We've discussed a bunch of cases lately involving employers and the legality of reading emails of employees. The latest one is a bit strange. It involves the owner of a gym, who had two ex-employees set up a competing gym. Somewhere along the way, she became aware of some emails they wrote while still employed by her, planning out their new gym. It appears that this is because they accessed their private email accounts via the gym's computers, but left their accounts logged in. After a variety of back-and-forth maneuverings, the employer has been forced to pay $4,000 to the ex-employees for snooping on their emails, in violation of the Stored Communications Act. Of course, what's most interesting is that if the employer had wanted to get access to those emails legally, she could have probably used the normal discovery process during a lawsuit -- but by snooping, she ended up not being able to use those emails in her own lawsuit, and owing those ex-employees a few thousand dollars.

It probably goes without saying that if you're planning to sue your employer, you shouldn't use your work email address to contact your lawyer. However, if you did do that, according to a California court, that email is not protected by attorney-client privilege. I don't find this to be all that surprising (or really, problematic). It's quite common that employers control the rights to your work emails, so it's hard to see why that wouldn't extend to emails you send your lawyer. All it really makes me wonder is why someone would use their work email for sending those types of emails.

Back in November, we were one of the first to report that Google had sued the US government after the Department of the Interior had put out a Request for Quotation (RFQ) for an upgraded email system that stated upfront that the solution had to be based on Microsoft. Google, who had been talking to the Interior Department about using its own solution, had received promises that the RFQ would not be biased towards Microsoft -- and thus were shocked when it wasn't just biased towards Microsoft, but restricted only to Microsoft.

In the first phase of the lawsuit, it appears that Google has made a compelling enough case that the judge has issued an injunction, preventing the DOI from moving forward with the email upgrade. The LA Times headline and opening graf is a bit hyperbolic concerning this "victory." Google certainly hasn't won the lawsuit, and it's hardly a "major victory" at this point, but it at least suggests that the judge finds Google's basic claims credible. DOI can try to rewrite its RFQ to get out of the lawsuit or it can protest the injunction and the lawsuit will continue.

We've talked a lot about how prosecutors have been abusing the CFAA (Computer Fraud and Abuse Act), which is supposed to be a law against malicious hacking. However, it's being stretched in all kinds of ways. It looks like similar state laws are also being abused similarly by prosecutors. A bunch of folks have sent in this story of a guy in the suburbs of Detroit who is facing five years in prison for reading his wife's email. He did access her laptop and then logged into her Gmail account using her password, which she supposedly kept in a little notebook next to the computer. What happened next is a bit complex, so we'll toss it over to the Detroit Free Press to explain the chain of events:

Leon Walker was Clara Walker's third husband. Her e-mail showed she was having an affair with her second husband, a man who once had been arrested for beating her in front of her small son. Leon Walker, worried that the child might be exposed to domestic violence again, handed the e-mails over to the child's father, Clara Walker's first husband. He promptly filed an emergency motion to obtain custody.

After Clara found out about the emails, she apparently reported Leon for snooping on her emails, and prosecutors thought it was a case worth prosecuting claiming: "The guy is a hacker. It was password protected, he had wonderful skills, and was highly trained. Then he downloaded them and used them in a very contentious way."

Not that any of this makes it okay to snoop on a spouse's email when they wish to keep it secret, but it seems like a huge stretch to claim that it's a crime worthy of five years in prison under a law designed for malicious computer hacking. The issue here had nothing to do with "computer hacking," at all. It's an abuse of the law by prosecutors.

There have been a bunch of court cases recently that have explored the question of whether or not emails stored by your ISP were protected by the 4th Amendment. Some have made the argument that "stored communication" is not protected by the 4th Amendment due to the "third party doctrine," whereby you effectively give up your 4th Amendment rights because you've provided your data to someone else. Different courts have sorta bounced this topic around, ruling in a variety of different ways, while often punting on answering the question directly.

However, it appears that the 6th Circuit appeals court has said enough is enough and has ruled that your email is, in fact, protected by the 4th Amendment, with a rather clear statement on the matter:

Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age. Over the last decade, email has become "so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification." Quon, 130 S. Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313; United States v. Waller, 581 F.2d 585, 587 (6th Cir. 1978) (noting the Fourth Amendment's role in protecting "private communications"). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 ("It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.").

If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP's servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call--unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber's emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.

Of course, it's worth pointing out that while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don't be surprised if it ignores this one too...

Pleading an insanity defense may work in some extreme cases, but it seems like a pretty big stretch to plead insanity as a defense to hacking someone's computer to access their email. The case involved a defendant in an existing case, who hacked into the plaintiff's email accounts to aid his case. When caught, he then claimed that his bipolar disorder caused him to hack the email account. Yeah. Not surprisingly, the judge was not impressed. So, sorry, but claiming "not guilty of hacking by reason of insanity" probably isn't going to get you very far.

We've been following the EFF's patent busting efforts for its list of the 10 worst patents, and it looks like an East Texas jury may have at least partially invalidated one of the patents, 6,411,947, which describes a method for automatically routing emails. As the EFF noted, this patent appeared to cover "basic natural language processing techniques taught in introductory computer science courses."

Things took a more interesting turn when the guy holding the patent, Erich Spangenberg and his hoarding company, Polaris IP, decided to sue Google, Yahoo, Amazon, AOL, IAC and Borders for daring to automate email responses without first paying him. If Spangenberg/Polaris sound familiar, it's because he's become one of the more prolific patent hoarders out there lately, and a couple years ago had to pay out $4 million to Daimler, after he apparently used various shell companies to move some patents around and sue Daimler multiple times over the same patent, even though an earlier settlement had him promising not to assert that patent against the company again. Spangenberg also believes in suing first before contacting a company, and always suing in East Texas, because the juries there like to hand out giant awards.

Spangenberg's legal strategy in this particular lawsuit was also quite questionable, as he demanded that Google hand over information concerning its lobbying efforts on patent reform. What that had to do with whether or not Google infringed on this particular patent was never clearly explained.

Either way, Spangenberg's faith in East Texas juries may have been misplaced this time around:

The jury found three of the patent's claims invalid based on the public use bar, obviousness, and for lacking written description. The jury also found that neither Google nor Yahoo! infringed those claims. Finally, the jury found the entire patent invalid due to improper inventorship.

Separately, per Google's request, the USPTO has already been re-examining the patent. The scorecard on this list of patents is increasingly tilting in the EFF's favor, but it's a statement of how awful the patent system is to note how long this has taken. The EFF announced its patent busting project in 2004. And while the process is on-going to invalidate many of them, it's taking quite a long time -- all the while allowing patent holders to create frivolous lawsuits that waste money that could be spent on actual innovation.

We've had plenty of stories over the years about how the whole barriers between "work" and "life" continue to blur, and that's causing problems in some areas. Two years ago, we noted that some employees were upset to have to sign documents making it clear that checking email on Blackberries would not count towards overtime work. Last year, we questioned if paying employees hourly wages still made sense in many cases because of situations like this. The issue has come up again, as a Chicago police officer is suing for overtime for use of his Blackberry during off-hours. Obviously, there are some jobs where paying hourly could make sense, but if it's a job that's going to require a Blackberry and regularly checking in, it seems like it shouldn't be paid hourly, but as an exempt employee that gets paid a straight salary.

With last week's news that the United Arab Emirates and Saudi Arabia were going to block access for BlackBerry users over the inability to spy on RIM's servers, the news over the weekend that Saudi Arabia is testing three local servers that would alleviate the need for a ban has many wondering how secure their BlackBerry communications really are.

Of course, the more pertinent question may be how secure BlackBerry communications have ever been. One of the big complaints from the UAE and Saudi Arabia (and others) is that they believe RIM already lets certain governments access content flowing across their network. And, of course, no one seems willing to come out with a straight answer one way or the other on whether or not that's an accurate statement. However, as the NY Times article above makes clear, whether or not governments really do have access to RIM's network probably isn't as meaningful as some believe, since there are multiple different potential points of access for anyone wishing to monitor messages. About the only thing that is clear is that if you're communicating online, it's probably best to assume that, sooner or later, someone other than the intended recipients will probably see it.

Ash Crill alerts us to the news that the United Arab Emirates has announced plans to ban the use of Blackberries, and that Saudi Arabia has announced its intention to do the same. The issue is one we've seen before. The way the Blackberry works is all the data is encrypted and sent through RIM's servers. This pisses off governments who want to spy on the data. RIM, in the past, has noted that it has no way of spying on the email, even if some governments claim to have figured it out anyway (a claim that seems somewhat dubious as that same government later demanded RIM break the encrytpion again). It appears that a lot of folks in the UAE are quite upset about this -- especially as parts of the UAE (Dubai in particular) have spent the last decade plus trying to present themselves as an ideal place for foreign business activity.