Feeds

Cloud computing lets Feds read your email

You have 'no expectation of privacy'

Intelligent flash storage arrays

Last week the Court of Appeals, not satisfied with finding that Warshak's claim was not "ripe" because he couldn't say where or when the government was going to seize his email, went further in a very dangerous manner. The Warshak court said that it had no idea if emails potentially seized by the government without a warrant would be subject to any expectation of privacy by Warshak. The Court noted that ISPs have all kinds of policies and practices regarding the privacy of their customers electronic communications, with some like AOL saying that the ISP "will not read or disclose subscribers' emails to anyone except authorized users," some like Juno saying they "will not intentionally monitor or disclose any private email message" but that it "reserves the right to do so in some cases" and some like Yahoo stating that they shall have the right to pre-screen content, or that content may be provided to the government on request.

The court for example relied on Google's Gmail service, which permits automated review of the contents of email (for advertising purposes), or statements by corporate employers eschewing an expectation of privacy by users of the system. The government urged the court to go even further, arguing that there is no constitutional protection of privacy in email where, for example, the ISP used malware scanners to look for malicious code in email or deep packet inspection of email.

Couple this with prior Supreme Court precedent in Smith v. Maryland, where the government sought to subpoena from a telephone company a subscriber's use data - information such as time of calls, who they called and how long the call lasted. Just as with Warshak, the defendant claimed that the government needed a search warrant, and the government claimed that Smith had no reasonable expectation of privacy in this "non-content" information. The Supreme Court agreed with the government, noting "we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must "convey" phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills."

Applying that rationale to email, all (well, most) internet users realize that they must "convey" email content to the ISP, since it is through the ISP's routers that their emails are transferred. All (most) users realize that the ISP has facilities for making permanent records of the contents of their email - storing it - for they see a list of their emails when they log on.

The Smith court went further. It noted that the Court "consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" and that:

When [Smith] used his phone, [he] voluntarily conveyed numerical information to the telephone company and "exposed" that information to its equipment in the ordinary course of business. In so doing, [he] assumed the risk that the company would reveal to police the numbers he dialed.

Thus, when you "voluntarily" turn stuff over to a third party - a bank, an accountant, the phone company, or presumably an ISP, you run the risk that they can turn it over to the cops, and therefore you have "no expectation of privacy".

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.