The Wiretap Act and email
p2pnet.net: Wiretap law 'eviscerated'
This article from p2pnet.net reports that in the case of USA v. Bradford C. Councilman the First Circuit (not the Ninth, mentioned later, which was involved in earlier related decisions) found that an email service provider's interception of customer email did not constitute a wiretap. Evidently since "the emails were in electronic storage", which I suppose means that the emails sit in RAM or on a hard disk on the mail server, the service provider's act did not constitute an interception in the legal sense.
My first thought is that the court's decision is bullshit. Taken from the court decision itself:
Okay, sure. Then how do they get to:
I guess, if they're thinking of someone accessing stored emails on a hard drive that were sent long ago, that's not truly wiretapping. While technically in both cases the emails are in electronic storage (in RAM or on a hard disk on some computer), the semantic difference is tremendous. Electronic storage on an intermediary server should not be considered equivalent to electronic storage on a personal computer.
Unfortunately, their position comes straight from past decisions. The majority opinion reports decisions by the Fifth Circuit in Steve Jackson Games, Inc. v. United States Secret Service and by the Ninth Circuit in Konop v. Hawaiian Airlines, Inc. which state categorically that the Wiretap Act does not apply to communications in electronic storage.
This is too broad a statement. There's no way that we can accept such a broad judicial principle; being "in electronic storage" means a world of different things.
My second thought, unrelated to the first, concerns the ever-present question, what is the right thing to do? To me, at least, Councilman was in the wrong. No email service provider ought to intercept messages because they are from a competitor - this is like the stories of Hotmail blocking Gmail invites (see, for example, this article), though not quite as egregious since the emails are merely copied. But if we were to enact a broad principle stating that interception of emails is illegal, then Gmail service would be illegal, as would the almost universal virus scanning of incoming email. So it seems appropriate to tolerate interception for some purposes. But whenever an act is tolerated under some motives and not under others, law gets murky.
The ultimate solution is to permit interception with full disclosure - but disclosure in a more obvious way than buried within the ghastly license agreements that we all agree to unread when we sign up for a service or install software. I'm not certain what appropriate disclosure would be. I just know that if people knew this guy was copying emails from Amazon, nobody would use his service, and the market would take care of the problem.
Perhaps this is a principle that can be applied to other areas of IP law and policy. Make more actions permitted but clearly disclosed; then let the market sort the acceptable from the not. It's an interesting thought, at least.
This article from p2pnet.net reports that in the case of USA v. Bradford C. Councilman the First Circuit (not the Ninth, mentioned later, which was involved in earlier related decisions) found that an email service provider's interception of customer email did not constitute a wiretap. Evidently since "the emails were in electronic storage", which I suppose means that the emails sit in RAM or on a hard disk on the mail server, the service provider's act did not constitute an interception in the legal sense.
My first thought is that the court's decision is bullshit. Taken from the court decision itself:
"Intercept" is defined as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device."
Okay, sure. Then how do they get to:
[T]he district court held that Congress did not intend for the Wiretap Act's interception provisions to apply to communication in electronic storage.
I guess, if they're thinking of someone accessing stored emails on a hard drive that were sent long ago, that's not truly wiretapping. While technically in both cases the emails are in electronic storage (in RAM or on a hard disk on some computer), the semantic difference is tremendous. Electronic storage on an intermediary server should not be considered equivalent to electronic storage on a personal computer.
Unfortunately, their position comes straight from past decisions. The majority opinion reports decisions by the Fifth Circuit in Steve Jackson Games, Inc. v. United States Secret Service and by the Ninth Circuit in Konop v. Hawaiian Airlines, Inc. which state categorically that the Wiretap Act does not apply to communications in electronic storage.
This is too broad a statement. There's no way that we can accept such a broad judicial principle; being "in electronic storage" means a world of different things.
My second thought, unrelated to the first, concerns the ever-present question, what is the right thing to do? To me, at least, Councilman was in the wrong. No email service provider ought to intercept messages because they are from a competitor - this is like the stories of Hotmail blocking Gmail invites (see, for example, this article), though not quite as egregious since the emails are merely copied. But if we were to enact a broad principle stating that interception of emails is illegal, then Gmail service would be illegal, as would the almost universal virus scanning of incoming email. So it seems appropriate to tolerate interception for some purposes. But whenever an act is tolerated under some motives and not under others, law gets murky.
The ultimate solution is to permit interception with full disclosure - but disclosure in a more obvious way than buried within the ghastly license agreements that we all agree to unread when we sign up for a service or install software. I'm not certain what appropriate disclosure would be. I just know that if people knew this guy was copying emails from Amazon, nobody would use his service, and the market would take care of the problem.
Perhaps this is a principle that can be applied to other areas of IP law and policy. Make more actions permitted but clearly disclosed; then let the market sort the acceptable from the not. It's an interesting thought, at least.
2 Comments:
An interesting point about this wiretap law. I guess the real questions isn't really one of wiretapping, but when does an electronic message become legally sent/received by a person.
If the status of a message is new, can that be considered wiretapping, as the recipient has as of yet to receive the message (ala a missed phone call). Or is simply having it sit in a "to be delivered" stack able to be considered a received message?
If the status of a message is already viewed (such as in the case of an IMAP stored system) I think the bigger question becomes one of ownership at that point. Should a warrant be required to be presented to both the storage space owner AND the data owner to read/intercept this?
Obviously this needs to be further thought out, debated, and defined for future legal reasonings.
Dan (who still hates Bloggers you need to register to leave comments system)
For the first question, as I interpret the decision, it is almost impossible to apply the wiretap act to email communications - if the message is sent but unread, or even if it is in the act of sending and passing through a server, it is "in electronic storage" and does not constitute a wiretap.
Unfortunately for this case, the wiretap act is the law that the plaintiff used to challenge the ISP's action, so that's what we have to deal with. This particular case really isn't anything new, just a copy of the decision from the other cases, though that doesn't make those decisions valid in my view.
For the second question, the ownership issue is rather interesting. James Grimmelman said that the contractual agreements involved here make this a complicated issue, and that a better tool for a prosecutor would be arguing that the ISP exceeded authorization (making it more of a contractual issue rather than wiretapping); he's right on both counts. Just like you can't own the software you use (which, by the way, ticks me off as a matter of principle, but that's a story for a different day), I expect you can't own the contents of your email, and I am sure a warrant is not required for reading it. The circumstances under which the ISP is permitted to read your email depends on the license agreements for the account (and on what portions of that a court would consider enforceable).
Post a Comment
Subscribe to Post Comments [Atom]
<< Home