Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages.
In this post, I want to explain why the Eleventh Circuit’s position is wrong. I’ll start by explaining the argument’s origins in postal mail cases; I’ll turn next to Rehberg; I’ll then explain why I think the decision is based on a conceptual error; and I’ll conclude with some final thoughts.
I. The Source of the Argument: Fourth Amendment Protection in Postal Mail
To see where the 11th Circuit is getting this argument, you need to know a little bit about how the Fourth Amendment protects postal mail and packages. The Fourth Amendment ordinarily protects postal mail and packages during delivery. The same rule applies to both government postal mail and private delivery companies like UPS: As soon as the sender drops off the mail in the mailbox, both the sender and recipient enjoy Fourth Amendment protection in the contents of the mail during delivery. When the mail is delivered to the recipient, the sender loses his Fourth Amendment protection: The Fourth Amendment rights are transfered solely to the recipient. In practice, this works pretty simply: Each party has Fourth Amendment protection in the mail when they’re in possession of it, and both the sender and receiver have Fourth Amendment rights in the contents of the mail when the postal service or private mail carrier is holding the mail on their mutual behalf.
I should be clear that there are exceptions to these rules. For example, if a person sends a letter in what the Postal Service used to call “Fourth Class” mail — that is, mail that the Postal Service reserves the right to open — then it is not protected by the Fourth Amendment. See, e.g., Also, the Fourth Amendment protection only applies to the contents of the communication, not the outside. But the basic approach has governed postal mail privacy for a long time.
The new question is, how do to these principles apply to new communications technologies like e-mail and text messages? Unlike physical letters and packages, e-mails and text messages are just data. Communications technologies use digital networks that generate copies of the communications in the course of delivery. Those copies often stick around on servers when a copy of the communication reaches its destination. The Stored Communications Act provides statutory privacy protection to those communications stored on third-party servers, see 18 U.S.C. 2703. But does the Fourth Amendment protect those copies of communications as well? Right now the precedents are extremely sparse.
II. Rehberg v. Paulk
Enter Rehberg v. Paulk, decided by the Eleventh Circuit last week in an opinion by Judge Hull joined by Judges Carnes and Anderson. The case is kind of complicated, but here’s the relevant part. State investigators suspected Rehberg of a crime, and they allegedly used a state subpoena to obtain the contents of Rehberg’s e-mail from his Internet service provider, Exact Advertising. The complaint suggests that the government obtained both incoming and outgoing e-mails stored with Rehberg’s ISP; according to the complaint, investigators “obtained Mr. Rehberg’s personal e-mails that were sent and received from his personal computer.”
The charges against Rehberg were later dismissed, and Rehberg filed a lawsuit that claimed among other things that obtaining his e-mail with only a subpoena violated his Fourth Amendment rights. The defendants moved to dismiss under Rule 12(b)(6).
The district court denied the motion to dismiss without really analyzing the Fourth Amendment claim, but the Eleventh Circuit ruled that obtaining Rehberg’s e-mails with a subpoena did not violate the Fourth Amendment because e-mail, once delivered, is not protected by the Fourth Amendment:
The subpoenas covered information Rehberg had provided voluntarily to third parties and for which Rehberg did not have a legitimate expectation of privacy. Thus, the subpoenas did not violate Rehberg’s Fourth Amendment rights to be free of unreasonable search and seizure.
In order for Fourth Amendment protections to apply, the person invoking the protection must have an objectively reasonable expectation of privacy in the place searched or item seized. The Supreme Court “consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743–44, 99 S.Ct. 2577, 2582, 61 L.Ed.2d 220 (1979). “[T]he Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” United States v. Miller, 425 U.S. 435, 443, 96 S.Ct. 1619, 1624, 48 L.Ed.2d 71 (1976).
. . .A person also loses a reasonable expectation of privacy in emails, at least after the email is sent to and received by a third party. See Guest v. Leis, 255 F.3d 325, 333 (6th Cir.2001) (An individual sending an email loses “a legitimate expectation of privacy in an e-mail that had already reached its recipient”); United States v. Lifshitz, 369 F.3d 173, 190 (2d Cir.2004) (An individual may not “enjoy [ ] an expectation of privacy in transmissions over the Internet or e-mail that have already arrived at the recipient”); see also United States v. Perrine, 518 F.3d 1196, 1204-05 (10th Cir.2008) (“Every federal court to address this issue has held that subscriber information provided to an internet provider is not protected by the Fourth Amendment’s privacy expectation”) (collecting cases).
Rehberg’s voluntary delivery of emails to third parties constituted a voluntary relinquishment of the right to privacy in that information. Rehberg does not allege [the police] illegally searched his home computer for emails, but alleges [the police] subpoenaed the emails directly from the third-party Internet service provider to which Rehberg transmitted the messages. Lacking a valid expectation of privacy in that email information, Rehberg fails to state a Fourth Amendment violation for the subpoenas for his Internet records.
III. Why the Eleventh Circuit is Wrong
I think the Eleventh Circuit’s analysis is wrong. To see why, let’s start by considering Rehberg’s outgoing e-mails, which seem to be the focus of the Eleventh Circuit’s opinion. It is true that when information is disclosed to a third party, the Fourth Amendment no longer protects the information disclosed. That’s the teaching of Miller and Smith (and, for what it’s worth, and I think those teahcings are correct). But when many copies of information are made, you have to treat different copies differently. As a result, the fact that one copy of the communication has been received does not mean that all copies lose Fourth Amendment protection. As I explained in 2008:
Fourth Amendment rights are contextual. Data, whether in the form of numbers (like telephone numbers here) or text (in the case of a diary), does not have a preordained level of Fourth Amendment protection in the abstract. If you store your diary at home under your bed, you have Fourth Amendment rights in your diary because you have stored in it your home. If you go into the park and leave your diary out in the open, you lose Fourth Amendment rights in what you have left open because you have left it open. The Fourth Amendment rights derive from the steps that the government must go through to retrieve the information in context, not the essential nature of the data itself.
This means that you need to look at the government’s access to that particular copy of data, not just any copy of data. For a real-world example, imagine you write a letter and photocopy it before you put it in the mail. You file the copy in your closet and send the original. During the course of delivery, the original is protected by the Fourth Amendment; when it arrives, you lose Fourth Amendment protection. But the fact that you lose Fourth Amendment protection in the original does not mean that the Government can break into your house and read the copy you made. Conversely, the fact that the recipient of the mail does not have Fourth Amendment rights in the copy does not mean that the government can break into the recipient’s house to read the original.
For these reasons, the court should have analyzed access to the e-mails stored with the ISP based on whether there was a reasonable expectation of privacy in that remotely stored copy accessed, independently of delivery of another copy. Given that we’re only at the 12(b)(6) stage, and we don’t yet know all the facts, I don’t think we have any basis to conclude that Rehberg did not have a reasonable expectation of privacy in the e-mails obtained.
The conceptual error in Rehberg is in treating Fourth Amendment rights in the copy stored at the ISP as if it were the same as the Fourth Amendment rights in the copy that was delivered. I don’t think it works that way. The rules of Fourth Amendment protection are particular to each copy: The fact that one copy loses protection does not mean that the other copy loses protection. Indeed, just think about how differently the Fourth Amendment would apply to the postal network and e-mail under the 11th Circuit’s approach. In the postal mail setting, the government could never access postal mail without a warrant. The mail would be protected by the sender’s rights pre-sending; both the sender’s and the recipient’s rights in the course of delivery; and by the recipient’s rights post-delivery. In contrast, there would be much less Fourth Amendment protection in the e-mail setting. Because e-mail usually takes only a few seconds to deliver, the government could just go to the ISP of the person sending the e-mail and take all of their outgoing e-mails right off the server. Real-time wiretapping would be regulated, but the government would have pretty free access to stored contents.
Further, the complaint appears to allege that the government obtained both outgoing e-mails and incoming e-mails. Even if you believe that the sender’s reasonable expectation of privacy disappears as soon as a copy of the e-mail is delivered, presumably that delivery would not eliminate the recipient’s reasonable expectation of privacy. Recall how this works in the physical letter context: The sender’s rights extinguish when the letter arrives, but the recipient’s do not. Even if you accept the Eleventh Circuit’s argument, it would seem to apply only to e-mail in Rehberg’s outbox, not the e-mail in his inbox.
IV. Some Final Thoughts
Three final thoughts. First, I think it would be a different case, or at least a potentially different case, if the government had obtained the e-mails from the ISPs of people Rehberg had been e-mailing. It’s possible to argue that Rehberg does not have any Fourth Amendment rights in the copies stored on the recipient’s servers: That issue requires answering a somewhat tricky issue of when e-mail is “delivered” for Fourth Amendment purposes, eliminating the sender’s reasonable expectation of privacy. (That issue is actually raised by the DOJ amicus brief in City of Ontario v. Quon; I’ll be blogging about that soon.)
Second, there’s a legitimate argument that the Fourth Amendment does not apply at all to contents, delivered or undelivered, based on a pure application of the third-party doctrine. I don’t read the Eleventh Circuit as trying to make that argument, but I disagree with that position in this forthcoming article.
Finally, my argument does not mean that Rehberg should have necessarily prevailed on his Fourth Amendment claim. The Stored Communications Act expressly allows some contents of communications to be compelled with a subpoena. See 18 U.S.C. 2703(b). Although I think that provision is generally unconstitutional, for reasons cited above, whether that is “clearly established” is of course another matter. Given that the officers have a qualified immunity defense, the officers may be entitled to qualified immunity even if using a subpoena to compel the contents of e-mail violated the Fourth Amendment.
Profane says:
To put another twist on your example above:
If one writes letters and sends the originals, but makes photocopies of all outgoing correspondence and contracts with a third party to store the files, can the government subpoena them? Or are they protected by the Fourth Amendment? Would that depend on whether the third party was allowed to view the files or not?
Quote
March 15, 2010, 3:35 pmDR says:
Brilliant. I look forward to subsequent circuit opinions citing this blog post in the course of a contrary decision (or at least different analysis).
Orin — Isn’t the analogy to an ISP more like if you put a letter in the mail and then the mailman, in the course of delivery, opens it up and makes a copy? Rehberg has no reasonable expectation of privacy in a copy he doesn’t know exists. (Though I agree with you that we need more facts before dismissing at the 12(b)(6) stage.)
Quote
March 15, 2010, 3:37 pmJohn A says:
In another context, that a bookstore receives many copies of a copyrighted text does not mean that only one copy enjoys copyright protection.
Quote
March 15, 2010, 3:55 pmRHD says:
Your context-based analysis is persuasive. The court’s analysis, treating Fourth Amendment protection as an either-or choice based on whether any copy was disclosed, makes more sense when the issue is privilege (atty-client, etc.) but much less sense here.
Quote
March 15, 2010, 4:26 pmProf. S. says:
Okay, so what happens if you email yourself? For example, I have about 3 email addresses that I use. One is an old school email, one is a work email, and one is personal. Let’s say I send a file I created from one email to the other. Do I lose protections? Assuming I do not (because there is no 3rd party disclosure), how does the subpoena ensure that only emails going to 3rd parties are revealed (presuming the authorities do not know all of the email addresses I use and limit the subpoena accordingly).
Quote
March 15, 2010, 4:32 pmLeo Eko says:
Orin, very educational!
I have a question though. Let’s take your snail mail analogy one step further. The third party receives mail and discards it in his trash, knowing that it will ultimately end up in a recycling facility. Would Rehberg have Fourth Amendment protection in e-mails discarded from his trash folder at the ISP? In other words, knowing that deleted e-mails can always be retrieved, would the government violate his Fourth Amendment rights if it indulged in the digital equivalent of dumpster diving and retrieved his deleted e-mails?
Quote
March 15, 2010, 4:41 pmArthur Kirkland says:
Did any of the relevant Eleventh Circuit judges have (a) a birth certificate originally issued after 1940 or (b) a record of sympathy toward constitutional liberties?
If so, this would seem to be a particularly disappointing decision.
Stay on the case, Prof. Kerr.
Quote
March 15, 2010, 4:49 pmOrin Kerr says:
Leo Eko,
In that case, it’s a private search and the Fourth Amendment doesn’t apply. That is, the private party ISP disclosed the information on its own, not at the government’s command.
For a physical world equivalent, see United States v. Procopio, 88 F.3d 21 (1st Cir. 1996), in which thieves broke into a home, stole a safe, opened up the safe in a public park, and then left. The police came to investigate and found Procopio’s private records that he had stored in ths safe scattered across the park. Held: The Fourth Amendment doesn’t regulate accessing the records because the thieves’ private search had disclosed the records to the public, even though they had originally been stored in the safe.
Quote
March 15, 2010, 4:50 pmOrin Kerr says:
Arthur,
These are good judges, actually, and I’ve long been a particular fan of Judge Carnes. I just think they missed this one, perhaps because it was only one of many issues litigated in a civil case.
Quote
March 15, 2010, 5:22 pmHoward Gilbert says:
When you send E-Mail, you first transmit the message to the mail transfer agent machine of your own ISP. It is then transmitted through a potential series of mail transfer agents before it arrives at the agent of the ISP of the addressee. It is then transferred to a “postoffice” server machine that holds it until it is read by the E-Mail program of the addressee. At every step along the way at least the header of the message is read by the agents.[In most cases there will not be an intermediate SMTP agent, but the protocol doesn’t guarantee this.]
Meanwhile, several layers down in the protocol, communication between any two machines (clients/agents/postoffice) is handled over IP. Packets of data representing part or all of the message are transmitted through ISPs based on their destination IP address.
There is no way to anticipate the route an IP packet will take. It depends on the routes advertised to each ISP by the adjacent ISPs. Most of this depends on good faith. If the ISP in Sicily has a message for a network belonging to the Iranian Revolutionary Guards, and the ISP that is advertising the best route to that network is the one in Tel Aviv, then it sends the message through Israel because that appears to be the shortest route. Meanwhile neither the sender nor the receiver knows how the message was routed.
If I give a postcard to a postman, I have some reasonable expectation that it will be delivered by the USPS. However, if I give a post card to some kid on a bicycle, and tell him to go to the middle of town and give it to the first person he sees going in the right direction of the intended addressee, with no expectation of who will be asked to forward the card or even how many people will be involved in its delivery, do I have any reasonable expectation that nobody along the way will look down and read its contents? Does this change if there is a copier on every corner and each kid with a bicycle makes a copy of each message he carries?
There is no reasonable expectation of privacy in E-Mail unless you encrypt the contents. Of course, “reasonable expectation” is a term of art that courts can translate into “sufficiency widespread irrational expectation based on complete ignorance of technology”.
Quote
March 15, 2010, 5:40 pmOrin Kerr says:
Howard,
The reasonable expectation of privacy test is quite different from what you’re thinking it is. I posted on that issue here.
Quote
March 15, 2010, 5:58 pmJMA says:
I think the fact that email originated with a rather closed cult of geeks has had a very negative effect on whether or not one can or should expect privacy with regard to the contents of electronic correspondence. Just because nerds in general are a paranoid lot does NOT mean the rest of the good, upstanding people of this world should have to put up with their (ridiculous) rules for what is and is not private. If email servers work in such a way as to expose users to this sort of theft and deprive them of legal protection for correspondence, that’s a *bug* — not a feature.
This, by the way, is one of the things that still bugs me most about cloud computing. :(
Quote
March 15, 2010, 6:06 pmElliot says:
What exactly constitutes email delivery? X may send Y an email, but if Y’s computer is OFF, it can’t be delivered. Even if it is ON, it may not be logged onto the internet. If it is connected to the internet, Y still has to act to have the email transmitted to his computer. (Acknowledge some protocols act differently)
If Y invokes his email program and sees the title of the email, but has not clicked on it, is the email considered delivered? If Y sees the title and clicks DELETE, is it considered delivered? If Y sees the titls and clicks FORWARD, is it delivered to Y? If the first line is shown in Y’s email quick scan, is the whole email delivered, or only the first line?
And attachments? If Y reads the email, but does not download the attachment, is the attachment delivered?
Quote
March 15, 2010, 7:14 pmPintler says:
Pulling the data from the ISP seems sort of like steaming envelopes open to me.
I wonder, though, if those private mail box places aren’t a more direct analogy to an ISP. If I have mail waiting at one of those (or if I drop it off there to be sent), is that legally any different than a PO Box at the post office? Isn’t that the same as giving email to an ISP to deliver?
Quote
March 15, 2010, 7:32 pmcommon_sense says:
Prof Kerr,
I wonder if the Post Office-a government enforced monopoly with respect to 1st class mail-is the proper comparison for an ISP-essentially another private party I pay to pass along a message. If I physically pass a note to another party, don’t I lose my expectation of privacy in the note? Even if I ask the intermediary to pass the note along again, isn’t my right to privacy extinguished as soon as I give it to the intermediary? If not, why not? The intermediary may have a right to privacy (and I’d prefer an ISP that attempted to assert that right), but I can’t think of a reason why I would have one. Thanks for any reply.
Quote
March 15, 2010, 8:09 pmKirk Parker says:
Does it matter that, contra to carriers in the analogy that starts “if I give a post card to some kid on a bicycle, and tell him to go to the middle of town and give it to the first person he sees going in the right direction”, in real life the ISP’s and backbone providers are actually in the business of providing message transport?
Quote
March 15, 2010, 8:42 pmE-Mail Protections « 36 Chambers – The Legendary Journeys: Execution to the max! says:
[...] Filed under: Computinating, Curmudgeonliness — Kevin Feasel @ 8:58 pm Orin Kerr points out that the Eleventh Circuit court has cut down on 4th amendment rights to e-mails. Kerr is not very [...]
Lior says:
Technically speaking, email is similar to 4th-class mail: its contents are visible to the ISP in the course of transmission. Unlike postal mail (where the original physical message relayed through the system until it gets to the recipient), email relayed by making copies. It’s as if the postman would read the incoming letter at the post office, memorize it, and then recite the contents at your door. In that kind of system it doesn’t make sense to say that you expect privacy from the postman. The system works by the postman reading your letters.
This says nothing about statutory protection: if the ISP is prohibited by law from disclosing the contents, then the fact that the message was delivered shouldn’t change that. But is should affect the constitutional analysis.
There is a way to get privacy with email: encrypt the contents. The government would then be free to read the cyphertext, but getting the plaintext would require accessing the sender’s or recipient’s computers.
Quote
March 15, 2010, 9:10 pmcirby says:
Two thoughts:
First, the “visible to the ISP” argument is a bit thin. In the normal course of the day, the vast majority of email messages are NOT visible (or even known) to the people who run the mail servers. Without specific and privileged action (using a higher level access with a password), nobody should be able to even SEE those messages.
Second, if a normal person did it to examine the communications of a government employee, would it be permissible? If the same ISP admin intercepted and opened (for example) a piece of email from the IRS to a local law enforcement official, then released that text to the public, would they be immune from government prosecution for “intercepting” that email (even though it passed through the same server in the same fashion as the case above)?
Quote
March 15, 2010, 9:44 pmLior says:
cirby: during the course of the day, the vast majority of post-cards pass through the USPS system without anyone actually reading the contents (except for looking at the address). Does this mean that postcards gets 4th amendment protection? As far as I understand, the issue is whether the messages are visible in principle not whether they are actually read in practice.
If the IRS is concerned about disclosure of its communications, it should not send unencrypted messages on the public network. But in any case, whether such disclosure can be prohibited by statute or made into crime is irrelevant to the 4th amendment question of whether a warrant is required to compel disclosure.
Quote
March 15, 2010, 9:57 pmarbitrary aardvark says:
Descriptively, Orin tells us that 4th Amendment protection ends when a letter is received. Normatively, this sounds wrong. What are the cases?
Alice sends a letter to Bob. The police break down Bob’s door without a warrant or cause and read the letter. Based on the letter, they arrest Alice and Bob. Bob can file to have the letter excluded, and the fruits of that search, but Alice can’t?
Quote
March 15, 2010, 10:09 pmLior says:
The reason I was discussing post-cards was not accidental, by the way, and illustrates a way in which misunderstanding technology creates weird law.
With ordinary first-class mail there is a clear distinction between addressing information (on the outside of the envelope) and the contents of the message (inside the envelope). The law thus treats the two differently. A post-card is different: it’s a single piece of paper showing both address and contents. There is no 4th amendment privacy in post-cards as far as I know.
An email message is exactly like a post-card: it’s a single flat text file, starting with “headers” containing addressing information and following with the contents of the message. It makes no sense to distinguish these parts of the message, and they should be treated together. Since the headers are fair game without a warrant, the same should hold for the contents of the message.
You may argue that the ISP’s computer reads the headers in order to transmit the message, so the headers should get less protection. But then most ISPs read the whole of the message — for example to see if it is spam, or to offer targeted advertizing. If these processing stages don’t remove 4th amendment protection, then why is the processing stage of reading the headers treated any differently?
Quote
March 15, 2010, 10:26 pmKirk Parker says:
Lior, shouldn’t that read:
Quote
March 15, 2010, 11:36 pmJust sayin' says:
A postcard can be read just by glancing at it, no special action or tools needed. And that is obvious when you send it. An email can’t be seen just by looking at the wires and boxes it passes through. It takes specific intentional action to convert those 1’s and 0’s to text. And the sender and receiver think they have privacy because they password protect their accounts. Remember that telephone repair folks can hear conversations in the course of working on the phone lines. Nevertheless, we still have a right of privacy in the content of that call. To deny 4th. amendment protection to email could grind commerce to a halt. Does the government really want their spooks to have to decrypt everything that pass through a CALEA center because some hillbilly DA could not bother to apply for a warrant?
Quote
March 15, 2010, 11:39 pmKirk Parker says:
(should have added): in other words, all of the copying is completely incidental to the relaying of the message. And even in the case of an IMAP mail server, couldn’t it be argued that the message going from the server to your client isn’t delivery, because the IMAP mail store for your mailbox is your mail store? In other words, once the letter carrier has pushed the letter through the mail slot in your front door, isn’t it delivered, whether or not you have opened the envelope yet?
Quote
March 15, 2010, 11:41 pmJust sayin' says:
Just curious–will attorney client priv. now be considered waived if the communication takes place by email?
Quote
March 16, 2010, 12:19 amOrin's beard says:
While the Fourth Amendment analysis is interesting, I can not understand why it is being discussed. Didn’t Congress enact ECPA and SCA in order to regulate searches and seizures in this area? As I understand it a 1983 action can lie in violation of the statute or Constitution, so why does the court go straight the the Constitutional violation without discussing the potential statutory violations?
Quote
March 16, 2010, 1:12 amLior says:
Kirk Parker & Just sayin’: please reconcile your answers with the fact that e-mail header information is not protected by the 4th amendment. Why are the “From:”, “To:”, or “Subject:” line treated any differently from the content of the message? None is seen by a human during transport, all copies of them are incidental to the transmission, etc etc (the fact that you got a piece of physical mail cannot be private since the postman has to deliver it).
PS: The same absurd situation holds with respect to telephone calls and faxes. It made sense at the time when calls were switched by a human operator, but that time is long past.
PPS: Police-wise I think an “infrastructure” approach would make sense, whereby any outwardly privacy-respecting transmitting agency (phone company, ISP, UPS, etc) would be treated the same, with addressing information only being public if it is actually used by a human agent in the ordinary course of transmission. But that’s not the way things are treated right now, as far as I can tell.
Quote
March 16, 2010, 2:31 amKirk Parker says:
Lior,
What answers? Mine were both questions (though unfortunately I messed up and terminated the first one with a period.)
Now I’ll ask a couple more: you are aware that the readable From: and To: lines are not used for that actual delivery of the email, aren’t you? And if we’re heading straight to “ought” or policy, don’t you think the division between the envelope-addressee and content (headers and all) is the most sensible in terms of analogy to previous physical models?
Quote
March 16, 2010, 5:08 amLior says:
Kirk: re-reading the SMTP specification, I take my claims back. You are right that addressing information is transmitted separately from the text of the message; headers are read by clients and ignored by servers.
On the policy side, I disagree that the separation of addressing and content for email is similar to that for 1st class mail and maintain that it is still similar to postcard. In the case of physical mail, a human actually examines the address in the process of delivery, but never the contents of the message. In the case of email, computers examine both the address and the message. They are transmitted separately but both are read and analyzed during the transmission.
Does the fact that Google displays ads based on the text of email means that gmail users lose their 4th amendment privilege? What about users of an ISP which filters spam? If not, then why is there no privilege in the addressing information?
Since the addressing and content are public to the same degree (both examined by computers along the way) I think they should be treated similarly. Either (current regime) unprivileged or (better regime) both privileged.
Quote
March 16, 2010, 6:39 amrosignol says:
The problem is actually that calling it ‘e-mail’ has created an expectation in the non-technical that the rules that apply to ‘mail’ also apply to ‘e-mail’.
The reality is that e-mail is about as private as a postcard. Mailservers generally don’t encrypt messages in transit (there are a few exceptions), or on the mailspool. You can sit on the wire with a packet sniffer and read them directly (which is basically what Carnivore does), you can read them off the mail spool (it’s just a text file), you can read them out of the individual mailboxes (assuming you have appropriate system access, i.e., #).
People who want their email to be private use encryption. Unfortunately, that knowledge has yet to spread beyond the rather closed cult of geeks who came up with the technology (and have been aware of it’s shortcomings with regards to privacy since the very beginning).
Quote
March 16, 2010, 6:56 amSlocum says:
I don’t think that’s quite right. Most people send letters in non-security envelopes where it would be possible to read the contents without opening them, just by holding them up to a bright light. Packet-sniffing by the government should be considered the equivalent of reading a letter through the envelope. An email that’s been sent without encryption is no more open than a letter in a non-security envelope — it’s not open like a postcard where A) no unusual effort at all is required to read it, and B) the sender is fully aware of that fact.
Quote
March 16, 2010, 7:57 amsetnaffa says:
Did the court regard the ISP as a third party, not a protected carrier like USPS or UPS? Is that because of the “store and forward” nature of many email systems?
Quote
March 16, 2010, 8:22 amMark A. Flacy says:
Slocum,
You are incorrect. Sending an e-mail is no different from sending a postcard. The contents are as easily available as the addressing information, by design of the protocol.
Just as you can send private messages via postcards by using codes, you can do the same with e-mail.
Quote
March 16, 2010, 8:39 amGlenn Logan says:
I think a lot of people are, like the 11th circuit, getting caught up in minutiae rather than looking at the big picture.
An electronic mail always has an intended destination — an IP address. That IP address is always a virtual “mailbox” that resides on a computer, either at the premises of the intended recipient, or at a third-party provider who “rents” the mailbox to the intended recipient.
That mailbox is exactly like a post office box that you rent from the USPS (except the third party may not be the government). Just like regular mail, email communications are packaged in an “envelope” that, while it is possible to read en-route, it is not really designed to be read en-route. The analogous snail-mail equivalent would be holding the mail to the light to divine its contents.
The person sending the email intends it for a specific place, and absent intentional intervention on the part of the owners of the intervening computers, the mail is not sent in human-readable format — it gets that way when the intended user accesses his mailbox with software designed for reading its contents.
If there is a reasonable expectation of privacy for mail delivered to a post office box, there must be a reasonable expectation of privacy for email delivered to it’s intended mailbox. If the end user does not collect that email via his client software, then it is exactly the same as mail in a P.O. box that is uncollected.
The data that is email is never really “human readable” anywhere en route, and the copies made are of data, not of the message communicated by the data, even though they would appear to be the same thing. A piece of mail in an envelope is not really human-readable, but if you apply enough effort to it, you can read it without opening. The same is true of an electronic mail, although due to it’s nature, it requires only a simple program to read.
I think the court misunderstands that the fact it is possible to read en-route electronic mail means that it is sitting there in plain text for all to see. That is not true at all — one must use “special” software to convert that message into a readable format. We think of emails sent as “plain text” as being the same thing as typed words on a page, but they aren’t — they are still bits and bytes, and are transmitted as such. They cannot be read unless “opened” by client software — much like any piece of regular mail can be opened with a letter opener, and the fact that everyone has one does not entitle you to use it on other people’s mail, nor convert the mail of others into de-facto “post cards.”
Quote
March 16, 2010, 8:54 amPintler says:
(addressing the entire sub thread that is debating whether email is more like a postcard or a letter)
What if I trivially encrypt my email (using ROT13, perhaps). That is protection as strong as sealing an envelope. If the police can’t steam open my envelopes, can they do the ROT13 decrypt?
Encryption hasn’t been widely adopted at least in part because of the difficulties of key management. If mail clients could get increased legal protections by ROT13 encryption (for which key management is pretty simple :-)), why wouldn’t they all do so?
Quote
March 16, 2010, 9:13 amHockeyGuy says:
So basically the 11th Circuit just said Email Servers are a Public Area.
So I guess when the Democrat Congressman’s Kid broke into Sarah Palin’s Email during the election .... since email servers are a public area not protected under the 4th amendment there was no law broken by the kid...
The kid simply was finding a different way to access a PUBLIC AREA..
I wonder what might be in the email systems of our government officials accounts ....
Here is an idea since its all public show it.
Better yet we need mandatory drug and alcohol testing for our government THESE PEOPLE ARE ON CRACK!
Quote
March 16, 2010, 10:06 amStephen Satchell says:
And some people wonder why I go to the trouble of running my own copy of PostFix on my own server to handle Internet mail. In my case, my ISP does not “receive a copy” of my outgoing, or incoming, e-mail. They are a transmission system only, not a store-and-forward system (with the exception of redirected e-mail).
Which is why I will never purchase service from a cable company. Running my own mail server requires me to have a routable IP address. Cable companies don’t like to give out routable IP addresses.
The doesn’t mean my e-mail I send is safe from this abuse at the recipient end, but it *is* safe at the sending end.
I used to be the mail admin for a Web hosting company. I remember receiving and executing a subpoena from the IRS to do exactly what was done in the cited case.
Quote
March 16, 2010, 10:08 amHockeyGuy says:
The Point is EMAIL is between the sender and recipient
They are basically saying that every Postal Mail Box no longer has constitutional protection if the person reads the mail and puts it back in his box.
What if you pickup your mail and store it in your car?
What if you leave sealed letters at a friends house or at work?
What if your neighbor gets your mail?
Email Accounts need passwords THEY ALWAYS NEED PASSWORDS
whether it is the account holder using a password to access pop3
Or the Admin using Root to look in a folder....
We are not talking about a ListServ that is public... these are Password protected areas that the end user believes is secure for all reasons...
IF IT IS NOT SECURE THEN WHY USE IT
Quote
March 16, 2010, 10:21 amLouise says:
Using the USPS mail delivery and email delivery scenarios together — regardless of how many or what servers an email goes through — in my mind, the minute I push the send button on an email, I expect privacy all the way through to the recipient actually OPENING the email because having unopened email is the same as it sitting in your mailbox (and I have always understood that it is a federal crime to tamper with or remove mail from a private mailbox. If you send an email to multiple recipients, then expectation of privacy is removed when any one of them opens the email. For the govt (or anyone else) to intercept an email at an intecept point between originator and recipient from the idea that it is in a “third party’s control” should be wrong. What if the USPS has a letter and a postman takes the letter home and his/her spouse opens the letter? I don’t know the law, but shouldn’t the letter be protected because it is still supposed to be in USPS control? USPS is in a budget-crunch and looking to reduce their overhead. If they decide to outsource the trucking of mail from point a to point b to a private company, does the govt now have a right to open and read all correspondence because a 3rd party sent it? How do you ensure that it came from you? A letter has a return address (yours) — but what is the guarantee that you mailed it? Same as email — I have seen emails delivered to someone’s email account that I did NOT originate. It is called spoofing...That can bankrupt you just trying to prove you didn’t send it!
Quote
March 16, 2010, 11:03 amJ. Stodola says:
Would a telegram be a better analogy for email than postal mail? With both email and telegrams you give the message to a third party who makes a copy (retaining one) and deliver the message, whereas with postal mail the original message handed off for delivery is not copied nor retained by the third party.
Where does the law stand on this?
Quote
March 16, 2010, 11:05 amquack but not a duck says:
I like your analogy about the USPS, but i don’t think it is fair to call UPS, FedEX, DHL, etc. or ISPs a duck. The post office is a quasi-government chartered monopoly where every person in the country is an involuntary customer. All other delivery systems are voluntary and are bound by contract between the first and second party which is the carrier. The recipient is the third party.
By contract your ISP may disclose or not disclose any or all information it has in its possession to any third party with or without a subpoena. It is really important that you read the contract before you agree to the service. Further the supreme court has also ruled in favor of an ISP who was parsing emails for advertising keywords. The majority concluded that if the files were on the ISP servers they effectively belonged to the ISP. This practice has become so mainstream even google does it.
A good contractual relationship with an ISP could have saved Mr. Rehberg a lot of trouble. I personally understand why he took action, but it would seem a better course of action to sue the ISP for accepting an invalid subpoena without notifying their customer. I highly doubt that it included sworn statement explaining how to walk through the file system to find the leased folder that contained the files that are like X in appearance and include Y.
Quote
March 16, 2010, 11:14 amKirk Parker says:
Stephen Satchell,
Instead of ‘routable’ don’t you mean ‘static’?
Quote
March 16, 2010, 11:29 amJust Sayin' says:
Again, is the atty./cleint priv. now deemed waived when the communication is via regular email? I would think if A/C communicated by postcard it would be. So, what do you guys think is the implication for Atty/client email communication? Seems to me if you communicate in a manner where there is no expectation of privacy, it is toast.
Quote
March 16, 2010, 11:34 amSkip says:
Doesn’t this decision create attorney-client privilege issues with respect to emails? If the government can seize emails at an ISP because there is no reasonable expectation of privacy can’t opponents in a lawsuit subpoena emails from the opposing firm’s ISP?
Quote
March 16, 2010, 11:34 amvoid-dweller says:
Sending an e-mail is entirely diffrent from a postcard. Reading a postcard does not require any extra effort or equipment by a human. E-mail is in an entirely different realm. One cannot just e-mail by a casual glance as a postcard. A person can’t just glance at a the actual hardware and see the contents of an e-mail. You can’t glimpse the contents of e-mail as it travel a wire, wirelessly through the air or as light pulses traveling a fiber optic strand. You share a e-mail server with other persons. Yet you can’t casually look at their e-mails even through they reside in the same virtual location. E-mails stores are be design seperated. And to access they requires the proper credentials. It require extra-ordinary efforts or access (use permissions on sever) to view another person’s e-mail. I say that a re
Quote
March 16, 2010, 11:36 ammj says:
I look at email like a postcard. What are our protections in that scenario? Do people have an expectation of privacy (by legal definition)? (I’m asking, I really don’t know — I’m not a legal scholar)
I also question your example of making a copy of a letter. If the gov’t gains a subpoena to search your home — are they allowed to discover the copy of your letter and read it? In this case they searched a location that held a copy of your postcard (with a subpoena). Granted they do need to indicate what they are searching for.
And finally how does this differ from basic wiretapping? If you are having a conversation on your cellphone in a park — you cannot expect privacy. (although as I learned on TV ;-) covering your mouth with your hand shows you expect privacy... which I don’t know if that is real or just a plot device).
If the contents of the email are inside an envelope (encrypted content), I believe that it becomes much less like a postcard. The purpose of encryption is to hide the contents from random unknown viewers (I do have an expectation of privacy). However when I send a plain text email (or write on a postcard) I assume that the delivery person may very well be reading it (Google or the mailman).
Quote
March 16, 2010, 12:14 pmarbitrary aardvark says:
This post was slashdotted this morning.
http://yro.slashdot.org/story/10/03/16/1235227/11th-Circuit-Eliminates-4th-Amend-In-E-mail
Quote
March 16, 2010, 12:28 pmmj says:
@void-deweller — re: email and postcards. I have to disagree, it doesn’t take any special effort to read plain text email as it does a postcard. Anyone who uses tools like packet-tracers or reads SMTP logs knows — the whole text is right there (the address and content are all part of the same text file — it isn’t separate, there isn’t an “envelope” with your letter in it).
Granted we may assume that you need administrator access to the servers to read those logs — I would argue though that the admins are like postal workers. Maybe they aren’t supposed to share that information, but they can certainly see it.
If wrapped in an envelope though, I would fully expect privacy. Both HTTP and plain-email are not secure in any fashion. I see packet traces all the time while trying to debug problems. Yes I’m under contract not to discuss what I see — but I do see it. And maybe the general public is ignorant about information security giving them the expectation of privacy...does that meet the legal definition though? (an aside: ignorance of a law doesn’t allow you to break it). Some people might think that nobody is allowed to read their postcards — it isn’t addressed to them — so what business do they have reading it?!
If you are holding a conversation across a field using a bullhorn you can’t expect privacy. If you are reading your email in plain text across the internet... is that like a bullhorn? Yes — people listening in on your conversation should certainly mind their own business, but are you really granted protection? I think not.
Great conversation gang! There are so many shades of gray in this one.
Quote
March 16, 2010, 12:37 pmdwight says:
Deleted emails cannot always be retrieved. Due to storage constraints, even a backup may have been over-written whether it is disk or tape.
Quote
March 16, 2010, 1:07 pmTommy says:
A server’s disk space is more like a bank lock box. The customer has a key. It is personal rental property. The bank has a master key, but does that mean the court can demand any documents there from the bank without a warrant?
Quote
March 16, 2010, 1:11 pmSlocum says:
I have to disagree, it doesn’t take any special effort to read plain text email as it does a postcard. Anyone who uses tools like packet-tracers or reads SMTP logs knows...
But using packet-sniffers, delving into SMTP logs, etc ARE instances of special effort. Yes, it’s much, much easier than breaking encryption, but it still requires special effort/privileged system access to capture or access the plain text. Ordinary people cannot do these things, nor do they generally realize such things are possible. Contrast this with a postcard, where everybody knows that anybody could read the contents.
Quote
March 16, 2010, 1:18 pmJim Hill says:
What makes the contents of a postcard public is the fact that in the ordinary course of delivering it a human has its contents in direct line-of-sight. It’s simply unreasonable to expect that no one will read what’s put directly in front of them.
What makes the contents of an email public is the fact that in the ordinary course of delivering it a human has its contents in direct line-of-sight. It’s simply unreasonable to expect that no one will read what’s put directly in front of them.
I hope that makes it clear how absurd the claims for email-postcard equivalence are. Computers aren’t humans, and they don’t “read” email in the way humans “read” postcards. Claiming they do is equivocation pure, simple and complete.
The opinion cites Guest v. Leis in support of the proposition that “person also loses a reasonable expectation of privacy in emails, at least after the email is sent to and received by a third party.”
But Guest doesn’t support that proposition. Guest directly refutes that proposition. Guest holds, directly, that we have the same “legitimate expectation of privacy in an e-mail” as we have in physical letters, arguing by direct analogy with physical letters.
Geist’s holding that email contents are no longer protected once the recipient has a copy is, I think, a mistake. They made the mistake when they switched from relying on the intent and nature of emailed communications (which led them to hold that the contents are protected while in transit) to relying on their physical analogy with letters on delivery. But that analogy fails: what strips the sender’s legitimate expectation of privacy on delivery is not magical, it’s the simple fact that the letter now belongs, exactly as the sender intended, to the recipient.
The justices here seem also to have missed the fact that the complete contents of the BBS’s fileserver in Guest had been obtained under warrant to find other material.
Quote
March 16, 2010, 1:35 pmGeorge William Herbert says:
The “email isn’t encrypted therefore it’s open” argument falls flat compared to other telecommunications.
Phone messages are not encrypted — anyone with a speaker and a couple of wire clips can listen in on a telephone conversation, and record it, and the recipient information is available in the dialing tones at the beginning.
And yet — illegal wiretapping is a felony, it’s long established that the government needs a warrant or equivalent instrument to be able to access your phone, etc.
Quote
March 16, 2010, 1:47 pmKirk Parker says:
George, this is in spite of the fact that, if there’s a single transformer, fiber optic link, or amplifier (or any other electronic device) between the speaker and the listener, it’s not the same electrons that were encoded by the microphone that are moving the speaker. They, too, are copies.
Quote
March 16, 2010, 2:23 pmGuido the Mick says:
Another reminder on e-mail routing. From my training when I was studying for my CCNA, it is entirely possible for the various packets that make up an e-mail to take different routes. Not especially likely, but there is no requirement that all packets take the same route. So, if you give 20 couriers each a sheet of paper with a word and a number saying which word it is, and the destination address, there is no reasonable expectation that anyone other than sender and recipient can read the message. Yes, the sending and delivering ISPs can see it, but they are acting as outgoing and incoming mailboxes. If your mailbox can see your mail, it is still protected, yes?
Quote
March 16, 2010, 2:26 pmAdvocate says:
Assuming the decision went the other way: A state subpoena is not enough to compel an ISP to disclose e-mail contents, and a warrant is required due to 4th amendment protections.
1) Does this affect a state subpoena in the context of discovery, requiring a warrant instead and therefore a higher level of justification?
2) What happens to every contract with any data provider that has a clause like “we will share information with law enforcement in the interest of solving or preventing crimes”? Would the decision then open companies up to lawsuits if they refuse to spend money fighting subpoenas and insisting on warrants? What if the company volunteers information it believes is necessary to prevent or solve a crime?
In the context of the decision going the opposite way, of course. In other words, is the opposite case worse once you consider the impact to business, and the ability of citizens/companies to assist or volunteer information to law enforcement?
Quote
March 16, 2010, 2:31 pmJ Jay says:
Orin Kerr, do you think that within this ruling or within the logic of this ruling things would have been different if the email had been encrypted. I can’t see which of the rules from your “reasonable expectation” link would apply, nor how they would apply.
Quote
March 16, 2010, 2:55 pmOrin's beard says:
JJay
Orin does not believe that encryption creates a REP. See http://papers.ssrn.com/sol3/papers.cfm?abstract_id=927973
The interesting thing about a properly implemented encryption though is that it should make the this legal problem moot in most instances, since without the key the contents will be unreadable. Then we get to talk about the rubber hose and sneak n’ peek.
Quote
March 16, 2010, 4:06 pmGWP Ep 130: Fifth Take is Charm, Happy St. Patty's Day! - Geekazine 2010 says:
[...] April Fools, Conan, Revision 3 – Or is it? Is Alex Worth it? Broadband Problems in the US Email and the Fourth Ammendment Bump to Paypal? HP Infrastructure Tech Day Twitter @Anywhere Mechanical Cell [...]
J Jay says:
Thank you Mr. Beard.
Why would the court consider the internet different than, say, a telephone or the mail, or UPS? Basically all long distance telephone calls are transmitted over the internet now, are those no longer subject to the 4th?
If encryption does not serve as a container like an envelope or a box, then the all long distance communication other than mail will soon be freely available to the government. Do we need a new amendment to fix that? What would it say?
Quote
March 16, 2010, 7:41 pmbillstewart says:
Has anybody looked at the legal status of telegrams and the 4th Amendment? Or had telegrams become sufficiently obsolete by the time the Steve Jackson era laws came out that nobody cared, or for that matter before Exclusionary Rules came out in the ~60s?
Quote
March 16, 2010, 8:29 pmBubba says:
Having to use a password does not imply that there is a level of 4th amendment protection? If ALL email were just available with a single click of a mouse you could expect the “diary out in the open context”. Why else have a user name and password?
Quote
March 16, 2010, 8:32 pmThe you can always change this blog » Blog Archive » Eleventh Circuit Constricts 4th Amendment Protection of Email says:
[...] http://volokh.com/2010/03/15/eleventh-circuit-decision-largely-eliminates-fourth-amendment-protectio... [...]
wally says:
Soooo... encrypt.
Quote
March 16, 2010, 10:16 pmThe Deep says:
What rules are you referring to?
Why are you fixated on the technology? The government, through legal process, compelled the ISP to give them the messages; it did not obtain the emails by exploiting some technical flaw in the ISP’s servers. This is a legal/social issue, not an issue with email server security.
If you want to protect your electronic privacy, use encryption.
Quote
March 16, 2010, 11:49 pmRufus Polson says:
I realize this may sound terribly naive, but it seems to me all the details are or should be almost irrelevant. The text of the Fourth Amendment reads “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
That’s pretty broad. Even if you can’t call an email a “paper”, it’s surely an “effect”. So US citizens presumably have a right to be secure against unreasonable search and seizure of them and so on. Any interpretation of layers of law should keep this basic fact in mind. Put too many layers of doctrine over top of that, trying to base definitions on the minutiae of what was deemed appropriate for communications in a different format, makes it easy to come up with loopholes if loopholes are desired. Expectation of privacy in particular is a fragile thing–all one needs to do is change things so that nobody can reasonably expect privacy, and it becomes legal to invade it.
It seems fairly clear that the court simply didn’t want fourth amendment rights to apply in an effective way to email; given that, it was not hard to come up with a rationale or loophole that arranged for them not to apply. Challenging the details of legal reasoning is a good thing I suppose, but other courts will only take up the logic of such challenges if they are already disposed to feel that fourth amendment rights should be taken seriously.
Quote
March 17, 2010, 12:18 amEleventh Circuit Decision Largely Eliminates Fourth Amendment Protection in E-Mail [Voices] | Technology startup news GeekoPedia says:
[...] Read the rest of this post on the original site [...]
Daniel says:
I see this issue as moot in this case, although the precedent may pose a problem if the message were encrypted. This is for the same reason that a postcard is not subject to fourth amendment. With an e-mail the contents are written on the outside of the package. More exactly the addressing and routing information at the top of the message form part of the message itself.
As such I see no reason for him to have a reasonable expectation of privacy.
Quote
March 17, 2010, 6:01 amtobiz says:
This is the most sensible and relevant point: all information handled by computers or telecomms systems is ‘encrypted’, there is no such thing as ‘plain text’. All information in the real world, eg symbols of the alphabet etc is encoded into appropriate ‘symbols’ used by the different systems at different times, eg quantized voltage levels, magnetic flux levels, frequencies or phases etc etc. By having the appropriate (set of) code tables it is possible to convert this information back into a real world set of symbols, the alphabet, numbers etc etc; there are no real “0’s” & “1’s” in the machines, these are just mappings provided you have the right decryption codes! Of course computers make this easy but it still needs the correct set of encryption/decryption code tables to do the conversion and if I don’t tell you which set of encryption/decryption tables have been used it is supposition that the ‘clear text’ you think you can read on the screen is the same as the original input. Hence anyone who “reads” the information whilst in transit is: a) using special tools to decrypt it; and b) making a guess which would require appropriate weight to be applied to it, ie it’s not ‘fact’ and would have to be treated as such surely in any legal proceedings.
Quote
March 17, 2010, 6:54 amAlan Cleveland says:
Nice article. COnstitutional law is not my area of expertise, but why wouldn’t my 4th Amendment rights in such a situation extend to my agent, the ISP? Isn’t the ISP more akin to the mail truck? The intended recipient of the email is who I send it to. The ISP is simply the carrier. Can the Gov’t pull my letter out of the mail truck and read it?
Quote
March 17, 2010, 8:12 amChicago Dave says:
I’m thinking along the same lines as Alan Cleveland:
Isn’t the USPS (and UPS, FedEx, etc) a 3rd-party? Why aren’t my ISP and mail service afforded these same 3rd-party rights?
~Dave
Quote
March 17, 2010, 11:22 amA. Seth Miller says:
This is the best justification of universal acceptance and utilization of PGP/GPG encryption I have read to date.
The use of encryption would, in my opinion, be prima facia evidence of the “reasonable expectation of privacy” argument underpinning the abrogation of that right by the ISP on behalf of the subscriber.
————
“I am not me. This is someone else.”
Quote
March 17, 2010, 2:24 pmEvil Business Plan, Part III: Uphold the 4th Amendment « One Last Bit says:
[...] 11th circuit court just decided that 4th amendment (thats unlawful search & seizure amendment) effectively doesn’t apply [...]
11th Circuit ruling may expose private email to government eyes — Via The Volokh Conspiracy [PDF] « The Rotten Word says:
[...] it normally takes for the e-mail to be delivered, and then run off copies of your messages. via The Volokh Conspiracy through All Things [...]
Court Effectively Says No 4th Amendment Protection To Copies Of Emails | PHP Hosts says:
[...] provides some new troubling views on this matter. Slashdot points us to Orin Kerr’s excellent analysis of a recent 11th Circuit decision, that basically says once an email is delivered, there’s no Fourth Amendment protections of [...]
Court Effectively Says No 4th Amendment Protection To Copies Of Emails says:
[...] provides some new troubling views on this matter. Slashdot points us to Orin Kerr’s excellent analysis of a recent 11th Circuit decision, that basically says once an email is delivered, there’s no Fourth Amendment protections of [...]
Peter says:
Wrong comparison. A better one is this: I send a mail via FedEx but FedEx contracts with USPS to deliver certain types of mail to certain locations using USPS. That should not change my rights.
Quote
March 17, 2010, 10:22 pmNo 4th Amdt Protection for Backups & Delivered Email in 11th Circuit « The Balancing Act says:
[...] March 17, 2010 Saira Nayak Leave a comment Go to comments From Professor Orin Kerr, a terrific blog and analysis of the Eleventh Circuit’s recent decision in Rehberg v. Paulk, which held that there is no [...]
Roberts says:
The decision doesn’t specify — was this email from the mail queue that hadn’t been deleted yet, or mail _stored_, as on an IMAP server?
On the first hand, it’d be analogous to raiding someone’s P.O. Box or private party mail drop — you’re paying the third party to get your mail to you and send it out for you, and thus have a reasonable expectation that they won’t share it with all the world, otherwise you wouldn’t be paying them. What happens when you stop paying them is spelled out in your rental agreement — generally they bounce all your mail back to the sender, or shred it.
On the second hand, it’s closer to raiding someone’s storage unit to get the mail they’ve stored there. Again, you’re paying the third party to look after your stuff, and have specific consequences spelled out for when you stop paying — with the ISP, they’ll delete all your files after a specified period, and the storage unit operator will sell all your stuff to the highest bidder a few months after you stop paying.
I’m not sure about the P.O. Box, but the storage unit seems to require a warrant to search it.
If you stop paying, I’m pretty sure your rights with regard to search and seizure on your stuff get shakey, and once they open it up for auction they go away entirely. While you’re still paying rent you have a reasonable expectation that the landlord won’t open up your files/house/storage unit for the police without a warrant.
If that’s not the case, this is an evil precedent.
Quote
March 18, 2010, 4:13 amConsolidate Debt: Apply Many|Numerous Helps for You | DebtConsolidationFree.org says:
[...] The Volokh Conspiracy » Blog Archive » Eleventh Circuit Decision … [...]
Scott Webber says:
Except that this is wrong. The mail is sent in human readable format. The SMTP protocol basically looks like this:
From: somebody@somewhere.com
To: recipient@somewhere-else.com
Subject: This message is not private
Here is the body of the message that can be read in any text editor. It's plain text, not some format that requires "software designed for reading its contents."
I don’t know anything about the law in this matter, but if postcards are protected while traveling through the postal service, then email should be protected too. Otherwise, they should not. People should encrypt their email if they want/need any level of privacy.
Quote
March 18, 2010, 9:05 amBruce says:
Scott Weber,
I agree that this is a persuasive argument for encrypting your email. Even if there is no reasonable expectation that a copy of a cleartext email is private, the same standard wouldn’t apply to an encrypted email. Once it’s encrypted, the ISP can’t decrypt it without running afoul of items such as the DMCA’s anti-circumvention rule as well as computer fraud and abuse laws, so the expectation of privacy is more reasonable.
Plus, there’s a fair chance the authorities would have some trouble decrypting it even if they did obtain it.
The downside is that certain segments of law enforcement seem to regard the mere act of encrypting an email as evidence of criminal or even terrorist intent.
Quote
March 18, 2010, 2:42 pmJ Jay says:
The problem with encryption are two fold. (1) as Orin’s Beard points out, it is the data that is subject to the 4th, not it’s format. see http://papers.ssrn.com/sol3/papers.cfm?abstract_id=927973 so basically encryption does not give you an reasonable expectation of privacy. (2) Current encryption technology will soon be cracked by the NSA (if it hasn’t been already) using quantum computers or other methods. If there is a flaw in PGP, you only buy yourself the message not being read until NSA or someone else figure out how to get around that flaw. Your current emails can be stored until that time.
Quote
March 18, 2010, 6:45 pmHistory and Theory of New Media » more articles, and some resources for midterm: says:
[...] no more protection to e-mails [...]
Links 18/3/2010: Steam and Linux; Red Hat’s CEO Talks | Boycott Novell says:
[...] Eleventh Circuit Decision Largely Eliminates Fourth Amendment Protection in E-Mail Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages. [...]
E-mails Aren’t Private? Oh-oh… « Ethics Alarms says:
[...] For an excellent scholarly dissent from the Eleventh Circuit’s ruling by Prof. Orrin Kerr, see his argument on the Volokh Conspiracy. [...]
Friend-To-Friend Network » offkey says:
[...] Your legal options are just as bad. The legal protections we built against government power simply don’t apply to information you voluntarily give third parties. In the hands of a third party, your [...]
seekertom says:
“The district court denied the motion to dismiss without really analyzing the Fourth Amendment claim, but the Eleventh Circuit ruled that obtaining Rehberg’s e-mails with a subpoena did not violate the Fourth Amendment because e-mail, once delivered, is not protected by the Fourth Amendment”.
Physical mail, email, telephone calls and telegraphs all have things in common which provide for protections under the Constitution, but it is necessary for us to home in on the DIFFERENCES between them, and insure that those differences do not preclude the rights and privileges of citizens under the Constitution, simply because of a failure in comparing them with one-to-one correspondence; we should not curtail said privileges because some simple analogy between them fails.
In point, the findings seem to be based on the concept of ‘delivery’, and this point makes the findings incorrect: ‘delivery’ isn’t applicable to both email and physical mail the same way.
The basis of physical mail ‘delivery’ is obvious, but in email, there is no ‘delivery’ involved, especially in the case of ‘web mail, where the recipient is given a copy of the original document– he never actually RECEIVES the document the way physical mail is ‘delivered’.
One possible exception to this comes to mind: back in the ‘olden days’, before (almost)everyone was using ‘web-mail’ services, email was actually ‘downloaded’ to the recipient’s computer, and was immediately ‘gone’ from the server. With web mail, the document remains on the server indefinately, allowing the recipient to ‘view’ (not be delivered-to) the document at other times, from other computers.This difference proves a point... that analogies fail, as does this one, on the surface, because technologically, there’s little difference between email and web mail, EXCEPT in the eyes of the beholder, that’d be us.
The courts need to embrace new technologies with their individualities, and understand how they are Constitutionally compliant, rather than simply discard our rights because two technologies are not precisely the same in all aspects. thanks fer lis’nin seekertom
Quote
March 22, 2010, 12:37 amtthor says:
Cool article, BUT: there seems to be a missing logic link. The thrust of your article seems to imply, but does not state, that you think there should be a WARRANT issued for the documents. [For the less-knowledgable of us, an explanation of the differences/importances between Warrant and Subpoena would be useful.]
For the rest of us the Question should be: “Copies of my email!? What ‘copies’!?” [IF my email goes to somebody’s Inbox and THEY make copies [for file or forwarding], that is one thing. IF I make and retain file copies in my SentMail or other files, that is another thing. IF every hub/ISP/server that my email goes THROUGH makes and retains copies of my email [AND they don’t tell ME], that is a whole ‘nother thing. That would seem to be e-theft of e-information which would fall straight into the ‘none-of-your-business’ class.]
On another point, is my [incoming] email ‘delivered’ when it hits my Inbox or is it ‘delivered’ if-and-when I Open it?
On a final point, what would be the legal effects/protection IF I were to decide to Copyright ALL my e-publications [including ALL my e-mail]? IF I claim to be an e-Publisher or an e-Reporter, would ALL my ‘work product’ be covered under First Amendment [to the Constitution for the United States], as well as by Fourth Amendment?
Quote
March 23, 2010, 1:57 pmskimjim says:
“I found her diary underneath a tree and started reading about me.” I saw her email after I signed into an available public computer in the Library. So, should I be prosecuted? y/n []. Banned from library ? y/n []. She knew (and the Librarian knew) I was reading and sent a message and offered me a reward, but didn’t say stop. Is she a flirt y/n[]. The librarian ended my session but let me sign on 2 more times (one more time with her email still visible). Now What do you say?.
Quote
March 27, 2010, 3:46 pmThe Volokh Conspiracy » Blog Archive » Communicating With Those Who Have No Privacy Rights: The Hard Question in City of Ontario v. Quon says:
[...] when Arch Wireless took over delivery of the communication. The second argument is more of a Rehberg. v. Paulk argument: When the text messages arrived on Quon’s machine, the senders lost privacy rights in [...]
Michael D. Houst says:
The judges in Rehberg v. Paulk (Judge Hull joined by Judges Carnes and Anderson) displayed abysmal incompetence in their ruling that 4th Amendment protections to not extend to electronic communications. In short, they were not qualified to make a ruling on this issue, and were evidently ignorant of an important historical precedent concerning stored copies of communications.
The precedent I’m writing about is V-mail. In WWII, mail to and from servicemen was photo-copied onto microfilm, and reprinted at the destination. This was necessary to reduce the volume being transmitted back and forth. The microfilms held the same functions as copies of e-mail stored on ISP mail servers. And these microfilms were considered to be fully protected by the 4th Amendment. In short, access to those copies could only be authorized by a legal warrant. I will note that the mail was censored prior to photocopying; but that falls under the category of a reasonable search and seizure of specific information during wartime.
Quote
April 9, 2010, 9:42 amTrollicus says:
Under the DMCA breaking any encryption is illegal no mater how thinly or easily the content can be decrypted.. As the content is stored and transmitted under IP and Ethernet you may consider this a form of encryption. As the email has been broken into packets and transmitted out of order then re-assembled the process of turning the disparaged packets (which ultimately consist of ones and zeros encoded in ASCII reading any email without the permission of the publisher is a violation of the DMCA.
The DMCA has been upheld many times under far flimsier reasoning. I would suggest that Mr. Rehberg sue for damages under the DMCA.
Quote
April 12, 2010, 9:28 pmRupert Defranco says:
Greetings :). Do anybody find out how can i down load Rental Software for USA for Construction Equipment ?
Quote
April 22, 2010, 5:47 pmCurious says:
How does this ruling affect David Kernell, the kid that hacked Palin’s email?
Quote
April 28, 2010, 11:05 pmMariscos says:
I dosen’t affect it in no way, the subject of it is about emails server’s, hacking do not play in this... for what i have understood.
Or i am wrong?
Quote
May 10, 2010, 4:38 pmPosicionamiento web says:
I thiink laws haven’t been updated for this kind of techhnologicl issue, so their purpose is not properly defined.
Quote
May 12, 2010, 4:36 pm