Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

An Inbox Is Not a Glove Compartment

Soulskill posted more than 4 years ago | from the until-gmail-unveils-support-for-glove-storage dept.

Privacy 316

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

Sorry! There are no comments related to the filter you selected.

My computer is in the glove box (5, Funny)

fotoguzzi (230256) | more than 4 years ago | (#29950490)

you insensitive clod!

Decision Formalizes What Already Happens (3, Insightful)

onionman (975962) | more than 4 years ago | (#29950522)

This decision doesn't really change the common practice of law-enforcement agencies does it? Haven't we all already known that the government (and gmail/yahoo/hotmail/your boss etc.) is scanning our email pretty much whenever it wants to?

Re:Decision Formalizes What Already Happens (5, Insightful)

rolfwind (528248) | more than 4 years ago | (#29950698)

If this stupid decision goes through, it makes all unwarranted searches of email admissible in court. The government tortured in Guantanamo, since we all "know" that is happening, should we all go "Oh well" and then when a court legalizes it say "This decision only frmalizes what already happens, whoopey doo!"

As an aside, when I give my car to service, the employees of the dealership/repairshop can conceivably search through my glovebox. I guess cars shouldn't need warrants. And when I have a plumber/electrician fix my house, he can snoop, so might as well strike houses from the list of things needing warrants.

Its pretty evident I have no expectation of privacy on my email, that's why it has no password, and if it did, I give it to everyone, Mr. Idiot Judge.

Re:Decision Formalizes What Already Happens (5, Insightful)

onionman (975962) | more than 4 years ago | (#29950826)

Well, one of the benefits of formally recognizing what is occurring is that it allows the practice to be formally challenged without the issue of "state secrets" being relevant.

As the old saying goes, "the problem with unwritten rules is that no one knows where to go to erase them." Here we have formal decision which puts one judge on record as agreeing with the common practice. This decision may now be appealed. The appeals process can allow the judicial branch to decide on the entire practice of warrantless wiretapping without any state secrecy issues being involved! That seems like a good thing to me.

Re:Decision Formalizes What Already Happens (3, Insightful)

rolfwind (528248) | more than 4 years ago | (#29950926)

Yes, but once erased, they'll keep on spying on email in secret, landing us back to step 1 and this will be the perpetual cycle. The best spot we can hope for is step 1, unfortunately, secret, court unsanctioned spying.

As reported days ago, the biggest opponent to the three strikes rule in britain were the spooks, because they fear a rise in encryption use. That is what people should start using to defend themselves because the formal set of rules won't help here, but at least the court shouldn't ever sanction and admit it. Even if sucessfully challenged this time, there will come a time in the repeating cycle where it doesn't get erased, doesn't get overturned, and then we're stuck at the worst possible case.

Re:Decision Formalizes What Already Happens (2, Interesting)

MetalPhalanx (1044938) | more than 4 years ago | (#29951316)

"The problem with unwritten rules is that no one knows where to go to erase them."

Wait a minute, laws are erased?

Re:Decision Formalizes What Already Happens (1)

realityimpaired (1668397) | more than 4 years ago | (#29951780)

Laws can be struck down, either by the courts, or by the creation of new laws which supersede the existing law. While the law itself is still viewable for historical reasons, it is no longer part of the code, and no longer enforcible or enforced.

It's not actually *erased* per se. More like being commented out. The history of civil rights is probably the easiest place to see where laws banning (or requiring) specific behaviour get struck down... prohibition, suffrage, segregation. It used to be illegal for an african to marry a caucasian in the US, for example. That law still exists, but it has been struck down as unconstitutional. Today, the hot topic is Gay/Lesbian/Transgender rights... expect some big changes over the next 10-15 years, and when the dust has settled, expect there to be equal rights for members of the LGBT community. (talking about things like marriage, spousal benefits, etc..)

Re:Decision Formalizes What Already Happens (4, Informative)

nedlohs (1335013) | more than 4 years ago | (#29950888)

No. They still need a warrant, it's just that the warrant is shown to the ISP who gives them the email and the actual owner is none the wiser. So it works like a phone tap instead of like a search and seizure in your home.

Just run your own mail server and now the warrant needs to go to you, so you get notified. Doesn't stop them reading it of course...

Re:Decision Formalizes What Already Happens (1)

mindstrm (20013) | more than 4 years ago | (#29950986)

They are warranted - the warrant is against the company holding the email, not against you.

Re:Decision Formalizes What Already Happens (1)

captaindomon (870655) | more than 4 years ago | (#29951142)

No, that is not correct. These searches still need to have a warrant issued by a judge. The difference is that they don't need to show the warrant to you, they only need to show it to your ISP. This is a subtle difference but is very important. These searches are already possible with "Silent Warrants", i.e. for telephone wiretaps, where they do not need to tell you ahead of time. So there really isn't that much of a change of what is possible, just a clarification.

Re:Decision Formalizes What Already Happens (0)

Anonymous Coward | more than 4 years ago | (#29951144)

Yup, that's pretty much what is happening here. I just wanted to add that this might just be a ploy for the USPS because they are losing the federal government millions of dollar a year. If that is true, we really don't even come close to comprehending how corrupt the politicians of late are.

Re:Decision Formalizes What Already Happens (2, Informative)

Interoperable (1651953) | more than 4 years ago | (#29950874)

The government does have to notify Google/Yahoo/etc., it doesn't just scan all correspondence without warrant. What it does mean, is that it can read your e-mail by issuing a warrant to Google without ever notifying you. Google complies promptly with all warrants issued but is not in the habit of forwarding correspondence to the FBI just for fun.

The key here is not to treat any information stored on remote servers as belonging to you. Anything on your computer is in your possession but the moment you send it into the aether it is potentially in the possession of a third party that can do whatever they want with it (read the privacy policies!). If you want to keep your e-mails secure, encrypt them; try gnuPG.

Re:Decision Formalizes What Already Happens (2, Insightful)

Forge (2456) | more than 4 years ago | (#29951124)

This is what comes from deliberately inventing definition for what is really just new technology to perform an old function for which there is well established law.

In this particular case, Email is still mail. It just travels faster and as photons or electrons rather than as a collection of atoms.

So all we had to do is transpose the rules which apply to snail mail over to email. I.e. A postman is not allowed to open and read your mail. He just has to pass it on to the destination address. That same principle applies to private mail providers (FedEx, DHL etc...).

That is what should have been done. What has actually been done is quite different. The authorities routinely go throgh email in circumstances where they would not have been allowed to go throgh snail mail. They "ask" (read order) ISPs to do things that they dare not ask of FedEx.

The mail to email analogy is almost perfect (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29950538)

The mail to email analogy is almost perfect, which now frightens me. What does this judge know about the US Postal system that he isn't saying?

The #1 Lesson (1)

mpapet (761907) | more than 4 years ago | (#29950546)

Email is not private. The sooner you stop pretending it should be and do nothing, the more quickly the citizens of this country can have a legitimate conversation about this and other issues of national importance.

Moral outrage in 3....2....1....

Re:The #1 Lesson (1)

Verdatum (1257828) | more than 4 years ago | (#29950762)

ARRG!!!!

Re:The #1 Lesson (2, Insightful)

King_TJ (85913) | more than 4 years ago | (#29950970)

Umm... let me get this straight then? You believe it's an undeniable *fact* that email not only IS not private as it currently stands, but SHOULD not ever be considered private?

I'd argue that in reality, the expectation of privacy for electronic mail by the general public is no different than the expectation of privacy they have for physical mail. Unfortunately, the implementation most often used today doesn't live up to the expectations people have. (People tend to think that because they can't check their mail without the proper login and password, that means the mail is "secure". They're used to thinking that passwords = security when it comes to computers.)

With the right software and proper configuration, it's possible to encrypt all outgoing email automatically, and ensure it really is private. IMHO, it's too bad the systems administrators didn't foresee the need for this when paid customers (usually using dial-up modems with a local ISP) started signing up and trying this stuff out for the first time. (Perhaps the truth is, many of them rather *liked* the idea that if they so desired, they'd be able to snoop into the emails of any of their users, as desired?)

Now, we're reaching a point where the courts are playing "catch up" with the technology, and they're starting to make legal rulings on this stuff. If it's codified into law that it's ILLEGAL to ensure emails have true privacy, that'd be a shame and a big loss for the userbase as a whole.

I know companies like to claim that because they own the servers and the Internet connections the corporate emails travel over and get stored on, they own the "rights" to all of the employee emails as well. But to me, that's rather like an owner of an apartment complex claiming he/she can legally go through any of the tenants' physical mailboxes at will, because he/she owns the panel of mailboxes in the wall that it all gets put in! (Even in my apartment scenario though, the landlord could possibly get away with opening people's individual mailboxes, if all he/she was doing was counting the number of envelopes a tenant received each day, or was just reading the postcards before putting them back. The fact that most mail is inside an envelope that can't be opened without leaving behind evidence it was opened/tampered with adds another layer of security for the tenant. That's where our current email infrastructure is lacking. The law is effectively saying "Everything's written on the equivalent of postcards that anyone can see as they handle it, anyway - so why should we grant it any legal privacy rights?")

Re:The #1 Lesson (3, Insightful)

Zerth (26112) | more than 4 years ago | (#29951200)

The law is effectively saying "Everything's written on the equivalent of postcards that anyone can see as they handle it, anyway - so why should we grant it any legal privacy rights?")

That's exactly why I don't care. When I send an unencrypted email, my mail server sees it, my router sees it, my ISP can see it, and 10 or 20 other servers between me and the destination mailerserver can probably see it too.

If someone sends unencrypted mail, I don't feel in the least bit bad when it gets read. If you wouldn't send it on a postcard, you shouldn't email it unencrypted. If whomever you are sending it to can't deal with that, contact them by another method.

Re:The #1 Lesson (1)

whoever57 (658626) | more than 4 years ago | (#29951560)

That's exactly why I don't care. When I send an unencrypted email, my mail server sees it, my router sees it, my ISP can see it, and 10 or 20 other servers between me and the destination mailerserver can probably see it too.

Perhaps your mail goes unencrypted, but most of my email does not. My email leave my house and travels to my own mailserver in an encrypted form. From my mailserver, if going to gmail, the connection uses SMTP-TLS -- in other words, once again it is encrypted.

An increasing number of mailservers support SMTP-TLS today, so the old assumptions about intermediate routers being able to read mail are no longer valid.

Gmail and many webmail services offer an https option for reading email, also pops or imaps (or pop-with-tls) are also becoming commonly used, so downloading of emails is increasingly encrypted.

Re:The #1 Lesson (1)

mpapet (761907) | more than 4 years ago | (#29951312)

Email is the equivalent of postcards.

Re:The #1 Lesson (1)

plague3106 (71849) | more than 4 years ago | (#29951774)

Why should email not be private?

Makes me glad I run my own mail server (3, Interesting)

Iphtashu Fitz (263795) | more than 4 years ago | (#29950550)

If the government wants access to my inbox they'll need to talk to me since I'm the admin of my mail server.

Re:Makes me glad I run my own mail server (1)

Intron (870560) | more than 4 years ago | (#29950816)

And are you also your own ISP or does your email pass through someone else's routers? Hope you don't mind them recording packets and saving every DNS lookup and every website you visit as part of the "ordinary course of doing business".

Re:Makes me glad I run my own mail server (2, Interesting)

Again (1351325) | more than 4 years ago | (#29951332)

And are you also your own ISP or does your email pass through someone else's routers? Hope you don't mind them recording packets and saving every DNS lookup and every website you visit as part of the "ordinary course of doing business".

Well you could always give them information overload. Make a bot in Ruby that is constantly going to random websites, sending random emails to random addresses and just constantly doing things online. Have the bot run all day and the information the ISP stores of you will become meaningless gibberish because the vast majority of it will be random from your bot.

Re:Makes me glad I run my own mail server (2, Insightful)

0100010001010011 (652467) | more than 4 years ago | (#29951364)

Have the bot run all day and the information the ISP stores of you will become meaningless gibberish because the vast majority of it will be random from your bot.

They'll just assume you're a 4chaner.

Re:Makes me glad I run my own mail server (1)

characterZer0 (138196) | more than 4 years ago | (#29951170)

I am the admin my mail server. But my mail server is a virtual server in a datacenter. I lease that space, so presumably as far as notification goes, it is just as much mine as an apartment I may rent or a car I may lease.

Will the judge see it this way?

Re:Makes me glad I run my own mail server (1)

vlm (69642) | more than 4 years ago | (#29951182)

If the government wants access to my inbox they'll need to talk to me since I'm the admin of my mail server.

http://en.wikipedia.org/wiki/National_Security_Letter [wikipedia.org]

Until recently, if you got an NSL to disclose information about one of your users, that user being yourself, it would have been illegal to disclose to yourself that the jackboots were requesting information about yourself.

One flaw (5, Insightful)

Todd Knarr (15451) | more than 4 years ago | (#29950558)

One flaw in this argument: ISP employees do in fact have access to your e-mail. Hopefully it's only a small number, sysadmins and others with root access, and ISPs usually promise not to use that access except in limited ways without the customer's permission, but that doesn't change whether they have access or not. And the courts are concerned with whether the ISP has access, not whether or not he's promised to use it.

A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents. If you want an expectation of privacy in your e-mail, you need to insure that your ISP literally cannot access it's contents. A promise from them that they won't isn't sufficient if they can.

Re:One flaw (1)

broken_chaos (1188549) | more than 4 years ago | (#29950938)

Yes, there are some employees who have access to the e-mails, but they are not exposed on a regular basis to the content of those e-mails, unless they're excessively abusing the power they've been trusted with.

Re:One flaw (1)

mindstrm (20013) | more than 4 years ago | (#29951264)

I think you are misinterpreting the statement.

The point is that
a) Yes, system admins can read your mail. Even though they don't, they CAN.
b) You know they can, and that those mails will sit on the company's servers in plaintext -

therefore, YOU are exposing your emails to the company in question on a regular basis.

Re: No flaw (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29951048)

"One flaw in this argument: ISP employees do in fact have access to your e-mail."

In the same way that a landlord has access to the rented homes (has keys): it does not mean you have any less right to privacy in your (rented) home.

Re:One flaw (4, Informative)

rolfwind (528248) | more than 4 years ago | (#29951114)

A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents.

Up until the 1970s, you're bankrecords were, in fact, confidential and the customer had as much expectation to privacy there as with his health records entrusted to his doctor.

Then this was assaulted by the "Right to Financial Privacy Act" in 1978, which "let federal agents write their own search warrants, but limited the subjects of those warrants to financial institutions."
http://www.lewrockwell.com/orig6/napolitano2.html [lewrockwell.com] (I don't respect Lew Rockwell so much, but Judge Napolitano seems to know what he is talking about, and this was in a speech of his as well here: http://www.youtube.com/watch?v=t8QwTKKSvR8 [youtube.com] )

I heard various things about Government unwarranted snooping and seizure on safety deposit boxes, but I can't find a credible link about that at the moment.

Re:One flaw (4, Insightful)

nine-times (778537) | more than 4 years ago | (#29951246)

My landlord has keys to my apartment. Does that mean I have no expectation of privacy in my own apartment, just because a third party theoretically has access to it? Even if I haven't given permission for my landlord to enter my apartment?

Re:One flaw (1)

Noexit (107629) | more than 4 years ago | (#29951766)

What about looking at logfiles? If your landlord is doing repairs on your home he can see who's going in and out and what they're carrying. Same thing with looking through the email logs as a normal course of business isn't it?

And of course, your landlord can enter your apartment with your keys if he has sufficient reason to believe you're knocking holes in the wall or causing some other damage.

Re:One flaw (1)

tlhIngan (30335) | more than 4 years ago | (#29951800)

My landlord has keys to my apartment. Does that mean I have no expectation of privacy in my own apartment, just because a third party theoretically has access to it? Even if I haven't given permission for my landlord to enter my apartment?

Yes, outside of what the law and your agreement provide. You'll probably find that your landlord can enter your apartment (and depending on the legals, may have to provide some notice - 24 hours is common, but maybe not) to inspect. Near the end your agreement, your landlor might be able to let anyone into your apartment to show it around, again, possibly with or without notification. And of course, all liability for stolen items falls on you.

And if the police come by, the landlord may let them in without a warrant (though you may demand to see one if you're present at the door). Again, that's up to the agreement and the law.

Re:One flaw (1)

mariushm (1022195) | more than 4 years ago | (#29951414)

Yeah, people at the post office and customs can also open your packages on suspicion they contain drugs or other illegal materials and they could in theory read the letter but that doesn't mean they read the text of the letter.
The same way people at the ISP could read the mail but that doesn't mean they do.

Re:One flaw (0)

Anonymous Coward | more than 4 years ago | (#29951712)

"Course of everyday business" seemed relevant here.

Warrant (1)

Nerdfest (867930) | more than 4 years ago | (#29950580)

I'm just happy to see them actually realizing that it should require a warrant.

As an UNIX admin... (1)

taskiss (94652) | more than 4 years ago | (#29950590)

"Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' "

I disagree. When something starts filling /var/spool/mqueue it's common that customer e-mail get read.

Re:As an UNIX admin... (1)

Dr. Evil (3501) | more than 4 years ago | (#29950738)

If I'm reading somebody's email, all I take away from it is.... spam, spam, spam, real email, spam, porn, script-gone-bonkers, script-gone-bonkers, real email.

I don't actually read the contents. Maybe the sender-recipient pairs, but I won't talk about what I see.

Re:As an UNIX admin... (1)

taskiss (94652) | more than 4 years ago | (#29950916)

I do the same, but consider that reading the e-mail. I think a court would too, if it came to that.

easy solution (0)

Anonymous Coward | more than 4 years ago | (#29950594)

encryption

US Mail is handle by a Third Party too (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29950596)

So how is it any different if I give an envelope to a USPS employee? It's no longer under my control, but I expect it to be private. Also the USPS has been know to open a package or two, so does that now mean all mail is no longer private? Like email, I have no choice but to let someone else handle my mail, IF I want it to be delivered.

Well there's really only one solution to all this government stupidity, Encrypt Every Thing Every Time.

Now if we could just make it pretty hassle free, so everyone would encrypt every thing every time, without having to think about it.

Media Mail (4, Insightful)

jDeepbeep (913892) | more than 4 years ago | (#29950666)

So how is it any different if I give an envelope to a USPS employee? It's no longer under my control, but I expect it to be private.

I'm not sure about other types of mail, but media mail can be searched at any time, by any postal employee. The sign at my post office states this to be a fact, but I can't find the specifics on their website to give a link here.

Re:Media Mail (1)

BenBoy (615230) | more than 4 years ago | (#29950746)

... FWIW, the reason for this is that people routinely lie about the contents of those packages, in order to get the cheap postage. Something like 20% or so, IIRC, according to postal employees I spoke with about it.

ISP tech support DOES read user mail. (1)

RyuuzakiTetsuya (195424) | more than 4 years ago | (#29950604)

the hinge of the matter is that customer service/tech support *has* to when troubleshooting certain issues. I've worked for several ISPs and it's generally the same procedure. Verify but don't DO anything or leak anything out. Customers SHOULD have a feeling of privacy from other users but not ISP staff. Their email is sitting on OUR servers. Don't like it? Do it yourself. Or don't use email. Which is a better option. Email sucks.

Re:ISP tech support DOES read user mail. (0)

Anonymous Coward | more than 4 years ago | (#29950898)

This is hogwash. There is no reason for you to read users emails. Just because you can do something does not mean you should, or it isn't a violation of company policy and/or law.

There are people at the bank that CAN transfer your money somewhere - so you wouldn't mind if they did - because you should live with it or not use banks?

Give me a break people routinely have access to information they can not view or act upon unless required. And if you can not be trusted in this manner I suggest you go work for McDonalds because it is part of being a professional.

Sure they do. (4, Insightful)

mindstrm (20013) | more than 4 years ago | (#29950608)

"But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails.""

It might be a bit far reaching... but come on, system administrators have had access routinely to people's mailbox contents since forever (on most mail systems). Not that we go around snooping on your mail, but we can and do have access to it, if it's plaintext, at any time. If you are sending emails through any provider without encryption and assuming that some staff at that provider are not technically capable of reading and copying your emails, you are delusional.

This is not like snail-mail, where although you know the postman could open your mail, you also know he'd go to prison for it.

Old people - please die (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29950620)

I would like to ask all of you old people to hurry up and die. I'm afraid your entire generation is out of touch and should not be in a position to make rules about technology you simply fail to understand. Those rules will continue to make little sense long after you have left (since law is very difficult to remove in a common law system).

This message goes out to:
  - Most judges
  - The MPAA/RIAA
  - Content producers
  - John McCain
  - et al

Re:Old people - please die (1)

MetalPhalanx (1044938) | more than 4 years ago | (#29951406)

While written in an inflammatory manner, I really do agree with you.

Unfortunately, there will be new stupid morons to replace the old guard. Most people have no understanding of computers beyond how to use their favorite social networking site, to them the computer is a "magical" box which can do stuff and get them to the internets.

From the summary/article (1, Troll)

Afty0r (263037) | more than 4 years ago | (#29950658)

By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice.

This is incorrect - you had a choice to host your own email server (doesn't cost a great deal) on which you could encrypt your data stores. You chose not to and went with a commercial email provider for... cost reasons? If you're not prepared to spend real money protecting/securing your documents and feel it's only worth $FREE$ then you are conveying, pretty strongly, that you don't really care about their contents.

Not that I agree with the judges decision, but this line is bolsheviks...

Re:From the summary/article (0)

Anonymous Coward | more than 4 years ago | (#29951622)

hosting your own mail server can actully be free aside from bandwith cost but if u r the only one using it and don't get a ton of mail just basic highspeed probably could handle it(although atchments may like faster...) linux makes mail hosting easy :)

move mail rather than copy (1)

knutzipferdchen (892281) | more than 4 years ago | (#29950664)

Though this may not be the ultimate solution to the problem I tend to "fetch" my mail, either using POP or IMAP and remove the copy from the server. Though this does not save me from being eavesdropped, I still have the feeling that it will reduce the amount of information about me on the server side in the long run.

Not Just E-Mail. Anything in the "cloud" (3, Interesting)

wiredog (43288) | more than 4 years ago | (#29950680)

As James Fallows asks in The Atlantic Are we naked in the cloud? [theatlantic.com]

But the reader's point is less about the ins and outs of this ruling than about the broader legal/privacy implications of storing information "in the cloud." When you're working in Google Docs, as opposed to using a spreadsheet or document that lives on your computer, have you essentially surrendered custody and control of that information? What if you rely on online "cloud" systems -- Carbonite, SugarSync -- to back up or sync your files? Have you given up custody of those files too?

The answer he supplies is "yes" you have given up custody.

"An Inbox Is Not a Glove Compartment " (1, Flamebait)

VGPowerlord (621254) | more than 4 years ago | (#29950708)

"An Inbox Is Not a Glove Compartment"

Yes, Mr. Stevens, we get that the Internet isn't a big truck.

Re:"An Inbox Is Not a Glove Compartment " (1)

VGPowerlord (621254) | more than 4 years ago | (#29950730)

Whoops, hit the wrong reply button.

Re:Not Just E-Mail. Anything in the "cloud" (2, Insightful)

cawpin (875453) | more than 4 years ago | (#29951254)

The entire basis for this case is illegitimate. They are saying, since email is handled by a third party, the actual owner doesn't need to be notified. This would widely apply to damned near everything we do nowadays. My money is under the control of a third party, my bank. Does this mean they can get my bank records without notifying me? Does it mean they can search my house without notifying me? After all, I don't actually own it yet, the bank does.

Re:Not Just E-Mail. Anything in the "cloud" (1)

slimjim8094 (941042) | more than 4 years ago | (#29951484)

Well, not necessarily. A good backup client (I don't know about Carbonite or Sugarsync) should encrypt, with industry-standard algorithms, on the client side before sending it to the server.

In this case, you retain your data.

/sigh (1)

Galestar (1473827) | more than 4 years ago | (#29950712)

The Inbox Is Not a Glove Compartment, just like the Internet is not a truck?

Re:/sigh (2, Funny)

bertoelcon (1557907) | more than 4 years ago | (#29950844)

I could see the internet being the highway, and every user (and their data) being a vehicle. Emails being about the size of a glove compartment and porn being the size of a fleet of wide mobile homes on the highway. It works better if you think of streaming as a carpool lane that doesn't get in traffic like everything else.

Nothing changed for me. (5, Funny)

daid303 (843777) | more than 4 years ago | (#29950720)

Because I use hotmail...

Nothing to see here, just Spam. (1)

PerfectionLost (1004287) | more than 4 years ago | (#29951158)

Atleast the government is interested in the spam I get now...

First they came for your emails . . . (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29950728)

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

What if we changed the third-party statements to the following:

"[T]he defendants voluntarily conveyed to the healthcare provider and exposed to the healthcare provider's employees in the ordinary course of business the contents of their medical records."

"[T]he defendants voluntarily conveyed to the financial institution and exposed to the financial institution's employees in the ordinary course of business the contents of their finances."

"[T]he defendants voluntarily conveyed to the landlord and exposed to the landlord's employees in the ordinary course of business the contents of their apartments."

Re:First they came for your emails . . . (2, Informative)

Chaos Incarnate (772793) | more than 4 years ago | (#29951418)

(1) and (2) can be acquired via warrant served to the healthcare provider or the financial institution, same as with the e-mails in question. (3) is a red herring since you don't expose the contents of your apartment to the landlord in the ordinary course of business.

encryption is always an option (0)

Anonymous Coward | more than 4 years ago | (#29950750)

I think, with all this laws and rulings, it should become clear to more and more people,
that the mail exchange containing relatively private data should be encrypted.

Email is not private unless encrypted. (1)

John Hasler (414242) | more than 4 years ago | (#29950766)

> ...the decision hinges on the assertion that ISP customers have lowered
> privacy interests in e-mail because they 'expose to the ISP's employees in
> the ordinary course of business the contents of their e-mails.' Fortunately
> for everybody, this is not true...

Yes it is. The fact that the employees might be fired for reading the mail does not alter the fact that they have the opportunity to do so. Unencrypted email is no more private than a postcard.

Re:Email is not private unless encrypted. (1)

c0d3g33k (102699) | more than 4 years ago | (#29951116)

You're missing the subtle point that opportunity can be trumped by allowable policy. If the standards are that no emails are examined without just cause and only by explicitly authorized personnel, then some level of 'customary' privacy exists, even if one shouldn't expect that the email could never be viewed. By your reasoning nobody should expect not to be clubbed to death while walking down the street because any passerby has the opportunity to do so, since the potential victim isn't wearing armor. Yet people do expect this, and on the rare occasion that it happens, it's considered a serious crime and the perpetrator is subject to severe punishment for violating the law. I find it perfectly reasonable to consider personal email to be private and that unauthorized people should only be allowed to examine it under narrowly defined circumstances. Private is not the same as "secret".

Re:Email is not private unless encrypted. (1)

QuantumPete (1247776) | more than 4 years ago | (#29951308)

Except that we don't have the option of writing a letter instead and sealing it in an envelope. Or does Amazon send you e-mail in encrypted form, with a properly authenticated public key?

Re:Email is not private unless encrypted. (1)

edible_seaweed (1396315) | more than 4 years ago | (#29951778)

Yes it is. The fact that the employees might be fired for reading the mail does not alter the fact that they have the opportunity to do so. Unencrypted email is no more private than a postcard.

It's a very different situation. People doing things that would get them fired seems very different than the "Ordinary course of business" mentioned in the article. In addition to threats of firing, a good e-mail provider will have some security implemented...unencrypted e-mail *when stored on the mail server* therefore *is* more private than a postcard -- the threat of punishment matters.

/. may need to change the category name... (5, Insightful)

No Grand Plan (975972) | more than 4 years ago | (#29950796)

... because pretty soon we're not going to have any rights online.

Caveat Lector (5, Insightful)

Grond (15515) | more than 4 years ago | (#29950832)

From the essay: "Now, most of us don't have the expertise to comment on the legal technicalities"

Mr. Haselton is, as far as I can determine, not an attorney and has no formal legal education. So bear in mind that the above statement applies to the author of this essay as well.

You know how Slashdot contributors often bemoan poor science journalism written by reporters who obviously don't understand the subject matter? The same danger exists when people like Mr. Haselton, who is a freelance programmer, try to analyze and report on legal issues.

Again, from the essay: "But in the game of analogies, we're all experts, insofar as we're qualified to comment on...whether our "expectations of privacy" in the two areas are similar."

The expectation of privacy is a legal term of art. It does not simply refer to the individual's subjective feeling about whether he or she, personally, expects that a given communication, act, etc will or should be private. So, no, we are not all necessarily qualified to comment on the similarity of the expectation of privacy in two areas because there is a second, objective component of the expectation of privacy. The objective component is highly context-dependent, and its contours have been defined over the years by numerous court cases, none of which Mr. Haselton has cited, distinguished, or applied here.

And this is the glaring issue with Mr. Haselton's essay: he has analyzed the opinion in a vacuum. He does not cite or apply any supporting precedent or statutes, nor does he distinguish the facts of the case from the precedents that the judge cited. This kind of reasoning is not legal reasoning, and it can easily lead to all kinds of errors.

Note that I have, apart from the meaning of 'expectation of privacy,' refrained from critiquing the substance of Mr. Haselton's argument. It is possible that his argument could well win the day in an appeal; on the other hand, perhaps it is hogwash. I merely want the readers here not to be mislead into thinking that this is a rigorous legal argument or that Mr. Haselton is some kind of expert on the subject matter. Indeed, his lack of citations or argument from precedent would probably get him laughed out of court.

Re:Caveat Lector (3, Interesting)

nomadic (141991) | more than 4 years ago | (#29950992)

Yet he seems to have become slashdot's resident legal columnist. I don't think I've read anything of his that hasn't irritated the hell out of me.

Re:Caveat Lector (2, Informative)

TheRaven64 (641858) | more than 4 years ago | (#29951270)

I don't think I've read anything of his that hasn't irritated the hell out of me

That's okay, I don't think I've read anything of his...

You do know that we're not meant to click on the links in the summary, right?

Re:Caveat Lector (1)

nomadic (141991) | more than 4 years ago | (#29951602)

You do know that we're not meant to click on the links in the summary, right?

They were sneaky, the entire article was in the summary...

Re:Caveat Lector (1)

TheRaven64 (641858) | more than 4 years ago | (#29951738)

You know, I honestly didn't notice that until after I posted. I read the first line or two of the summary, clicked more, and scrolled to the first comment, without even noticing the length of the summary. It's an advanced form of poster blindness...

Re:Caveat Lector (0)

Anonymous Coward | more than 4 years ago | (#29951126)

No, this is not a rigorous legal argument. It is a layperson's argument, based on human perception and standards of privacy and all those good things that law is supposed to be based on.

Maybe the law supports this ruling. But if it does, it's wrong. That's the point.

Re:Caveat Lector (1)

Belial6 (794905) | more than 4 years ago | (#29951534)

Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

One does not need to be a lawyer to understand what this means. It is absolutely clear that email DOES apply to this. The constitution is not a complicated document, and it is not designed to require a modern law degree to understand.

Re:Caveat Lector (1)

mfnickster (182520) | more than 4 years ago | (#29951644)

> One does not need to be a lawyer to understand what this means. It is absolutely clear that email DOES apply to this.

I think e-mails clearly qualify as "papers" in the context of the amendment; unfortunately, the constitution is not clear on what happens when your "papers" are being handled or stored by a third party, or when the courts have declared that your "papers" actually belong to that third party.

Re:Caveat Lector (1)

misexistentialist (1537887) | more than 4 years ago | (#29951662)

lack of citations or argument from precedent would probably get him laughed out of court

Since ignoring precedent is itself precedent, it's more appropriate to laugh while going into court.

ugh (0)

nomadic (141991) | more than 4 years ago | (#29950892)

Read on for the rest of Bennett's analysis.

Can't wait. When I want serious legal analysis, I turn to programmers, because being only an attorney myself, I need their help in figuring this stuff out.

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business."

Of course they do. Why on earth would you think they didn't?

And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails.

I am curious as to which law this is enshrined in.


Now, most of us don't have the expertise to comment on the legal technicalities.

You'd think so...

There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice.

There's a difference between storing apples and oranges; the question is really "is there a legal difference?" First, you're not addressing that, and secondly, factually that's not true. You have a choice to use gmail, just like you have a choice to use e-mail at all.

Protection... (0)

Anonymous Coward | more than 4 years ago | (#29950920)

I shall then endevour to encrypt my napkins, tire gauge, pens, headphones, owners manual and the like.

Take my privacy (please). (1)

TheLeopardsAreComing (1206632) | more than 4 years ago | (#29950934)

"Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil."

The argument is already flawed, assuming that mostly evil people will be targeted. Now we have another loophole to be exploited. This is yet another example of the bastardization of our legal system.

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin

Good thing everyone ENCRYPTS their private email! (1)

mikelieman (35628) | more than 4 years ago | (#29950990)

Wrap that thing in an envelope for Cripe's Sake!

I actually fail to see the point (1)

obarthelemy (160321) | more than 4 years ago | (#29951022)

- e-mail is like snail mail: it transits through others to get to me. i DO have an expectation that my mail, and my email, is private
- I park my car on someone else's property daily. This does NOT mean I'm giving my car away, or I don't care what happens to it.
- In any case, blanket invasion of privacy without even having to go though a judge for each specific instance, or at least each specific individual for a certain time period, is unacceptable. I don't trust judges much more than politicians, but just needing 2 snoops instead of just one makes snooping exponentially harder.

Idiot and crooked politicians certainly cost us more money, and quite possibly more lives, than terrorism and drug gangs. Time to rein them in... and snoop on them. The public actually has much less reason to trust them than they have to trust the public. How about we put them under 24x7 public scrutiny ?

Re:I actually fail to see the point (1)

fandingo (1541045) | more than 4 years ago | (#29951404)

You do realize that the judge ruled that a warrant must be obtained. This ruling only changes who must be notified of the warrant. It has long been held that if a 3rd party is in possession of the property to be seized, then only the 3rd party must be notified of the warrant. The actual owner is not in (sole) possession of the seizable items, so why should the owner be notified?
Being notified of a search warrant is of little use; it's not like you can raise an objection with a court and block the seizure while it's happening. Ok, that's being a little ridiculous. The thing is that Google or whoever the email provider is can still choose to notify you about the warrant; just that the police are not required to do so.

The big problem here is that digital data can be perfectly copied. If I loan my car to a friend, and the police seize it with a warrant; I obviously known it was taken when I ask my friend for it back. On the other hand, if gmail turns over my emails due to a warrant, there is no automatic indication that the emails were copied. I still have them, but so do the police. I don't know Google's policy, but I would hope that they could forward that warrant to me, but you really need to trust your provider.

Here's my take from the decsion: only give private information to people/entities that you trust; once they have it, they can do what they want with it (both legal and illegal). They could post it to the net, give it all to the police, delete it, not notify me of a warrant to seize it, keep it safe, or any number of things. Unless you know exactly what they will do with it, assume the worst.

Honestly, I'm not too concerned about privacy of my email because I know that it's not private and act accordingly. If the government or the world wants to know the mailinglists to which I belong, whatever; I'd be pissed at Google, but I wouldn't get my panties in a bunch.

Postal service (0)

Anonymous Coward | more than 4 years ago | (#29951054)

Sure, they just rip open your mail and read it at their leisure all the time. And they don't even need to know the account password to do so, just an ordinary letter opener. A paper envelope doesn't offer much expectation of privacy.

Gmail should encrypt my mail on their servers (1)

presidenteloco (659168) | more than 4 years ago | (#29951082)

After indexing it for search and ad-serving purposes, it should then be encrypted on their disks.
This would circumvent the judge's argument.

If this sort of encryption is not done, all people and businesses that use software as a service to
for example write and store their intended-private documents are in legal jeopardy.

Re:Gmail should encrypt my mail on their servers (1)

RevWaldo (1186281) | more than 4 years ago | (#29951460)

In terms of using paid-for email with an ISP, could an ISP encrypt a user's server content to the point that they for all practical purposes couldn't decrypt it even if they wanted to, or even if the Feds showed up, search warrants and shotguns in hand?

Right off the top I can see the fallacy being that e-mail sent from/to the user to/from the outside world has to leave/enter the ISP in a decrypted form, and thus they could be force to sniff for messages from/to the user.

What about the post office? (1)

Gonzodoggy (118747) | more than 4 years ago | (#29951192)

Based on this argument, then, the govt. could seize your snail mail with out a warrant on the same basis. i.e. you're putting your correspondence in the hands of a third party. If anything, e-mail should be more inviolate because, it's not in any type of physical format that's "passing through the hands of a third party"

Not Secure, even using ssl. (1)

cpattersonv1 (1664205) | more than 4 years ago | (#29951218)

When you download email from Google, it's still cached on the local machine so you can view it. When you're downloading email from your own POP account, it has to be transferred across a firewall, switches, and so forth, some of which might cache the information. They would not have to contact you in order to obtain access to your email, and they would not have to contact your email provider or someone who you have entered into a secure agreement with. They would simply have to contact the person who controls the router between you and your email server. (Some of which are already controlled by the government.) In regard to SSL, some corporate firewalls are using the client key to decrypt the emails and web pages to transfer them more quickly through their networks since SSL is a huge taxing process on the system.

Whatever you do on the internet or in email is trackable and traceable. They don't have to touch your computer to find out what you are doing. Also since you are licensing your operating system from a company that makes operating systems, I'm sure there's another loophole there as well.

If you aren't doing anything wrong, then there is nothing to worry about.

During ordinary course of business (1)

Jason Levine (196982) | more than 4 years ago | (#29951292)

Even if the contents of your inbox were revealed during the ordinary course of business, that doesn't mean they aren't private. During the ordinary course of business at the hospital I work in, people's medical information is "revealed" (to staff that have valid need of it). This doesn't mean that those staff members go into the local McDonald's and whisper to their friends: "You see Jim Smith there ordering the Egg McMuffin with extra sausage and bacon? He had a heart attack and a triple bypass just six months ago and his cholesterol was through the roof!" (And if they do say that, they'll be risking their jobs to do so.)

The information is revealed during the normal course of "business" and yet it is still considered private information. Why can't inbox contents be thought of the same way? Sure, the contents of your inbox might be revealed during a normal course of business (not sure what this normal business would be, but let's let that slide for the moment), but that doesn't make the contents any less private.

This kind of ruling simply impedes tech advanc (1)

giladpn (1657217) | more than 4 years ago | (#29951304)

Most of the people here - including the author of the article - are not legal experts. Lets talk of public interest rather than about legalities. Once the public interest is clarified - either case law and appeals will get us to the right place, or if necessary laws can be changed.

The internet has certainly made life easier for everybody. And sadly that includes the bad guys. The benefits we all enjoy - instant communication, enormous growth in available information, enormous improvement in the timeliness of information, ability to get answers to many questions, unprecedented marketing and advertising possibilities - help the bad guys just as much.

Want a recent example? See this somewhat self-serving article by a "reformed" advertising scammer: http://www.techcrunch.com/2009/11/01/how-to-spam-facebook-like-a-pro-an-insiders-confession/ [techcrunch.com]

And I am not even talking of terrorists, pedophiles, and the like...

Having said that - its not repeat not enough of an argument to justify a policy of unrestricted search and seizure when data is stored at a third party. Some reasons:

the bad guys are clever at gaming the system; for example THEY do know how to encrypt their sensitive emails. So the damage will hit ordinary folks disproportionally while the crooks will often be able to evade

we all benefit from the growth of the internet, for example the recent surge in cloud computing. Do we really want to dampen this progress with legal concerns about privacy?

This is not to say that we should let the bad guys off the hook entirely. It may be new laws are needed.

Glove Compartment Server (1)

fahrbot-bot (874524) | more than 4 years ago | (#29951356)

Thankfully, I run my own mail server *and* I keep it in the glove compartment of my car...

Clueless Judges (1)

JustNiz (692889) | more than 4 years ago | (#29951358)

Yet another bad ruling that demonstrates that an average judge doesn't have enough technical knowledge to make a good ruling. They all make the same mistake: because they don't understand the tech, they try to force physical-world paradigms already familiar to them onto the digital world, regardless of the fact that its a terrible fit and causes massively incorrect conclusions to be made.

We can't continue to leave these vitally important infrastructure decisions to have-a-go judges. The damage already caused is massive. There needs to be a special court set up to hear technical cases, where the issue gets decided by technical experts, not some old duffer who is probably scared of computers and has secretaries for that sort of thing.

Safety Deposit Box (1)

sacker12345 (1170159) | more than 4 years ago | (#29951424)

Does this been they only need to notify the bank if they want to look through a deposit box at a bank?

Re:Safety Deposit Box (1)

EmagGeek (574360) | more than 4 years ago | (#29951494)

The bank doesn't have the keys to every single deposit box. Most deposit boxes have two locks. The bank only has the key to one of them. The customer has the key to the other.

So and how does this apply to foreign customers? (1)

meist3r (1061628) | more than 4 years ago | (#29951536)

I understand Google is an American company. This is American legislation. I can't take anything from the article which would tell me anything about the access to non-US citizen email. Anyone dare to speculate? I'd say "We're reading everything ..."

Any implications for me? (1)

DdJ (10790) | more than 4 years ago | (#29951538)

I run my own IMAP server in my own basement. I can go and touch the machine that the mail is actually stored on.

Does this ruling have any implications for me? It looks to me like it doesn't.

Incredible (0)

Anonymous Coward | more than 4 years ago | (#29951670)

Friend of mine used to work for Sympatico... They would read Customer e-mails when they got bored... Since Most mail now reside on the US side of the border, you can bet the OHS is using data mining software on ANY e-mail from anyone that has mail even remotely connected to a US server. Does it make it right ? huh, no. Fight the system ? Well I'm happy some people have the time to. Heck, we're being fooled into Win7 with a no win scenario and we're worried about e-mails ?

Expectations? (1)

starfarer42 (682198) | more than 4 years ago | (#29951690)

Why is the law based on what a person expects? Which person are we talking about here? I think it's fair to say that the average computer user considers e-mail to be like regular mail, where reading the contents requires that you "open" the e-mail. Heck, every e-mail program I can think of uses that metaphor! But I know that e-mail is more like a post-card, with the contents right out there in the open for anyone to see. Because of that, I don't expect a whole lot of privacy. Does that mean I deserve less protection under the law?

This shows the flaw in the idea that some information (to and from addresses, etc) is on the "outside" of the envelope while the contents are on the "inside". There is no "inside" when it comes to e-mail! Anyone who has access to the "outside" information has access to everything. What does it matter if the average user expects their e-mail to behave like regular mail when the reality is more like a postcard? Making the law fit people's perceptions seems like trying to impose some kind of schizophrenic world-view on our law-enforcement officers. They can't both read the e-mail headers and ignore the contents, that's a recipe that's just asking for abuse.

We need a reality check, people, and the solution seems painfully obvious to me: if you want privacy then use end-to-end encryption. It's the only way to be (reasonably) sure that no-one is reading your mail except for the intended recipient.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?