Appeals Court Says Emails Are Protected By The 4th Amendment

from the good-news dept

There have been a bunch of court cases recently that have explored the question of whether or not emails stored by your ISP were protected by the 4th Amendment. Some have made the argument that "stored communication" is not protected by the 4th Amendment due to the "third party doctrine," whereby you effectively give up your 4th Amendment rights because you've provided your data to someone else. Different courts have sorta bounced this topic around, ruling in a variety of different ways, while often punting on answering the question directly.

However, it appears that the 6th Circuit appeals court has said enough is enough and has ruled that your email is, in fact, protected by the 4th Amendment, with a rather clear statement on the matter:
Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age. Over the last decade, email has become "so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification." Quon, 130 S. Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313; United States v. Waller, 581 F.2d 585, 587 (6th Cir. 1978) (noting the Fourth Amendment's role in protecting "private communications"). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 ("It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.").

If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP's servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call--unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber's emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.
Of course, it's worth pointing out that while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don't be surprised if it ignores this one too...


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Dec 14th, 2010 @ 3:23pm

    I am surprised they did not try to use the "ISP = post office" (or, more specifically, "MTA = post office") analogy before. It is the most obvious analogy in this problem space.

    E-mail = "snail" mail
    E-mail envelope (has only the return address and the real destinations) = "snail" mail envelope
    MTAs (Mail Transfer Agents) = post offices
    E-mail servers = buildings with post offices in them
    Your E-mail inbox on the server = PO box
    Internet connections = whatever they use to move the mails around (in the Internet case, it is not a truck, but a series of tubes)

    I could go on and on.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Dec 14th, 2010 @ 3:40pm

    More than likely, this one will get overturned.

    The transport of email is given over to any number of private companies and individuals. The very distributed nature of the internet for transport of data by definition makes that data somewhat less than private. The presence of a 3rd party sort of negates much of the privacy. The administration of any email system can easily read any of the messages pending in their system (because they are not generally encoded). Those pending emails might be copied onto backup tapes, etc.

    Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared. It is more akin to passing a note in your class room from hand to hand, with maybe two or three people in the middle reading it on the way. There is no way to know.

    What is on your computer is private. What is in someone else's possession, well... not so sure.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Dec 14th, 2010 @ 3:47pm

    Re:

    It might be insightful if you read the ruling. there is discussion along these lines.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    pixelpusher220 (profile), Dec 14th, 2010 @ 3:54pm

    Re:

    My only concern with comparing ISPs to the Post Office/Phone Co. is that the Post Office and Phone Co. are highly regulated entities.

    Do we really want that much regulation on top of email? What about instant messaging? Facebook? any electronic communication?

    I like the 4th Amendment ;-) but it does perhaps bring some unwieldy side effects with it.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Marcus Carab (profile), Dec 14th, 2010 @ 3:56pm

    Re:

    The main difference, of course, being that the letter is replicated at each step, and sometimes those replicas are stored in logs

    (I still fully agree with the conclusion that they should be protected - but that is the main difference in the analogy, as it is in just about every comparison between the digital and physical realms)

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    pixelpusher220 (profile), Dec 14th, 2010 @ 3:56pm

    Re:

    "Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared."

    Neither is voice communication over the phone. It too runs through multiple private companies on its way to the destination. More so now that VOIP exists.

    The difference? regulation on what those private entities must do and can do.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    The Baker, Dec 14th, 2010 @ 3:59pm

    Re: More than likely, this one will get overturned.

    I won't argue that it may get overturned due to political pressure ... in this case reading through the actual ruling is very insightful. They do make parallels where a regular letter isn't secured physically (just a thin envelope) and handled by many letter carriers who could easily open it, and with telephonic communications where where you have a reasonable expectation of privacy even though a 3rd party is handling and could listen to the transmission. Good reading.
    http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf to be redundant.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Marcus Carab (profile), Dec 14th, 2010 @ 4:00pm

    Re:

    That is the other way of looking at it, yes - but the point isn't that either view is more accurate than the other, but that one view preserves the spirit and intent of the fourth amendment while the other doesn't. You can't just read the law in a way that cripples part of the constitution and say "Well too bad, that's that" - when it happens, it's a sign that either your reading is flawed or the law needs to be updated.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Richard Kulawiec, Dec 14th, 2010 @ 4:01pm

    Re:

    Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared.

    If it's not encrypted and cryptographically signed, true. If it is -- then the ability of an interloper to do this depends on the strength of the encryption algorithm.

    However, worth noting is that mail envelope data is present in the clear at any MTA handling the message -- because it has to be. Thus, even if mail submission, transmission, and retrieval are all set up to encrypted protocols on the wire, anyone with access to the submission, transmission or delivery MTAs can recovery that metadata. This is in turn facilitates traffic analysis, e.g., "who's talking to who?" along with frequency measurement ("how often are they talking?") and to a limited degree volume measurement ("how much are they saying?" -- easily frustrated by attaching random junk to every message).

    All that said, the increasing adoption of encryption at the MUA as well as the use of on-the-wire encryption are both good things; it's just that we're long overdue in deploying them.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Joseph Durnal, Dec 14th, 2010 @ 4:06pm

    Likely to be overturned

    The third party doctrine is pretty solid precedent, and there is no reason that it shouldn't apply to e-mail, and this decision, while it tried to connect some dots, just didn't make the case.

    If you store your stuff in my house and I have a key to the room its in, I can let the cops search it just because. If your e-mail is on my server and it isn't encrypted with a key I don't have, I can give it to the cops. In both cases, if I choose not to give it to the cops, I can be compelled to by subpoena and subject to contempt if I do not comply.

    If you think that the police can't search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens.

    I always say, don't send anything via e-mail that you don't want the world to know, because e-mail is not and never will be private communications.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    pixelpusher220 (profile), Dec 14th, 2010 @ 4:27pm

    While your points are reasonable

    "If you think that the police can't search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens."

    is just inane. Odor is detectable even through a closed paper container, even through plastic if one is not careful about the packaging.

    Sending a letter with I'M A TERRORIST written on the outside will likely get your mail read too. That doesn't mean they can just read any old letter they want.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    David Liu (profile), Dec 14th, 2010 @ 6:05pm

    Re: Likely to be overturned

    Wouldn't this overturn the third party doctrine though?

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    btr1701 (profile), Dec 14th, 2010 @ 7:08pm

    Re: Privacy

    > What is on your computer is private. What is in someone
    > else's possession, well... not so sure

    The standard isn't whether something is actually private or not, but whether an individual has a reasonable expectation of privacy from the government.

    Sure, by using email, I pretty much cede some privacy to the ISP, but I don't cede it to the Justice Department or the FBI.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Dec 14th, 2010 @ 7:42pm

    Private communication is still private regardless of form

    I think this ruling is important and should be upheld considering how important email has become. I regularly send information that could be considered confidential. I do what I can by using initials but nonetheless someone could gather quite a bit of info they shouldn't be in possession of if they intercepted or read my private emails.

    I think there is most definitely an expectation of privacy regardless of email not being encrypted or protected in any real way. I don't see how we can rationalize allowing anyone, regardless of government authority, to pilfer through private emails without something along the lines of a search warrant.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Pierre Wolff (profile), Dec 14th, 2010 @ 10:52pm

    Better to beg for forgiveness than ask for permission

    Per the point made in the last line of this post:
    while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don't be surprised if it ignores this one too...
    We see that indeed whether the gov't knew or not, so long as they make appearances to have acted in good faith, breaking the law might just be incidental. From the decision, here's the excerpt that leaves something to the imagination:
    We find that the government did violate Warshak’s Fourth Amendment rights by compelling his Internet Service Provider (“ISP”) to turn over the contents of his emails. However, we agree that agents relied on the SCA in good faith, and therefore hold that reversal is unwarranted.
    "Oops, sorry, we violated your rights by picking the wrong laws, but hey we found something so you should be punished anyway. You can trust us, we would never do anything to cause you harm....on purpose." ;)

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Christopher (profile), Dec 15th, 2010 @ 3:46am

    Re:

    Actually, you can mail someone without having a return address on the envelope. Hell, I got a letter like that and honestly?

    It was someone acting like a jackwad. Never was able to track down the person in question, though I did involve the police since it involved a threat to my person.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Dominic Sayers (profile), Dec 15th, 2010 @ 3:59am

    Fourth Amendment to what?

    Some of your readers may not be as familiar with the American Constitution as, well, Americans.

    Perhaps some of your readers might have appreciated this link: http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous American, Dec 15th, 2010 @ 5:11am

    Re: Fourth Amendment to what?

    From what I'm observed, I'd say Americans are the least knowledgeable about the Constitution.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Joseph Durnal, Dec 15th, 2010 @ 5:56am

    Re: Private communication is still private regardless of form

    Maybe it is just because I know a bit about hosted e-mail, and some of the legal issues involved, I've done some technical consulting in that area, but even before that, I've always assumed that any data of mine on a server that I don't control is essentially public. I suppose it is the geek in me, but a person's ignorance about the technology they use daily does not equal an expectation of privacy.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Matthew (profile), Dec 15th, 2010 @ 6:16am

    This might have more significance if...

    This might have more significance if we hadn't just lived through ten years of warrantless wiretapping and were not currently getting virtual strip searches and government-funded molestations at the airports. The fourth amendment has been all-but-dead for a while now.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Dec 15th, 2010 @ 7:07am

    Hear that Napolitano?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Scott, Dec 15th, 2010 @ 8:05am

    If ISPs are like phone...

    "Emails must pass through an ISP's servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company."

    Then shouldn't ISPs be regulated like a telephone company under title II...
    Its not a very far reach to use this language to justify it

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    needy, Dec 16th, 2010 @ 2:38am

    wont make any difference whatsoever. the government will still do what it wants to do, just as it always does! no one cares about a persons rights at all. we are fast heading towards the type of society that millions died for preventing, ie one where everything we do is watched, documented and recorded so it can be used against us, as and when it is felt like! here comes 1984, with a vengeance! hope you all enjoy it!

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    kilroy, Dec 16th, 2010 @ 1:31pm

    to what extent can you expect privacy ...

    If I were to say out loud in a coffee shop I like girls, how private is that? Someone sitting two table over might hear & repeat the statement. Email is like that ... Unless you encrypt the data how much privacy do you actually believe you have?

    Now if the email is encrypted, then I believe you have the right to expect privacy ...

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Another Coward, Dec 18th, 2010 @ 5:55am

    Legal versus Physical protection

    About half the comments to this story confuse the legal protection (Who is allowed to read it, or at least try) with the physical protection (Who has the ability to read it, if they don't mind breaking the law).

    Examples with physical mail:

    • If you place a letter in a self-destruction envelope, put it in a steel vault, weld the door shut and surround it with a giant army, a warrant still entitles the police to read it to the best of their ability.
    • If you write something on a postcard and put it in an unlocked mailbox at the roadside (as is common in the US), it is still a letter protected by the law and the police still need a warrant to open the lid and read it.

    Comparing these two scenarios to e-mail, I get this, as did the court:

    • Encrypting e-mail is like the guarded strongbox with the self-destruction envelope, it may physically stop the police, but does not protect you from the Law.
    • The trivial need to issue some kind of command to the ISP mail server to grab an unencrypted e-mail is like the trivial need to open the lid on a roadside mailbox. Not enough to stop any passer by from reading your mail, but just enough to implicitly tell law abiding people to stop snooping unless they have a warrant AND a badge.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This