Man Prosecuted for Reading Wife’s E-Mail Without Her Authorization

From the Detroit Free Press:

Oakland County prosecutors, relying on a Michigan statute typically used to prosecute crimes such as identity theft or stealing trade secrets, have charged Leon Walker, 33, with a felony after he logged onto a laptop in the home he shared with his wife, Clara Walker.

Using her password, he accessed her Gmail account and learned she was having an affair. He now is facing a Feb. 7 trial. She filed for divorce, which was finalized earlier this month.

Legal experts say it’s the first time the statute has been used in a domestic case, and it might be hard to prove….

Frederick Lane, a Vermont attorney and nationally recognized expert who has published five books on electronic privacy[, said that t]he fact that the two still were living together, and that Leon Walker had routine access to the computer, may help him …..

“I would guess there is enough gray area to suggest that she could not have an absolute expectation of privacy,” he said.

The Michigan statute provides, in relevant part,

A person shall not intentionally and without authorization or by exceeding valid authorization … [a]ccess or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network.

In principle, it’s just as illegal for a husband to access his wife’s e-mail without permission as it is for him to access someone else’s e-mail without permission. The question is whether the wife had expressly or implicitly authorized the husband to access her e-mail. If she hadn’t, then I suspect the husband’s behavior would violate the statute, because it involves access to Google’s computers in a way that exceeds the husband’s authorization — we are all allowed to access Google’s computers through our Gmail accounts, through Google searches, and so on, but not through the Gmail account of another person without that person’s authorization. That result might not be completely obvious from the statutory text, partly because the statute speaks in terms of unauthorized access to computers (likely because it was enacted in 1979), and not unauthorized access to data; things would be clearer if the statute specifically barred access to data on a computer without the authorization of the person who is properly considered the owner of the data. But as I understand it statutes such as the Michigan one have generally been read to cover such unauthorized access to others’ e-mails on third-party computers.