The Register® — Biting the hand that feeds IT

Feeds

Feds told they need warrants for webmail

Fourth Protocol

By John Leyden, 19th June 2007
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

A federal appeals court has upheld a lower court's ruling against warrantless seizures of email. Law enforcement agents need to obtain a warrant before looking at a user's email even if it is stored online, the Sixth Circuit Court of Appeal ruled on Wednesday.

For 20 years, long before the introduction of knee-jerk law enforcement powers ushered in the wake of the 9/11 attacks, the Stored Communications Act (SCA) has been used by government agents to carry out secret searches and seizures of stored email, without requiring a warrant. A case brought by Steven Warshak challenged this practice.

In an important ruling, a district court said in July 2006 that the SCA violates the Fourth Amendment by allowing secret, warrantless searches of email stored with a third party. The government appealed arguing, in part, that the Fourth Amendment doesn't protect emails at all when they are stored with an ISP or a webmail provider such as Hotmail or Gmail.

The 6th U.S. Circuit Court of Appeals disagreed, upholding the lower court's decision and affirming that users have a "reasonable expectation of privacy" about content in emails stored on a remote host.

It's unlikely that the US government will let matters rest there and further appeals are likely.

The Electronic Frontier Foundation, which supported Warshak in the case, has published a number of papers giving more background on the case here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (12)
Latest Comments
Anonymous Coward
Anonymous Coward

Reasonable expectation of privacy.

This would also benfit providers in that they don't have to anti-up emails based on any old pc plod request. Just because you are a Fed or a cop does not give you right to just go and demand that a provider hand over someones email.

For instance say the emails belonged to neighbour, a spouses friend. Get the idea.

The idea of claiming that information in storage was can be obtained by the goverment with out due course has been repeatedly in the news recently. Telephone call monitoring, telling search engines to hand over there stored search data being the major two.

If email is allowed to be obatined this way, with out a court order, because it is stored on a providers server, whats to say that PC plod can't just go all the way, flash his ID and demand to see any persons ip record in full from any ISP.

I think that any resaonable person would not expect the goverment to be looking into their private life. That the goverment needs to provide resonable proof to a court before it or PC plod does.

0
0
Anonymous Coward
Anonymous Coward

RE: Reasonable expectation of privacy.

The issue covered by the judgment is not one of the security of the transmission of e-mail. It's all about the requirement of law enforcement officials to get the court's approval, in the form of a warrant, to search for suspected evidence.

The law enforcement agency was contending that if the data is still on the server of the provider they don't need a warrant. That they can bypass the court's oversight by going to the e-mail provider and demanding (or requesting) they hand over the messages.

In saying that, they are basically asserting that once an e-mail message is in the hands of your provider, you have put it into the 'open field' (a.k.a. public view) and it is therefore not subject to warrant requirements. This would be comparable to leaving your bank-robbery plans on the table of a restaurant: the police don't need a warrant if they convince the restaurant owner to give it to them.

Several rulings have been made on very similar matters...

The courts have always finally ruled that the authorities can't skirt the requirement of a warrant by getting the data from a storage facility. The originator of data has a reasonable expectation of privacy in that a storage facility, being that they are not the owner or recipient, has no inherent right to use the data. Therefore sending it through or storing it with them is not putting it into the open field, which means they have no right to hand it over to the authorities of their own accord... and that means that a warrant is required.

0
0
Anonymous Coward
Anonymous Coward

RE: "Reasonable expectation"

What you said about the channel being insecure is all very true and I'm sure that better than 90% of Reg readers would understand it (and better than 80% would have already known it)... BUT this is a US legal decision we're talking about. Most court cases like this hang on the "reasonable person" standard and, based on case law, a person who just meets that standard is a half-wit who can barely function in society.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15