Appeals Court Says Emails Are Protected By The 4th Amendment
from the good-news dept
There have been a bunch of court cases recently that have explored the question of whether or not emails stored by your ISP were protected by the 4th Amendment. Some have made the argument that “stored communication” is not protected by the 4th Amendment due to the “third party doctrine,” whereby you effectively give up your 4th Amendment rights because you’ve provided your data to someone else. Different courts have sorta bounced this topic around, ruling in a variety of different ways, while often punting on answering the question directly.
However, it appears that the 6th Circuit appeals court has said enough is enough and has ruled that your email is, in fact, protected by the 4th Amendment, with a rather clear statement on the matter:
Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age. Over the last decade, email has become “so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification.” Quon, 130 S. Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313; United States v. Waller, 581 F.2d 585, 587 (6th Cir. 1978) (noting the Fourth Amendment’s role in protecting “private communications”). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 (“It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.”).
If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call–unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.
Of course, it’s worth pointing out that while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don’t be surprised if it ignores this one too…
Filed Under: 4th amendment, email, stored communications, third party doctrine
Comments on “Appeals Court Says Emails Are Protected By The 4th Amendment”
I am surprised they did not try to use the “ISP = post office” (or, more specifically, “MTA = post office”) analogy before. It is the most obvious analogy in this problem space.
E-mail = “snail” mail
E-mail envelope (has only the return address and the real destinations) = “snail” mail envelope
MTAs (Mail Transfer Agents) = post offices
E-mail servers = buildings with post offices in them
Your E-mail inbox on the server = PO box
Internet connections = whatever they use to move the mails around (in the Internet case, it is not a truck, but a series of tubes)
I could go on and on.
Re: Re:
It might be insightful if you read the ruling. there is discussion along these lines.
Re: Re:
My only concern with comparing ISPs to the Post Office/Phone Co. is that the Post Office and Phone Co. are highly regulated entities.
Do we really want that much regulation on top of email? What about instant messaging? Facebook? any electronic communication?
I like the 4th Amendment 😉 but it does perhaps bring some unwieldy side effects with it.
Re: Re:
The main difference, of course, being that the letter is replicated at each step, and sometimes those replicas are stored in logs
(I still fully agree with the conclusion that they should be protected – but that is the main difference in the analogy, as it is in just about every comparison between the digital and physical realms)
Re: Re:
Actually, you can mail someone without having a return address on the envelope. Hell, I got a letter like that and honestly?
It was someone acting like a jackwad. Never was able to track down the person in question, though I did involve the police since it involved a threat to my person.
More than likely, this one will get overturned.
The transport of email is given over to any number of private companies and individuals. The very distributed nature of the internet for transport of data by definition makes that data somewhat less than private. The presence of a 3rd party sort of negates much of the privacy. The administration of any email system can easily read any of the messages pending in their system (because they are not generally encoded). Those pending emails might be copied onto backup tapes, etc.
Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared. It is more akin to passing a note in your class room from hand to hand, with maybe two or three people in the middle reading it on the way. There is no way to know.
What is on your computer is private. What is in someone else’s possession, well… not so sure.
Re: Re:
“Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared.”
Neither is voice communication over the phone. It too runs through multiple private companies on its way to the destination. More so now that VOIP exists.
The difference? regulation on what those private entities must do and can do.
Re: More than likely, this one will get overturned.
I won’t argue that it may get overturned due to political pressure … in this case reading through the actual ruling is very insightful. They do make parallels where a regular letter isn’t secured physically (just a thin envelope) and handled by many letter carriers who could easily open it, and with telephonic communications where where you have a reasonable expectation of privacy even though a 3rd party is handling and could listen to the transmission. Good reading.
http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf to be redundant.
Re: Re:
That is the other way of looking at it, yes – but the point isn’t that either view is more accurate than the other, but that one view preserves the spirit and intent of the fourth amendment while the other doesn’t. You can’t just read the law in a way that cripples part of the constitution and say “Well too bad, that’s that” – when it happens, it’s a sign that either your reading is flawed or the law needs to be updated.
Re: Re:
Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared.
If it’s not encrypted and cryptographically signed, true. If it is — then the ability of an interloper to do this depends on the strength of the encryption algorithm.
However, worth noting is that mail envelope data is present in the clear at any MTA handling the message — because it has to be. Thus, even if mail submission, transmission, and retrieval are all set up to encrypted protocols on the wire, anyone with access to the submission, transmission or delivery MTAs can recovery that metadata. This is in turn facilitates traffic analysis, e.g., “who’s talking to who?” along with frequency measurement (“how often are they talking?”) and to a limited degree volume measurement (“how much are they saying?” — easily frustrated by attaching random junk to every message).
All that said, the increasing adoption of encryption at the MUA as well as the use of on-the-wire encryption are both good things; it’s just that we’re long overdue in deploying them.
Re: Privacy
> What is on your computer is private. What is in someone
> else’s possession, well… not so sure
The standard isn’t whether something is actually private or not, but whether an individual has a reasonable expectation of privacy from the government.
Sure, by using email, I pretty much cede some privacy to the ISP, but I don’t cede it to the Justice Department or the FBI.
Likely to be overturned
The third party doctrine is pretty solid precedent, and there is no reason that it shouldn’t apply to e-mail, and this decision, while it tried to connect some dots, just didn’t make the case.
If you store your stuff in my house and I have a key to the room its in, I can let the cops search it just because. If your e-mail is on my server and it isn’t encrypted with a key I don’t have, I can give it to the cops. In both cases, if I choose not to give it to the cops, I can be compelled to by subpoena and subject to contempt if I do not comply.
If you think that the police can’t search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens.
I always say, don’t send anything via e-mail that you don’t want the world to know, because e-mail is not and never will be private communications.
Re: Likely to be overturned
Wouldn’t this overturn the third party doctrine though?
While your points are reasonable
“If you think that the police can’t search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens.”
is just inane. Odor is detectable even through a closed paper container, even through plastic if one is not careful about the packaging.
Sending a letter with I’M A TERRORIST written on the outside will likely get your mail read too. That doesn’t mean they can just read any old letter they want.
Private communication is still private regardless of form
I think this ruling is important and should be upheld considering how important email has become. I regularly send information that could be considered confidential. I do what I can by using initials but nonetheless someone could gather quite a bit of info they shouldn’t be in possession of if they intercepted or read my private emails.
I think there is most definitely an expectation of privacy regardless of email not being encrypted or protected in any real way. I don’t see how we can rationalize allowing anyone, regardless of government authority, to pilfer through private emails without something along the lines of a search warrant.
Re: Private communication is still private regardless of form
Maybe it is just because I know a bit about hosted e-mail, and some of the legal issues involved, I’ve done some technical consulting in that area, but even before that, I’ve always assumed that any data of mine on a server that I don’t control is essentially public. I suppose it is the geek in me, but a person’s ignorance about the technology they use daily does not equal an expectation of privacy.
Better to beg for forgiveness than ask for permission
Per the point made in the last line of this post:
We see that indeed whether the gov’t knew or not, so long as they make appearances to have acted in good faith, breaking the law might just be incidental. From the decision, here’s the excerpt that leaves something to the imagination:
“Oops, sorry, we violated your rights by picking the wrong laws, but hey we found something so you should be punished anyway. You can trust us, we would never do anything to cause you harm….on purpose.” 😉
Fourth Amendment to what?
Some of your readers may not be as familiar with the American Constitution as, well, Americans.
Perhaps some of your readers might have appreciated this link: http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
Re: Fourth Amendment to what?
From what I’m observed, I’d say Americans are the least knowledgeable about the Constitution.
This might have more significance if...
This might have more significance if we hadn’t just lived through ten years of warrantless wiretapping and were not currently getting virtual strip searches and government-funded molestations at the airports. The fourth amendment has been all-but-dead for a while now.
Hear that Napolitano?
If ISPs are like phone...
“Emails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company.”
Then shouldn’t ISPs be regulated like a telephone company under title II…
Its not a very far reach to use this language to justify it
wont make any difference whatsoever. the government will still do what it wants to do, just as it always does! no one cares about a persons rights at all. we are fast heading towards the type of society that millions died for preventing, ie one where everything we do is watched, documented and recorded so it can be used against us, as and when it is felt like! here comes 1984, with a vengeance! hope you all enjoy it!
to what extent can you expect privacy ...
If I were to say out loud in a coffee shop I like girls, how private is that? Someone sitting two table over might hear & repeat the statement. Email is like that … Unless you encrypt the data how much privacy do you actually believe you have?
Now if the email is encrypted, then I believe you have the right to expect privacy …
Legal versus Physical protection
About half the comments to this story confuse the legal protection (Who is allowed to read it, or at least try) with the physical protection (Who has the ability to read it, if they don’t mind breaking the law).
Examples with physical mail:
Comparing these two scenarios to e-mail, I get this, as did the court: