Feds told they need warrants for webmail
A federal appeals court has upheld a lower court's ruling against warrantless seizures of email. Law enforcement agents need to obtain a warrant before looking at a user's email even if it is stored online, the Sixth Circuit Court of Appeal ruled on Wednesday.
For 20 years, long before the introduction of knee-jerk law enforcement powers ushered in the wake of the 9/11 attacks, the Stored Communications Act (SCA) has been used by government agents to carry out secret searches and seizures of stored email, without requiring a warrant. A case brought by Steven Warshak challenged this practice.
In an important ruling, a district court said in July 2006 that the SCA violates the Fourth Amendment by allowing secret, warrantless searches of email stored with a third party. The government appealed arguing, in part, that the Fourth Amendment doesn't protect emails at all when they are stored with an ISP or a webmail provider such as Hotmail or Gmail.
The 6th U.S. Circuit Court of Appeals disagreed, upholding the lower court's decision and affirming that users have a "reasonable expectation of privacy" about content in emails stored on a remote host.
It's unlikely that the US government will let matters rest there and further appeals are likely.
The Electronic Frontier Foundation, which supported Warshak in the case, has published a number of papers giving more background on the case here. ®
Reasonable expectation of privacy.
This would also benfit providers in that they don't have to anti-up emails based on any old pc plod request. Just because you are a Fed or a cop does not give you right to just go and demand that a provider hand over someones email.
For instance say the emails belonged to neighbour, a spouses friend. Get the idea.
The idea of claiming that information in storage was can be obtained by the goverment with out due course has been repeatedly in the news recently. Telephone call monitoring, telling search engines to hand over there stored search data being the major two.
If email is allowed to be obatined this way, with out a court order, because it is stored on a providers server, whats to say that PC plod can't just go all the way, flash his ID and demand to see any persons ip record in full from any ISP.
I think that any resaonable person would not expect the goverment to be looking into their private life. That the goverment needs to provide resonable proof to a court before it or PC plod does.
RE: Reasonable expectation of privacy.
The issue covered by the judgment is not one of the security of the transmission of e-mail. It's all about the requirement of law enforcement officials to get the court's approval, in the form of a warrant, to search for suspected evidence.
The law enforcement agency was contending that if the data is still on the server of the provider they don't need a warrant. That they can bypass the court's oversight by going to the e-mail provider and demanding (or requesting) they hand over the messages.
In saying that, they are basically asserting that once an e-mail message is in the hands of your provider, you have put it into the 'open field' (a.k.a. public view) and it is therefore not subject to warrant requirements. This would be comparable to leaving your bank-robbery plans on the table of a restaurant: the police don't need a warrant if they convince the restaurant owner to give it to them.
Several rulings have been made on very similar matters...
The courts have always finally ruled that the authorities can't skirt the requirement of a warrant by getting the data from a storage facility. The originator of data has a reasonable expectation of privacy in that a storage facility, being that they are not the owner or recipient, has no inherent right to use the data. Therefore sending it through or storing it with them is not putting it into the open field, which means they have no right to hand it over to the authorities of their own accord... and that means that a warrant is required.
RE: "Reasonable expectation"
What you said about the channel being insecure is all very true and I'm sure that better than 90% of Reg readers would understand it (and better than 80% would have already known it)... BUT this is a US legal decision we're talking about. Most court cases like this hang on the "reasonable person" standard and, based on case law, a person who just meets that standard is a half-wit who can barely function in society.