A federal appeals court ruling in Boston last week on e-mail wiretapping is reverberating throughout the Internet community—and legal world—with a consensus emerging that there may be prosecutions in the future for what today is considered normal business practice by ISPs.
The First Circuit Court of Appeals, voting 5-2, ruled that an e-mail service provider that supposedly read e-mail, intended for customers only, could indeed be tried on federal criminal charges.
This overruled a 2-1 vote last summer by a three judge panel in the same matter.
In a majority opinion written by Judge Kermit Lipez, a Clinton appointee, of the First Circuit, the court said the prosecution under the federal Wiretap Act could proceed, because the “statute contains no explicit indication that Congress intended to exclude communications in transient storage from the definition.”
The case centers on an indictment of Bradford Councilman, one-time vice president of online bookseller Interloc.
That firm furnished some of its customers, dealers of used books, with e-mail addresses that had the domain name suffix of “@interloc.com.”
The indictment by the U.S. attorney alleges that Councilman ordered his underlings to create a Procmail script.
Procmail is a popular Unix utility used for sorting and delivering incoming e-mail.
Councilmans lawyers had argued that e-mail stored in a queue was not covered by the federal wiretapping law, but the judges positions differed.
Lawyers tell Ziff Davis Internet that the case has significant ramifications for the entire Internet industry, though employers who spy on employee e-mail, after warning that they will do so, will still probably be exempt from the law. The government had sought an expansion of the interpretation of the law.
“The case involved the complex law governing illegal access to emails—so complex that the district court and court of appeals each reversed themselves once in this case. The final decision ruled that e-mails that have not yet reached their intended recipient are governed by the Wiretap Act, even if they are temporarily held in storage as part of the transmission process,” said Michael Vatis, an attorney with the famed law firm of Steptoe & Johnson, based in New York City.
“This was the result sought by the government and by some civil liberties groups.”
According to Craig Carpenter, an attorney who works with Mirapoint, the secure messaging technology company, the decision by the appeals court was appropriate, given the facts.
“The purpose of this defendants wiretapping actions were likely illegal in nature,” Carpenter told Ziff Davis Internet.
The decision has “broad” potential application, he said, including illegal spying on e-mail, voice mail and VOIP (voice over internet protocol) calls.
Carpenter raised the question of whether the decision could be applied to corporate networks, and said the ruling is unclear on that issue.
But an employment law expert, Brenk Johnson, a partner with Winstead, Sechrest & Minick, based in Dallas, doubted that the ruling could be applied to spying on employee e-mail.
“We tell our clients to tell their employees that the company owns the computer and the infrastructure used to maintain it,” Johnson told Ziff-Davis Internet.
“So, I would take the position that the employer is a joint intended recipient of the e-mail. Employees are put on notice that their e-mail may be read—so they have to presume that the employer will be looking at it.”
A recent survey conducted by Proofpoint shows that 63 percent of all companies employ staff or plan to employ staff to read employees e-mail.
The survey, conducted in May by Proofpoint of 332 IT decision-makers at U.S. enterprises with more than 1,000 employees found the following:
- More than a third of companies—36.1 percent—employ staff to read or otherwise analyze outbound e-mail. Forty percent of companies with more than 20,000 employees do this.
- Companies estimate that almost 1 in 4 outgoing e-mails—24.7 percent— contains content that poses a legal, financial or regulatory risk.
- More than 1 in 4 companies—27.1 percent—have terminated an employee for violating e-mail policies in the past 12 months.
There has not been a lot of litigation by employees against former employers alleging invasion of privacy over the reading of e-mail, but those cases that have gone to court have usually wound up in favor of the employer, said Johnson, the employment law attorney.
According to Vatis of Steptoe & Johnson, there will be more to come from this case in Boston on e-mail wiretapping.
“The court did not make clear the interaction between the Wiretap Act and the companion Stored Communications Act, leaving open the possibility for further confusion down the road, particularly about which law governs the governments attempts to get access to emails as part of a criminal investigation,” Vatis said. “So this is probably not the last word on these laws.”