How Private Are Your Emails From The Government?

from the legal-questions dept

Wed, Dec 20th 2006 3:34pm — Mike Masnick

Slashdot has a post up claiming that the government has the right to read your emails, which is a little misleading. However, the story does raise some interesting issues. While the article there suggests that the government has an open right to snoop through your emails, what the actual case is about is the standard that the government can use before it can look at emails you have that are stored on someone else's servers (such as Yahoo or Google). The specific case involves a seller of "male enhancement" products who is being sued by the government. They viewed some of his emails that were stored Yahoo's mail servers. They didn't, as the original post implies, have free access to them, but required a court order directed at the companies hosting the servers to see them. The argument, then, is over whether or not a court order is enough, or if the government should have been required to get a search warrant, which would require a higher level of proof and support before a court would grant permission.

If you take it a step back, what this really becomes is an argument over who owns your emails. If you believe that you own your own emails once they're in your inbox, then like traditional mail, it would seem that a search warrant is the right standard. However, if you believe that whoever is storing the content owns the rights to access it, then, the court order should be enough. This is made that much more complicated by the fact that a piece of email traveling around a network could leave traces or copies on many different servers at times. Where this gets really tricky is that if the "court order" standard is accepted, that puts an awful lot of data at risk of being easily targeted by the government. With the rise of "hosted" services for things like enterprise software, email, photos and even documents and spreadsheets -- all of that information may now be much more easily viewed by government authorities. It still requires a court order, but as long as they're on someone else's server, it appears that a search warrant may not be needed. One of the reasons that many companies have shied away from software as service vendors was fear that by putting their data on other servers it would be more open to hackers or competitors. Apparently, it's also more open to government officials, based on the current ruling in this court case.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

JB, 20 Dec 2006 @ 3:56pm

Hosted CRM
What about hosted CRM packages and the like. Presumably, the government could go to your CRM host and get all your customer info without a search warrant as well.
[ link to this | view in thread ]
Benjamin, 20 Dec 2006 @ 4:29pm

Who owns a post office box?
Does the government have the right to search the contents of a PO Box without a warrant? That is the most relevant and direct real world mapping of email stored on a 3rd party service.
[ link to this | view in thread ]
Keybored, 20 Dec 2006 @ 4:39pm

Who cares
What's the big deal? Let them look at it with a court order. If you have something worth hiding keep it off of the computer to begin with.
[ link to this | view in thread ]
Anonymous Coward, 20 Dec 2006 @ 4:39pm

Re: Who owns a post office box?
Anything involving the usps is a sloppy comparison. It is special and exceptional in many weird legal ways.

I believe a better analogy is a plain old phone line. I put data (voice) on the line with the expectation that even though it is out of my control, now, I am still responsible for it and the phone company is not. Does it take a court order to tap a phone line or a search warrant? Emails are much the same. I put data into the system, out of my control, but I still view it as my property. (it is irrelevant whether I have had the diligence to encrypt it. the question is still does it belong to me)
[ link to this | view in thread ]
uh..., 20 Dec 2006 @ 5:00pm

Re: Who cares
You are one of the guys that praises the **AA, aren't you. It's obvious.
[ link to this | view in thread ]
B, 20 Dec 2006 @ 5:15pm

I don't like it...
Although I have nothing stored in any digital format worth hiding, I still don't like the idea of the government able to browse my email whenever they feel the need. It's like an invasion of privacy.
Besides here is a direct quote from GMail's Terms of Use:
"Your Intellectual Property Rights. Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that you upload, transmit or store in your Gmail account. We will not use any of your content for any purpose except to provide you with the Service."
But then they go on to say:
"You do, however, agree that Google may monitor, edit or disclose your personal information, including the content of your emails, if required to do so in order to comply with any valid legal process or governmental request (such as a search warrant, subpoena, statute, or court order), or as otherwise provided in these Terms of Use and the Gmail Privacy Policy."
So, you get what you agreed to.
[ link to this | view in thread ]
Gibson, 20 Dec 2006 @ 5:17pm

The hat!
I've started wearing hats lined with foil and copper wire when typing anything at all. I feel I'm safe enough.
[ link to this | view in thread ]
Kyros, 20 Dec 2006 @ 5:55pm

Encryption
If you are really worried about someone reading/downloading something - encrypt it.
[ link to this | view in thread ]
Alex, 20 Dec 2006 @ 6:14pm

Re: Re: Who owns a post office box?
Good analogy that can be extended one step further - voicemail messages. Storing emails on Gmail is exactly the same as storing voice messages on Verizon's voice mail service. Now - can those messages be accessed with a court order?
[ link to this | view in thread ]
cher, 20 Dec 2006 @ 6:52pm

If this is the case, then there would be no privacy. Everything would be open and the word "PRIVATE" will have no meaning.
[ link to this | view in thread ]
2F@4U, 20 Dec 2006 @ 7:02pm

cant touch this
my privates are still private :)
[ link to this | view in thread ]
Interesting Point Man, 20 Dec 2006 @ 7:04pm

Interesting Point
Here's an interesting point. When you put up a mailbox on your yard...that actually becomes federal and government property....hence it being a federal crime to destroy a mailbox. However, you OWN the mail that's in it and a search order is required in order to obtain the information in it. Therefore, email should exist the same way. Regardless of who owns the stupid mailbox, the mail inside it is private property. How much more privacy are we going to give up until the public finally says "enough is enough"? Some say well it's in the interest to rid terrorism that we have these policies in place. Well, thats wonderful and I support that, however I don't support unreasonable search and seizure. It's getting out of hand.
[ link to this | view in thread ]
zeroJJ, 20 Dec 2006 @ 8:14pm

Bruce Schneier said it best...
About encryption: If we had nothing to hide, why don't we send all of our mail as postcards. Why bother putting it in a "security" envelope?

I think the USPS/PO BOX/Mail forwarding service is a good analogy. The storage of email on a service providers server is the same as a 3rd party forwarding service in regards to expectation of privacy and govt snooping. You are sending an email from one party to another, and you don't expect that anybody else is reading it.

I agree with the idea of encryption for all. The eventual road for P2P, browsing, email, etc - will all be encrypted - encrypted tunnels, encrypted email, etc - you name it. That's where all of this is going if the gov't can't stick to the rules and respect constitutional implications of privacy.
[ link to this | view in thread ]
Tommy Jefferson, 20 Dec 2006 @ 8:35pm

Horde webmail has a good PGP module.

Very convienient.
[ link to this | view in thread ]
GodEater, 20 Dec 2006 @ 8:48pm

cisco
Just go to China and see how Cisco and the Govt get along..
[ link to this | view in thread ]
Omar K, 20 Dec 2006 @ 9:55pm

personal mail server
I heard in the past that google sells the information in gmail to the goverment, this is how they can afford giving users over 2gb of space. the more mail you have, the more results they can sell. So I bought my own domain and i opened my own mail server. And i believe this should become stadard, where users will have their own mail servers and stop using third party mail snoopers (Yes i am talking to you Google, Yahoo, And Messenger).
[ link to this | view in thread ]
Jesse McNelis, 21 Dec 2006 @ 4:32am

The data belongs to the owner of the network it is traveling across.

Think of your emails like a published book, you have copyright over the data as you created it, but if you send it across a public network then you have no say in who can view it.

Ownership of data stored on an external provider is subject to the conditions of used of that provider.
A search warrant makes sense if it's your data and it's on your servers.
[ link to this | view in thread ]
Sanguine Dream, 21 Dec 2006 @ 5:42am

I think I found phase two
1. Mandate that the "court order" standard is the proper way.

2. Make a law that requires all emails to leave some sort of trail.

3. Profit
[ link to this | view in thread ]
vmunster, 21 Dec 2006 @ 10:41am

Re: Bruce Schneier said it best...
I agree with you Bruce Schneier said it best...

By using email specific encryption, you don't have to worry about other people snooping. Especially if you're an entrepreneur or work for a financial or legal firm with assets and customer information to protect.

But although email has been in use for awhile, it's a new enough medium where we still haven't drawn clear lines as to 3rd party involvement/privacy laws, etc... So my question is: legally, can the government force you to decrypt your messages if they can't, to use as evidence?
[ link to this | view in thread ]
Marilee Veniegas, 21 Dec 2006 @ 11:01am

Email Private Ha!
This issue goes back 10 months whith Attorney Gen. Gonzales and the NSA's surveillance program. Your email's no longer a whisper, but can be broadcast across the globe. We scoff when starlets like Lindsay Lohan send an email blast out bragging about connections w/former VP Gore, but the Government is interested in more than just that these days. The funny thing is that with Rumsfeld's leaked memo pre-resignation, I guess their emails aren't that secure either
[ link to this | view in thread ]
Philip, 22 Dec 2006 @ 8:39am

Postal Mail?
I don't get it. Why, in this situation, can't you treat it like it's hard-copy counterpart: postal mail.

The "owner" of the email is the one who sent it and anybody else it's addressed to. Anybody else has absolutely no rights to it.

It's illegal to open another person's postal mail without prior consent. Why can't it be that way for email, too?

Is there something I'm missing here?

As for the email on remote servers; it's like PO Box. What rights do governments have in searching those?
[ link to this | view in thread ]
Ted Warren, 29 Dec 2006 @ 1:08am

E-mail Privacy
The answer is not to use email for anything that is especially confidential or secret. Encryption is not an answer to government snooping - they have the capability to break most encryptions.
Even if legally they had to seek a court order, we all know that the 'intelligence services' do not obey the law when it suits them. What I object to is the US government even thinking that they have any right to snoop on the emails of UK citizens. What they do to their own is up to the people of the US. But 'George inc' can keep its nose out of my mail!
[ link to this | view in thread ]