- It was a little court case, but its impact on e-mail
users could be huge.
-
- Last week a federal appeals court in Massachusetts ruled
that an e-mail provider did not break the law when he copied and read e-mail
messages sent to customers through his server.
-
- Upholding a lower-court decision that the provider did
not violate the Wiretap Act, the 1st U.S. Circuit Court of Appeals set
a precedent for Internet service providers, or anyone else, to legally
read e-mail that passes through a network.
-
- The court ruled (PDF) that because the provider copied
and read the mail after it was in the company's computer system, the provider
did not intercept the mail in transit and, therefore, did not violate the
Wiretap Act.
-
- It's a decision that could have far-reaching effects
on the privacy of digital communications, including stored voicemail messages.
-
- In 1998, Bradford C. Councilman was the vice president
of Interloc, a company selling rare and out-of-print books that offered
book-dealer customers e-mail accounts through its website. Unknown to those
customers, Councilman had engineers write and install code on the company
network that would copy any e-mail sent to customers from Amazon.com, a
competitor in the rare-books field.
-
- Although Councilman did not prevent customers from receiving
their e-mail, he read thousands of copied messages to discover what books
customers were seeking and gain a commercial advantage over Amazon. Interloc
was later bought by Alibris, which was unaware that Councilman had installed
the code on the system.
-
- Councilman wasn't caught because customers complained
about his actions; a tip about another, unrelated issue led authorities
to discover what he had done.
-
- But just what had Councilman done that was so bad?
-
- Everyone knows that e-mail is an insecure form of communication.
Like a postcard, unencrypted correspondence sent over the Internet is open
to snooping by anyone.
-
- Additionally, companies have the right to read their
employees' e-mail, since the companies own the computer systems through
which the correspondence passes, and employees send the mail on company
time. And ISPs scan e-mail for viruses and spam all the time, before delivering
the mail to the provider's customers.
-
- But there is an expectation that service providers will
access communications only with permission from customers, or when they
need to do so to maintain their network.
-
- Last month Google launched an e-mail program called Gmail
that gives customers 1 GB of e-mail storage in exchange for letting Google's
computers scan the content of incoming e-mails to seed them with related
text ads. Gmail customers agree to let a computer read their e-mail.
-
- In contrast, Councilman personally read customers' messages
to undermine his competitors' business. He did so without customers' permission
and with the knowledge that if his customers found out, his company would
likely lose their business.
-
- And yet the court found him innocent of violating the
specific law under which authorities charged him.
-
- The court ruled that because the mail was already on
Councilman's computer network when he accessed it, he didn't intercept
it in transit and therefore was not guilty under the Wiretap Act. The court
said the mail was in storage at that point and, therefore, was governed
under the Stored Communications Act.
-
- In a similar case in 1991, the U.S. Secret Service seized
three computers belonging to a company called Steve Jackson Games. The
company, in addition to producing fantasy books and games, hosted an online
bulletin board for gamers to communicate with one another. An employee
of the company was under suspicion for activities conducted outside work,
but the Secret Service confiscated his employer's computers as well. The
Secret Service accessed, read and deleted 162 e-mail messages that were
stored on the computers used for the bulletin board.
-
- In a suit filed by the game company against the Secret
Service, a federal district court found that while the Secret Service agents
did not intercept the e-mail, and thus violate the Wiretap Act, they did
violate the Stored Communications Act.
-
- Pete Kennedy, the lawyer from the Texas-based firm that
litigated the case, called the decision "a solid first step toward
recognizing that computer communications should be as well-protected as
telephone communications."
-
- The Stored Communications Act, along with the Wiretap
Act, is part of the Electronic Communications Privacy Act, which protects
electronic, oral and wire communications. But because Councilman was charged
under the Wiretap Act and not the Stored Communications Act, the court
had to rule in his favor. But even if prosecutors had wanted to charge
him under the Stored Communications Act, they could not have done so, since
ISPs are exempted under the Act.
-
- What this means is that before the Councilman case, ISPs
that read their customers' mail without permission could only have been
prosecuted under the Wiretap Act. But now the Councilman case eliminates
that possibility as well. Law enforcement officials, however, still need
to obtain a warrant to intercept wire communications or access stored communications.
-
- The problem with interpreting e-mail on an ISP's server
as stored communication is that it opens the possibility for e-mail even
outside the ISP to be viewed as stored e-mail.
-
- At many points during its path from sender to recipient,
e-mail passes through a number of computer systems and routers that temporarily
store it in RAM while the system determines the next point to send it on
the delivery route. Under the court's definition, an ISP could access,
copy and read the mail at any of these points. Anyone who is not exempt
under the Stored Communications Act, however, could still be charged under
that law, though penalties for violating this law are less severe than
penalties for violating the Wiretap Act.
-
- Last week's ruling means that e-mail has fewer protections
than phone conversations and postal mail. Granting ISPs the ability to
read e-mail is equivalent to granting postal workers the right to open
and read any mail while it's at a post office for sorting, but not while
it's in transit between post offices or being hand-delivered to a recipient's
home or business.
-
- The ruling also has repercussions for voicemail messages,
as long as certain provisions in the Patriot Act remain law.
-
- Before the Patriot Act, the legal definition of wire
communication covered voicemail messages. This meant that authorities had
to obtain a warrant to access them or face charges of illegal interception
under the Wiretap Act. Under the Patriot Act, the definition of wire communication
has been changed and does not encompass voicemail. This means, under the
Councilman decision, that a phone company could access voicemail messages
without customers' permission and not be charged with intercepting the
messages under the Wiretap Act.
-
- The provision in the Patriot Act that changed this is
set to sunset in December 2005, but if the current administration has its
way, the law will be renewed.
-
- If all of this is hard to follow, it's just as confusing
to the people who make their living interpreting the law.
-
- "This is one of the most complex and convoluted
areas of the law that you will run across," said Lee Tien, senior
staff attorney for the Electronic Frontier Foundation. "The statutes
themselves are not models of clarity. Even for the judges it's complicated,
and then, on top of the statutes, you add the changing technology."
-
- In the end, in the absence of laws to preserve privacy,
the best solution for e-mail users to protect their privacy is to use encryption.
But until encryption for voicemail messages becomes common, you'll have
to settle for talking in tongues.
-
- © Copyright 2004, Lycos, Inc. All Rights Reserved.
http://wired.com/news/privacy/0,1848,64094,00.html?tw=wn_tophead_2
|