How safe is stored e-mail from the prying eyes of government authorities? Not very. It would be a whole lot safer if a decision by a federal judge in Ohio were left standing, according to a trio of civil rights groups.
The decision by District Court Judge Susan J. Dlott declared unconstitutional provisions in a statute that allow law enforcement authorities access to stored e-mail without a search warrant or prior notice.
That ruling in Warshak v. United States has been appealed by the U.S. Justice Department (DOJ).
The rights groups — the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology and the American Civil Liberties Union of Ohio — believe the decision should be left standing and on Wednesday they filed with the appeals panel a “friends of the court” brief saying so.
Stored Communications Act
The controversy centers on a section of the federal Stored Communications Act that permits the government to compel the disclosure of the contents of e-mail by providers of electronic communications services, based on a court finding that there’s “reasonable grounds” that those contents are relevant and material to an ongoing criminal investigation.
“Until this case, no court had ever declared [that section] to be unconstitutional,” the DOJ argued in papers submitted to the Court of Appeals for the Sixth Circuit.
“For twenty years,” the DOJ wrote, “the Stored Communications Act (SCA) has set forth the procedures that the government must follow to compel disclosure of e-mail, and no court has previously held it to be unconstitutional. In this case, on a nearly nonexistent factual record, the district court held the SCA facially unconstitutional to the extent it allows the government to compel disclosure of e-mail without prior notice to the account holder.”
For the rights groups, however, the e-mail of 20 years ago isn’t the e-mail of today. What may have been good law then, they contend, is dubious law now.
Robert Ellis Smith, though, publisher of the Privacy Journal in Providence, R.I. contends the SCA isn’t showing signs of old age.
“The law was updated in the late ’80s to reflect computer changes,” he said. “I don’t think it is antiquated.”
Nevertheless, in their amici brief, the rights groups argued, “This case must be considered in the context of one overriding fact: millions of Americans use e-mail every day for practically every type of personal business.”
Expectation of Privacy
“Private messages and conversations that once would have been communicated via postal mail or telephone now occur through e-mail, the most popular mode of Internet communication,” the groups continued. “Love letters, family photos, requests for (and offerings of) personal advice, personal financial documents, trade secrets, privileged legal and medical information — all are exchanged over e-mail, and often stored with e-mail providers after they are sent or received.
“These myriad private uses of e-mail demonstrate society’s expectation that the personal e-mails sent and received over the Internet and stored with e-mail providers are as private as a sealed letter, a telephone call, or even papers that are kept in the home,” they maintained.
“Yet,” they added. “the government asks the Court to announce to e-mail users in this Circuit that, contrary to their expectations, they have actually been sending and storing ‘e-postcards’ instead of e-mail all along, and that the Fourth Amendment does not protect their messages against government intrusion.”
‘Serious Violation of Privacy’
If the government wants to look at the contents of someone’s e-mail without telling them about it, then it needs to obtain the same authority it needs to physically search private property, maintained EFF Staff Attorney Lee Tien.
Judge Dlott told the government that “when you’re going for the content of someone’s e-mail through their e-mail provider, that’s a serious violation of their privacy,” Tien told TechNewsWorld.
“When you do that, if there’s no notice, as there is with an ordinary subpoena, then you need to get a probable cause search warrant,” he continued.
However, the DOJ, in its brief to the court, countered:
“In mandating a probable cause standard, the district court applied the wrong legal standard. Imposing a probable cause standard on the government’s use of compelled disclosure ignores a fundamental purpose for compelled disclosure: to determine if probable cause exists.”
The assumptions underlying the compelled disclosure provisions of the Stored Communications Act are faulty, according to Susan Brenner, a professor of law at the University of Dayton in Ohio.
“The premise of the statute is that when I have information that I put in the hands of a third party — whether it’s a bank or an ISP (Internet Service Provider) or whatever — I’ve lost all expectation of privacy,” she told TechNewsWorld. “I don’t think that’s true.”