Appeals Court Says Emails Are Protected By The 4th Amendment

from the good-news dept

There have been a bunch of court cases recently that have explored the question of whether or not emails stored by your ISP were protected by the 4th Amendment. Some have made the argument that “stored communication” is not protected by the 4th Amendment due to the “third party doctrine,” whereby you effectively give up your 4th Amendment rights because you’ve provided your data to someone else. Different courts have sorta bounced this topic around, ruling in a variety of different ways, while often punting on answering the question directly.

However, it appears that the 6th Circuit appeals court has said enough is enough and has ruled that your email is, in fact, protected by the 4th Amendment, with a rather clear statement on the matter:

Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age. Over the last decade, email has become “so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification.” Quon, 130 S. Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313; United States v. Waller, 581 F.2d 585, 587 (6th Cir. 1978) (noting the Fourth Amendment’s role in protecting “private communications”). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 (“It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.”).

If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call–unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.

Of course, it’s worth pointing out that while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don’t be surprised if it ignores this one too…

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Appeals Court Says Emails Are Protected By The 4th Amendment”

Subscribe: RSS Leave a comment
Anonymous Coward says:

I am surprised they did not try to use the “ISP = post office” (or, more specifically, “MTA = post office”) analogy before. It is the most obvious analogy in this problem space.

E-mail = “snail” mail
E-mail envelope (has only the return address and the real destinations) = “snail” mail envelope
MTAs (Mail Transfer Agents) = post offices
E-mail servers = buildings with post offices in them
Your E-mail inbox on the server = PO box
Internet connections = whatever they use to move the mails around (in the Internet case, it is not a truck, but a series of tubes)

I could go on and on.

pixelpusher220 (profile) says:

Re: Re:

My only concern with comparing ISPs to the Post Office/Phone Co. is that the Post Office and Phone Co. are highly regulated entities.

Do we really want that much regulation on top of email? What about instant messaging? Facebook? any electronic communication?

I like the 4th Amendment 😉 but it does perhaps bring some unwieldy side effects with it.

Marcus Carab (profile) says:

Re: Re:

The main difference, of course, being that the letter is replicated at each step, and sometimes those replicas are stored in logs

(I still fully agree with the conclusion that they should be protected – but that is the main difference in the analogy, as it is in just about every comparison between the digital and physical realms)

Anonymous Coward says:

More than likely, this one will get overturned.

The transport of email is given over to any number of private companies and individuals. The very distributed nature of the internet for transport of data by definition makes that data somewhat less than private. The presence of a 3rd party sort of negates much of the privacy. The administration of any email system can easily read any of the messages pending in their system (because they are not generally encoded). Those pending emails might be copied onto backup tapes, etc.

Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared. It is more akin to passing a note in your class room from hand to hand, with maybe two or three people in the middle reading it on the way. There is no way to know.

What is on your computer is private. What is in someone else’s possession, well… not so sure.

pixelpusher220 (profile) says:

Re: Re:

“Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared.”

Neither is voice communication over the phone. It too runs through multiple private companies on its way to the destination. More so now that VOIP exists.

The difference? regulation on what those private entities must do and can do.

The Baker says:

Re: More than likely, this one will get overturned.

I won’t argue that it may get overturned due to political pressure … in this case reading through the actual ruling is very insightful. They do make parallels where a regular letter isn’t secured physically (just a thin envelope) and handled by many letter carriers who could easily open it, and with telephonic communications where where you have a reasonable expectation of privacy even though a 3rd party is handling and could listen to the transmission. Good reading. to be redundant.

Marcus Carab (profile) says:

Re: Re:

That is the other way of looking at it, yes – but the point isn’t that either view is more accurate than the other, but that one view preserves the spirit and intent of the fourth amendment while the other doesn’t. You can’t just read the law in a way that cripples part of the constitution and say “Well too bad, that’s that” – when it happens, it’s a sign that either your reading is flawed or the law needs to be updated.

Richard Kulawiec says:

Re: Re:

Most importantly, email is not a secure transmission method. There is no way to assure that the message is not tampered with, copied, duplicated or otherwise shared.

If it’s not encrypted and cryptographically signed, true. If it is — then the ability of an interloper to do this depends on the strength of the encryption algorithm.

However, worth noting is that mail envelope data is present in the clear at any MTA handling the message — because it has to be. Thus, even if mail submission, transmission, and retrieval are all set up to encrypted protocols on the wire, anyone with access to the submission, transmission or delivery MTAs can recovery that metadata. This is in turn facilitates traffic analysis, e.g., “who’s talking to who?” along with frequency measurement (“how often are they talking?”) and to a limited degree volume measurement (“how much are they saying?” — easily frustrated by attaching random junk to every message).

All that said, the increasing adoption of encryption at the MUA as well as the use of on-the-wire encryption are both good things; it’s just that we’re long overdue in deploying them.

btr1701 (profile) says:

Re: Privacy

> What is on your computer is private. What is in someone
> else’s possession, well… not so sure

The standard isn’t whether something is actually private or not, but whether an individual has a reasonable expectation of privacy from the government.

Sure, by using email, I pretty much cede some privacy to the ISP, but I don’t cede it to the Justice Department or the FBI.

Joseph Durnal (user link) says:

Likely to be overturned

The third party doctrine is pretty solid precedent, and there is no reason that it shouldn’t apply to e-mail, and this decision, while it tried to connect some dots, just didn’t make the case.

If you store your stuff in my house and I have a key to the room its in, I can let the cops search it just because. If your e-mail is on my server and it isn’t encrypted with a key I don’t have, I can give it to the cops. In both cases, if I choose not to give it to the cops, I can be compelled to by subpoena and subject to contempt if I do not comply.

If you think that the police can’t search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens.

I always say, don’t send anything via e-mail that you don’t want the world to know, because e-mail is not and never will be private communications.

pixelpusher220 (profile) says:

While your points are reasonable

“If you think that the police can’t search your mail via the US postal service, try and send yourself an envelope full of weed and see what happens.”

is just inane. Odor is detectable even through a closed paper container, even through plastic if one is not careful about the packaging.

Sending a letter with I’M A TERRORIST written on the outside will likely get your mail read too. That doesn’t mean they can just read any old letter they want.

Anonymous Coward says:

Private communication is still private regardless of form

I think this ruling is important and should be upheld considering how important email has become. I regularly send information that could be considered confidential. I do what I can by using initials but nonetheless someone could gather quite a bit of info they shouldn’t be in possession of if they intercepted or read my private emails.

I think there is most definitely an expectation of privacy regardless of email not being encrypted or protected in any real way. I don’t see how we can rationalize allowing anyone, regardless of government authority, to pilfer through private emails without something along the lines of a search warrant.

Joseph Durnal (user link) says:

Re: Private communication is still private regardless of form

Maybe it is just because I know a bit about hosted e-mail, and some of the legal issues involved, I’ve done some technical consulting in that area, but even before that, I’ve always assumed that any data of mine on a server that I don’t control is essentially public. I suppose it is the geek in me, but a person’s ignorance about the technology they use daily does not equal an expectation of privacy.

Pierre Wolff (profile) says:

Better to beg for forgiveness than ask for permission

Per the point made in the last line of this post:

while this court says the government is forbidden from wiretapping without a warrant, our government has decided it can ignore that rule, so don’t be surprised if it ignores this one too…

We see that indeed whether the gov’t knew or not, so long as they make appearances to have acted in good faith, breaking the law might just be incidental. From the decision, here’s the excerpt that leaves something to the imagination:

We find that the government did violate Warshak?s Fourth Amendment rights by compelling his Internet Service Provider (?ISP?) to turn over the contents of his emails. However, we agree that agents relied on the SCA in good faith, and therefore hold that reversal is unwarranted.

“Oops, sorry, we violated your rights by picking the wrong laws, but hey we found something so you should be punished anyway. You can trust us, we would never do anything to cause you harm….on purpose.” 😉

needy says:

wont make any difference whatsoever. the government will still do what it wants to do, just as it always does! no one cares about a persons rights at all. we are fast heading towards the type of society that millions died for preventing, ie one where everything we do is watched, documented and recorded so it can be used against us, as and when it is felt like! here comes 1984, with a vengeance! hope you all enjoy it!

kilroy says:

to what extent can you expect privacy ...

If I were to say out loud in a coffee shop I like girls, how private is that? Someone sitting two table over might hear & repeat the statement. Email is like that … Unless you encrypt the data how much privacy do you actually believe you have?

Now if the email is encrypted, then I believe you have the right to expect privacy …

Another Coward says:

Legal versus Physical protection

About half the comments to this story confuse the legal protection (Who is allowed to read it, or at least try) with the physical protection (Who has the ability to read it, if they don’t mind breaking the law).

Examples with physical mail:

  • If you place a letter in a self-destruction envelope, put it in a steel vault, weld the door shut and surround it with a giant army, a warrant still entitles the police to read it to the best of their ability.
  • If you write something on a postcard and put it in an unlocked mailbox at the roadside (as is common in the US), it is still a letter protected by the law and the police still need a warrant to open the lid and read it.

Comparing these two scenarios to e-mail, I get this, as did the court:

  • Encrypting e-mail is like the guarded strongbox with the self-destruction envelope, it may physically stop the police, but does not protect you from the Law.
  • The trivial need to issue some kind of command to the ISP mail server to grab an unencrypted e-mail is like the trivial need to open the lid on a roadside mailbox. Not enough to stop any passer by from reading your mail, but just enough to implicitly tell law abiding people to stop snooping unless they have a warrant AND a badge.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...