In debates on Internet surveillance law, I often end up arguing that reports of privacy’s death have been greatly exagerrated. For example, I wrote a law review article in 2002 describing the effect of the USA Patriot Act on Internet surveillance law as The Big Brother That Isn’t. Two weeks ago, however, the First Circuit decided a case called United States v. Councilman that poses a very real threat to Internet privacy. There has been some press on the case already, but some writers and commentators have also suggested that the decision really isn’t a big deal. Declan’s take is representative of the no-big-deal school:
the folks who are most upset about this haven’t read the court’s opinion carefully, and those that have are discounting the ability of state law and tort sanctions to keep people in line. There are other mechanisms than just federal wiretapping law that can enforce good behavior.
I disagree with Declan, and thought it might be worth explaining why the Councilman decision is so dangerous.
First, a bit of background. Federal law protect e-mail privacy through two primary laws: the Wiretap Act, codified at 18 U.S.C. 2510-22, and the Stored Communications Act, 18 U.S.C. 2701-11. The Wiretap Act offers very strong protection against the real-time interception of telephone or Internet communications. If any one tries to step in and snoop on the contents of another person’s communications, they commit a federal felony offense unless one of several fairly narrow exceptions applies. If the government tries to do this, they need a super-search warrant called a Title III order. In contrast, the Stored Communications Act sets up lesser privacy protections for access to stored communications. First, the law is much narrower; it applies only to files held by particular providers, and has much broader exceptions. […]