007)

The point of this ruling is that there's no "requirement of notice to the account holder."
This does not change the need of probable cause and a legal warrant presented to the 'third-party' in order to obtain the e-mails.
The same logic applies to wire taps, the government is not required to notify an account holder that their calls are being monitored for illegal activity. Kinda defeats the purpose of a wire tap.

In effect, this basically states that if it leaves (or is kept outside of) your home the government is not required to notify you (the account holder) that it is being looked at. But if the government does look at it, it still needs to be judicially sanctioned and supported by probable cause.

This is a reasonable expectation.

Re:Overturned: Doubtful: Reasonable Expectation (1)

Gutboy (587531) | more than 4 years ago | (#29919077)

Notice the "under the 4th amendment", the one that requires them to get a warrent. He's saying that doesn't apply to email.

Geeks may say (0)

Anonymous Coward | more than 4 years ago | (#29918577)

I run my own mail server, you insensitive clod!

Re:Geeks may say (5, Insightful)

TheGratefulNet (143330) | more than 4 years ago | (#29918763)

I run my own mail server, you insensitive clod!

of course, the 'ever so smart judge' does not know this fine nuance.

the fact that packets travel along routers, bridges and gateways means that some of your 'property' is stored/forwarded outside your 'house'. BUT SO WHAT??

US mail travels in a store-forward way. are they allowed to read your mail because its 'not in your house, at the time' ?

finally, why is this moran allowed to concluded that ALL mail sits on 'webservers' ? even if it IS web-based, oftentimes its pop/imapped to your home system and then deleted off the server. or maybe you run old style port25 mail and it truly does go point to point and never 'sits' on an ISP for more than transit-time.

I'm really annoyed by judges who make decisions based on FALSE assumptions and lack of understanding. this judge should be fired or even tried for treason. his crime is THAT great; its a threat to some fundamental privacy that the constitution (once) allowed us.

those who seek to over-rule constitutional laws ARE traitors. look it up.

Re:Geeks may say (1)

nsayer (86181) | more than 4 years ago | (#29918837)

the fact that packets travel along routers, bridges and gateways

No, no, no. It's not like a big truck. It's a series of tubes!

Re:Geeks may say (5, Insightful)

pyr02k1 (1640167) | more than 4 years ago | (#29919167)

I would like a warrant for the Senates email accounts please... All of em...

WTF? (0)

Anonymous Coward | more than 4 years ago | (#29918585)

"When a person uses the mail, the user's actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the mail system with an address and mailbox owned by a mail service provider like the US Postal Service. All materials delivered, whether they are letters or courier-delivered packages, are physically stored in buildings owned by a mail service provider. When we send a letter or package from the comfort of our own homes to a friend across town the letter travels from our hand to boxes, vehicles, and parts of buildings owned or controlled by a third party, the mail service provider, before being delivered to the intended recipient. Thus, "private" information is actually being held by third-party private companies."

Obviously, I should STFU before I give the government any more ideas.

There are tools that can help (3, Insightful)

Mrs. Grundy (680212) | more than 4 years ago | (#29918589)

It's a real shame that email encryption never really hit the mainstream.

Re:There are tools that can help (2, Insightful)

JonTurner (178845) | more than 4 years ago | (#29918617)

This is precisely the sort of action that could lead to encryption taking hold.

Re:There are tools that can help (1)

shaitand (626655) | more than 4 years ago | (#29918727)

The only thing that will make e-mail encryption take hold is an advance in the technology or at least the clients.

When using e-mail encryption is as simple as checking a box (or better yet, enabled by default) and the key generation, registration, retrieval, etc are completely automatic it might catch on.

So far I've yet to see a client that does this in a successful and consistent way.

Re:There are tools that can help (1)

mindstrm (20013) | more than 4 years ago | (#29918791)

The problem with encryption for email is you need some kind of trust heirarchy to authenticate everyone. Without that, you never know if you're being middled, and therefore you might as well not have encryption.

Given that even sensible, educated, technical people will often ignore certificate trust warnings.... .who thinks email encryption will actually take hold globally?

Webmail + encryption? (1)

Alwin Henseler (640539) | more than 4 years ago | (#29918805)

That is: if anyone figures out a way to combine end-to-end encryption with web based e-mail (popular as it is).

And no, 2 users connecting securely to the same e-mail service doesn't cut it: in that scenario the e-mail service itself can read the messages (a man-in-the-middle attack so to speak)

Re:There are tools that can help (3, Funny)

Haxzaw (1502841) | more than 4 years ago | (#29918633)

The only tool around this story is the judge.

Re:There are tools that can help (1)

DeadlyBattleRobot (130509) | more than 4 years ago | (#29918647)

There is a killer app out there waiting to be written for this. I want automatic encryption built in to email, without the end user having to mess around with keys, key registrys, pgp, or any other encryption framework. I think there is way to do it.

Identity base encryption (1)

betterunixthanunix (980855) | more than 4 years ago | (#29918739)

You are thinking of identity based encryption -- the "public key" is your email address (which can be anything you want, in fact). Unfortunately, the current schemes (those that I know of, anyway) involve a trusted third party generating your private key and assigning it to you, which will run into the same problems Hushmail ran into. What would be nice is a hybrid model -- where the trusted third party could be chosen by the user, and then those trusted parties would authenticate each other. Thus, the people who currently serve "techie" roles in their social circle would generate the private keys for their friends, and then use something like PGP to authenticate each other.

Re:There are tools that can help (1)

mindstrm (20013) | more than 4 years ago | (#29918825)

Great... get your thoughts down on paper and you'll have a killer app.

Unfortunately, all of those things like "key signing" and "keys" and "trust" are currently required for PKI to be useful.

Someone has to mess around with all that "stuff" to make it work... and if it's not you, you have to trust someone else (software vendor, ISP) to do it for you.

Re:There are tools that can help (3, Insightful)

dpilot (134227) | more than 4 years ago | (#29918671)

The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it. Maybe decisions like this one will get more people using encryption for their email. My pet concept is the job of key generation, trust, and management should be handled by banks. After all, we all trust the banks with our money already.

Of course another option would be to get common carrier status for the internet, at least within the US.
Yet another step would be for the US Postal service to run (TLS encrypted and authenticated) mail services. Not that I'm enamored of the Post Office doing the job, but that's the easiest way to grant legal protection to the content.

Re:There are tools that can help (1)

whoever57 (658626) | more than 4 years ago | (#29918975)

The way I've always heard it, regular email is just like a postcard - anyone in the chain who touches it can read it.

ISPs are increasingly supporting smtp-tls. That means that the transfers are encrypted between mailservers. To send an email to another party requires that the email goes through a limited number of mailservers, but the ISPs whose role is providing connectivity between those mailservers can't read the emails.

Re:There are tools that can help (1)

Onymous Coward (97719) | more than 4 years ago | (#29918687)

Key management is a hassle for most folks. I still think people can be trained, though. Just need simple enough metaphors.

Meanwhile, here's an easy Thunderbird plug-in: http://en.wikipedia.org/wiki/Enigmail [wikipedia.org]

Re:There are tools that can help (1)

calmofthestorm (1344385) | more than 4 years ago | (#29918917)

No it's great: that's why it's still legal.

I wonder if you can use the DMCA to your advantage (5, Interesting)

atlasdropperofworlds (888683) | more than 4 years ago | (#29918593)

As a bit of an aside, does it matter if you try to make the data private via encryption?

There could be an interesting relationship here: If you claim (probably rightfully) that you own the copyright to the 'content' in question, and encrypt it, does this mean that it would be unlawful for anyone to try and decrypt it under the DMCA?

Re:I wonder if you can use the DMCA to your advant (4, Insightful)

Sir Holo (531007) | more than 4 years ago | (#29918937)

A postcard is public, a letter in an envelope is private.

Re:I wonder if you can use the DMCA to your advant (1)

Lord Byron II (671689) | more than 4 years ago | (#29918957)

What if you host your own email server?

As Half Life 2 taught us... (2, Interesting)

Stormwatch (703920) | more than 4 years ago | (#29918595)

Mossman is a traitor.

That is why I've been using crypto (1)

siddesu (698447) | more than 4 years ago | (#29918599)

and communicating in person with people who don't for quite some time now ;)

Difficult to do (1)

betterunixthanunix (980855) | more than 4 years ago | (#29918883)

People are only so willing to not have webmail, and they are not always available in person. Forget trying to explain to people how to carry crypto keys around on a thumb drive; that is about as useful as explaining why only encrypting emails that they think are sensitive enough to require encryption is not a good strategy. Basically, the FBI won the battle -- we were so bogged down with fighting their efforts to thwart email encryption that we missed the mark and the masses never adopted it.

Re:Difficult to do (1)

siddesu (698447) | more than 4 years ago | (#29919067)

People are only so willing to not have webmail, and they are not always available in person.

Their loss.

How do the statutes apply to rented property? (1)

Kaz Kylheku (1484) | more than 4 years ago | (#29918607)

If you're staying in a hotel room, are you entitled to privacy there? Can that room be searched without a warrant, because it's not your home? Curious.

Re:How do the statutes apply to rented property? (-1)

Anonymous Coward | more than 4 years ago | (#29918643)

Hopefully not. More Erin Andrews videos!

Re:How do the statutes apply to rented property? (-1)

Anonymous Coward | more than 4 years ago | (#29918733)

Hopefully not. More Erin Andrews vids!

Re:How do the statutes apply to rented property? (1)

ryanjensen (741218) | more than 4 years ago | (#29918951)

Yes, you are entitled to protection against unreasonable searches or seizures in a rented hotel room. Stoner v. California [justia.com] set that precedent.

*splutter*... US Mail? (3, Insightful)

alispguru (72689) | more than 4 years ago | (#29918609)

The Government does have to get a warrant to open your mail. Don't they?

Re:*splutter*... US Mail? (0)

Anonymous Coward | more than 4 years ago | (#29918811)

Physical mail? Yes. And the post office gets VERY territorial about the mail, not only do you have to get a warrant, you have to get a US Marshal to open it (assuming it's still in the mail system. After it's been delivered they don't have any jurisdiction over it. And if it's in the mail box, it's still in the mail system)

Email? Apparently not, as it is not considered a private communication.

Re:*splutter*... US Mail? (1)

betterunixthanunix (980855) | more than 4 years ago | (#29918829)

Postal mail privacy is a tradition that predates the current era of American politics. In the new, digital age, you do not have the expectation of privacy, unless you are one of those crazy paranoid hacker types who uses encryption.

Re:*splutter*... US Mail? (1)

lgftsa (617184) | more than 4 years ago | (#29919031)

crazy terrorist paranoid pedophile hacker

You left a few things out. I'm sure there's more to add, too.

By this logic... (4, Insightful)

TrebleJunkie (208060) | more than 4 years ago | (#29918611)

...your medical records aren't private, either. When you use a hospital or a doctor's office, you're not in your own home, and your records of the visit are stored at the facility. This judge is a moron.

Re:By this logic... (4, Informative)

DaveV1.0 (203135) | more than 4 years ago | (#29918827)

Actually, they are private because there is a law saying they are private.

Re:By this logic... (2, Insightful)

jwilty (1048206) | more than 4 years ago | (#29918931)

Although I may agree with the concept, the analogy is only possible due to the HIPAA law. Their privacy is not a guaranteed constitutional right. Medical records are treated separately under the law and therefore cannot be used to justify treating other information in the same way. Could we pass a law that explicitly states that electronic communication is personal regardless of the route? Sure, but we don't have one. One could also make a similar analogy to cell phones and voicemail. I assume (IANAL) that they also have laws explicitly protecting privacy of communications sent via them.

Hate to be devils advocate on this one, but... (1)

isThisNameAvailable (1496341) | more than 4 years ago | (#29919023)

Do you and your doctor frequently exchange your medical records via postcard? No, that would knowingly expose your information to any number of mail carriers. Likewise, e-mail goes through the hands/servers of any number of strangers and can be read without so much as holding it up to the light. It's a disappointing precedent, and certainly judges and government should be held to a higher standard than a USPS sorter making minimum wage, but the reasoning here isn't wrong. You shouldn't expect privacy if you can't even stuff your letter in an envelope.

Re:By this logic... (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29919155)

By this logic, the Sarah Palin email hack [wikipedia.org] wasn't a violation of Sarah Palin's privacy, either.

Does this mean... (4, Insightful)

Anonymous Coward | more than 4 years ago | (#29918613)

when we send mail via USPS, since the mail isn't technically in our homes while it is sitting in the post office, that the government can read it without violating A4?

USPS (0)

Anonymous Coward | more than 4 years ago | (#29918621)

So when I hand USPS my mail, they get to open it because they are a 3rd party? There should be a computer literacy test for government officials.

Glove Box in a Leased Car (0)

pete-classic (75983) | more than 4 years ago | (#29918645)

By this reasoning, do I lose 4th amendment protection of property in "my" glove box if the car is leased?

Absurd.

-Peter

Re:Glove Box in a Leased Car (2, Informative)

DaveV1.0 (203135) | more than 4 years ago | (#29918691)

While you have the car in your possession, no. But, once you turn it in, yes.

And, that is a bad analogy.

Goodbye plaintext, hello SSL/TLS/SSH/VPN/IPSEC (0)

Anonymous Coward | more than 4 years ago | (#29918667)

If this doesn't get appealed away, say hello to widespread email encryption and encryption in general.

This kind of ruling must make the type of miscreant that enjoys sniffing packets have a spontaneous orgasm.

(note that I intentionally specified miscreants; I don't care if you enjoy sniffing packets if you aren't sniffing anyone else's packets.)

judges: stay the HELL out of tech and .. (2, Insightful)

TheGratefulNet (143330) | more than 4 years ago | (#29918689)

and I'll stay out of law.

deal?

I know my field. its CLEAR you don't know my field. I don't know your field. why do you have to 'rule in' on things that make us laugh (or cry) at you, due to your TOTAL lack of understanding.

hang on a minute. what if this guy DOES know what's going on and yet he still wants to have government prying on your email?

I'm not sure which is worse; a clueless idiot in robes or a smart one who PLOTS against the basic US constitution, stealing our rights bit by bit.

Re:judges: stay the HELL out of tech and .. (0)

Anonymous Coward | more than 4 years ago | (#29918949)

No, no no no no no no no no no no no no no no no.

Don't stay out of law. Scenarios like these should ENCOURAGE more people with a technical background to go into law, otherwise the ignorance will perpetuate itself. We constantly have the same reaction to situations like these when they crop up in business, law, government, or wherever and then sit around posting comments that the world is populated with brain-dead morons and empty suits making policy in fields they know nothing about.

The fastest way to force change is by either educating those in power or getting personally involved. I'm not going to hold my breath on the former.

Re:judges: stay the HELL out of tech and .. (2, Insightful)

srothroc (733160) | more than 4 years ago | (#29919027)

While I can understand where you're coming from, I think it's a bit arrogant to look down on them like that. Judges are just people doing their jobs to the best of their ability with the information given to them. You also see judges ruling in areas as diverse as medical issues, building codes, traffic codes, food safety, and so on, yet I doubt all of those judges are doctors, architects, civil engineers, or chefs. There's a reason judges have expert witness testimonies and amici curiae. If you want to improve how these things turn out, why not try to be a lawyer that specializes in technology issues? How about looking into submitting an amicus curiae brief for cases that you feel you have knowledgable input in? Or maybe there isn't really much you can do but hope that people with the relevant expertise can help.

Re:judges: stay the HELL out of tech and .. (2, Insightful)

TheGratefulNet (143330) | more than 4 years ago | (#29919063)

Judges are just people doing their jobs to the best of their ability with the information given to them.

sorry my friend, but they have WAY too much power to be 'just another joe sixpack, trying to feed his kids and keep a job down'.

don't even TRY that shit, man. these guys are aristocracy and we all know it. they are above the law and THEY know it.

given how much damage people like him can do, he has the *responsibility* to seek out those who ARE experts and get their advice. I don't think he did that; it just doesn't show that he has done any research. 'mail is stored on your isp' he says. ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

when you have this much power over the population, you have a DUTY to be smarter and wiser than joe sixpack.

the amount of damage to our freedom that these clowns have upsets me no-end. our legal system is quite broken and judges need to live UNDER the laws they pass (first) before hoisting it upon the rest of us. lets see how he likes his mail 'searched'. let him live with this for, say, 5 years. then lets see how enthusiastic he is about privacy.

Re:judges: stay the HELL out of tech and .. (2, Insightful)

nomadic (141991) | more than 4 years ago | (#29919151)

ABSURD - and clearly its not true for all people who 'do email'. even the most green mail admin would not say such stupid things.

He's ruling on search warrants aimed at 3rd party ISPs; if someone does not keep their e-mail with the ISP, then his ruling doesn't apply to them.

Furthermore, it only applies to those ISPs who actually tell the user, like Gmail does, that they will comply with government requests.

Re:judges: stay the HELL out of tech and .. (1)

nomadic (141991) | more than 4 years ago | (#29919071)

judges: stay the HELL out of tech and .. and I'll stay out of law.

I will say there are far, far more techies willing to (oftentimes loudly) give their opinions about the law. Hence slashdot.

What About My Own Server? (1)

Neflyte_Zero (866396) | more than 4 years ago | (#29918745)

So what happens to people who run their own mailservers? Do they get 4th Amendment protection since they're in physical control of the server and its data?

Re:What About My Own Server? (1)

Adrian Lopez (2615) | more than 4 years ago | (#29918991)

According to TFA, "Judge Mosman concludes that Rule 41 and 18 U.S.C. 2703(a) require the notice to be served on the ISP, not the account holder, as a statutory matter." Thus, if the server is physically in your control I presume police would have to present you with a proper search warrant. The issue becomes less clear when the server is hosted at a third-party ISP facility but administered by the ISP's customer. In that case, must the warrant go to the server admin or can police get away with serving the ISP and giving no notice to the company that actually owns or administers the data on the server?

This is not the same everywhere. (4, Informative)

www.sorehands.com (142825) | more than 4 years ago | (#29918759)

Recently in the second Circuit, it has been ruled that gmail users do have an expectation of privacy in their e-mail account. http://online.wsj.com/public/resources/documents/Bear1.pdf [wsj.com] . Here the Court ruled that the warrant was too broad since it didn't restrict the inspection of e-mails that were unrelated to the investigation.

In light of both rulings, it may not prevent the government inspection, but could be grounds to suppress. Furthermore, the Stored communications act prohibits a warrant for this type of information unless, "offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

It's all hosted from my apartment! (1)

dosius (230542) | more than 4 years ago | (#29918775)

I run my own e-mail, www and even irc server right here. My primary e-mail addresses are all directed straight to my computer; do not pass go, do not collect $200. And that's the way I like it!

-uso.

4th (1)

MikeD83 (529104) | more than 4 years ago | (#29918785)

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Papers and effects? The founding fathers were smart enough to protect email. This ruling is a disgrace.

ECPA (5, Informative)

Anonymous Coward | more than 4 years ago | (#29918787)

I see that the electronic communication privacy act of 1986 is being ignored once again.

http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

RIP Cloud Computing... (0)

Anonymous Coward | more than 4 years ago | (#29918789)

... we loved you while you sort of started. And then were killed. By the feds... who contract with the GSA for cloud computing?

Additionally, my comments are now owned by Slashdot and I as the user am no longer responsible for them. So there.

This a bad precedent (1)

Jeffk67 (78579) | more than 4 years ago | (#29918853)

How can he make the analogy to postal mail or telephone calls and not see that the same principles apply to email? We should have a constitutional amendment guaranteeing a right to privacy. The anti federalists were right. Without an explicit protection the government will take away every protection it can.

Exsqueeze me? (1)

ArcadeNut (85398) | more than 4 years ago | (#29918861)

How is this any different then making a phone call? My voice still has to go through the Phone Companies equipment. They still need a warrant to tap my phones (well, maybe not thanks to the Patriot Act).

If this ruling stands, it's going to open up a whole new can of worms. Email should be considered PRIVATE if there is only one recipient, just the same as if I make a call to a single individual.

 

Consequences (2, Insightful)

SlipperHat (1185737) | more than 4 years ago | (#29918887)

By that logic, that judge's emails should be open to being searched.

Forget searched; Hacked! (0)

Anonymous Coward | more than 4 years ago | (#29919105)

If there is no expectation of privacy, why can't anyone just login and read your email by hacking your account?
There are people serving time for the very thing she's legalizing for the police.
Or how is this supposed to square with the unauthorized computer access laws?
Are the cops running some ISP we don't know about to get "authorized access" to the emails?

3rd-party doctrine (5, Insightful)

MobyDisk (75490) | more than 4 years ago | (#29918889)

When a person uses the Internet, the user's actions are no longer in his or her physical home... All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP

Yes, just like:
- Mail
- Safe deposit boxes
- Bank accounts
- Voice mails
- Telephone conversations
- Storage units

As far as I know, all of the above things are subject to the 4th amendment. WTF???!!!

Reasonable ruling if analogy holds (1)

ugen (93902) | more than 4 years ago | (#29918891)

I think this ruling is just fine as long as they extend analogy with the physical world further. I.e. if e-mail and information stored on the 3rd party servers are not "private", then e-mails and information stored locally on servers in my home should be protected by the 4th amendment.

As long as that's the way they read the law (applying "home" boundaries literally rather than as a way to define a set of "things that belong to a person") - fine with me. It's not upholding the spirit of the amendment but rather only the letter, but that's better than nothing I suppose.

Netzero? (2, Funny)

Rude Turnip (49495) | more than 4 years ago | (#29918929)

Get with the times, man...Juno is the ISP of the future!!!

The death of the provider server? (1)

rusty0101 (565565) | more than 4 years ago | (#29918945)

Considering that many people already are not using their ISP's e-mail server, is this likely to become the death knell of publicly provided e-mail services?

I can see this being a significant issue for gmail, msn, yahoo and AOL (almost had SOL there, interesting) and their customer relations. For me it's a 5 min process to move my own services back onto my own computers. And as part of that I can advise friends and people I am going to exchange personal e-mail with to use an encrypted platform.

I don't know that it's going to be of use to many other people however. We've put a lot of work over time into making web based services simple to work with. Just as Microsoft put millions of hours into making Windows into a simple to use and work with platform. Building security and privacy into those platforms is not going to be a simple matter of tacking authentication and ssl onto them.

Re:The death of the provider server? (0)

Anonymous Coward | more than 4 years ago | (#29919161)

What amazes me is that we don't have a standardized, encrypted and more importantly CERTIFIED method already. We should be able to send real business / legal letters electronically through the mail, but we can't. More frightening is the fact that so many people are treating email as if it shares the same qualities as mail when it doesn't.

Summary is not quite right. (3, Insightful)

DaveV1.0 (203135) | more than 4 years ago | (#29919017)

The judge ruled that the warrant can be served on the third party without notifying the sender. This would be akin to serving a warrant to one's employer to search one's workspace.

Or, serving a warrant on your friend to access your friend's computer to get emails sent by you.

I think this ruling is on shaky ground due to the concept of "reasonable expectation of privacy".

Well (1)

Dunbal (464142) | more than 4 years ago | (#29919019)

Time to encrypt, bitches. I'll show you a "private space".

Forget email, put NOTHING in the cloud! (0)

Anonymous Coward | more than 4 years ago | (#29919033)

By this argument, NOTHING in the cloud is protected by the 4th amendment. Until this obviously flawed decision is overturned, cloud computing is out as an option for me.

Bush Appointee (2, Informative)

DigMarx (1487459) | more than 4 years ago | (#29919065)

Not to get all ad hominem or anything, but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.

Zo

Re:Bush Appointee (1)

nomadic (141991) | more than 4 years ago | (#29919095)

but this judge was apparently nominated by G.W. Bush and is an LDS, according to Wikipedia. We should be expecting these kind of rulings for a long time: Bush got a lot of his guys in before he lost his political capital. Civil rights, schmivil schmights.

As someone whose distaste for the Bush administration is unparalleled, I think most of the judges he nominated were essentially qualified. It's the lawyers his administration hired for the DoJ who tended to be immoral incompetents.

Bank Records? (1)

forand (530402) | more than 4 years ago | (#29919081)

This is confusing to me: how do bank records not fall into the same classification? Clearly if my mail provider say they will give out my email to whomever they like then sure but most have a privacy policy which explicitly states that they will NOT do that unless compelled by law.

Safe Deposit Box (1)

dirkdodgers (1642627) | more than 4 years ago | (#29919109)

An email box is like a safe deposit box.

I pay the bank for my safe deposit box to provide secure storage for, and access to, private documents and belongings.

I pay my email provider for my email box to provide secure storage for, and access to, private documents and belongings.

The government can no more righfully search and seize my email inbox without a warrant than it can my safe deposit box without a warrant.

The government can go fuck themselves.

TFA talks about notification not access (3, Interesting)

Nkwe (604125) | more than 4 years ago | (#29919111)

The fine article refers to a ruling that says you don't have to be notified if your email is accessed. It doesn't talk about if it is legal or not to access your email. I guess the theory being that if your mail is stored "publicly" at an ISP and that someone has the legal right to look at your mail, they don't have to tell you that you have been snooped on.

The article doesn't seem to make the distinction between mail at rest (on a mail server) and mail in transit (passing on the wire) so I don't know if running your own mail server makes any difference here or not. It would at least reduce the exposure time for "snapshots" to be taken and disclosed. If your mail was on your own server you would at least have to be approached by a court with a subpoena or similar that demands access, which you would probably notice.

Encryption is of course, the answer.

With all due respect (0, Flamebait)

mbone (558574) | more than 4 years ago | (#29919115)

This Judge should be impeached and removed from office for this. Start a campaign fund; I'll donate.

I am tired of these lovers of tyranny who pretend that Constitution's protections only apply to technologies in existence in 1789.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?