A federal appeals court ruling this week has put a spotlight on the increasingly public nature of e-mail messages and has unraveled expectations that e-mail would gain the same privacy protections as traditional communications.
The 1st Circuit Court of Appeals on Tuesday ruled that protections under the federal Wiretap Act do not extend to e-mail messages stored on an e-mail providers computer systems.
“The fact is that there is now an emerging line of precedent in the courts that people should not expect privacy in their e-mail, for the most part,” said Mark Plotkin, a partner at law firm Covington & Burling, in Washington, D.C.
The decision stemmed from a 2001 indictment on wiretapping charges against an executive of Interloc Inc., a now-shuttered listing company for rare and used books. Bradford Councilman, who was a vice president at the company, was accused of having copied e-mails from Amazon.com Inc. that were being sent to book dealers who subscribed to Interlocs e-mail service.
In a 2-1 ruling, the appeals court upheld a lower courts dismissal of the illegal wiretapping charge. Privacy advocates immediately called the ruling a blow to privacy rights, and technology attorneys agreed that the courts decision should put an end to users expectations that their e-mails are safe from prying eyes.
The courts decision hinged on the fact that the Wiretap Act, which dates to 1968, covers eavesdropping on live communications such as a phone conversations but not on stored communications, such as an e-mail message even temporarily stored on an e-mail providers servers or computers en route to a recipient.
“We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than to wire and oral communications,” the courts ruling stated.
The decision is a blow to more than just the privacy of e-mail. It also could hurt efforts to prevent and prosecute other forms of cyber-crime, said Allonn Levy, an attorney with Hopkins & Carley in San Jose, Calif.
“By ruling that copying e-mail messages that had been stored by a computer while in transit is not a crime under the federal Wiretap Act, the First Circuit has removed an important tool for fighting industrial espionage, stalking, identity theft and other information-based crime,” he said.
Up to Congress
The appeals court agreed that “the language may be out of step with the technological realities of computer crimes.” But it argued that it is the role of the U.S. Congress, not the courts, to change any language in the law to extend the eavesdropping protections to e-mail and electronic communications.
“What the courts are telling us is that unless the Wiretap Act is changed, e-mail should be viewed as public communication that anybody could potentially view,” Plotkin said.
Plotkin said he expects the ruling to embolden privacy advocates and others to push for changes in the law, but he doubts that the political climate will lead members of Congress to act. In light of terrorism threats, the issue will likely become one of security versus privacy, which could be a hard sell for privacy advocates, he said.
While the ruling would appear to allow Internet and e-mail service providers to read and copy users e-mails, most major ones have their own privacy policies against such practices. A Yahoo Inc. spokeswoman, for example, said the company “does not access or disclose user information and content except in very limited circumstances such as when required to do so by law.”
Still, the ruling does remove what could have been one barrier to ISPs accessing e-mail for such activities as data-mining it for commercial purposes, said Paul Winick, a partner at law firm Thelen, Reid & Priest LLP, in New York.
“As long as your e-mail is in storage, your service provider is not going to violate the Wiretap Act in reading your e-mail,” he said.
When it comes to government access to e-mail, law enforcement officials still would need a warrant to access e-mail, Winick said. But with wire communications, such as phone calls, the Wiretap Act restricts the types of conversations that could be tapped. Given the appeals courts ruling, similar limitations likely wont apply to stored e-mail messages once law enforcement officials gain access, he said.
Beyond a push for updated laws, the courts ruling reinforces the need for businesses and consumers to take e-mail security more seriously, said Sonia Arrison, director of technology studies at the Pacific Research Institute, a San Francisco-based think tank advocating a free-market philosophy.
Arrison said that rather than seeking new privacy laws, e-mail users need to embrace encryption methods for securing sensitive e-mails.
“E-mail is just inherently insecure, and we have a whole bunch of problems because of it,” Arrison said. “There are two things to take from this ruling: Know that your e-mail is not private and it never has been, and figure out what to do about it.”