Sixth Circuit Blockbuster on E-Mail Privacy:
In an earlier blog post on a pending case in the Sixth Circuit, Warshak v. United States, I figured there was no way the court would get to the merits of the Fourth Amendment issue lurking in the case: there were no facts yet and no decided statutory law, and surely the panel wouldn't be so reckless as to presumptively strike down a federal statute in the absence of facts or law given the procedural problems with the case. I had a funny feeling things would turn out differently when I learned who was on the panel, though, and that funny feeling turned out to be justified: the panel just issued a blockbuster decision that tries to answer how the Fourth Amendment applies to e-mail (all without any facts, amazingly) based on arguments from amicus briefs that the government didn't address all in the context of an appeal from a preliminary injunction. Wow. More on the decision later today.
UPDATE: Here's the key part of the opinion:
UPDATE: Here's the key part of the opinion:
[W]e have little difficulty agreeing with the district court that individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP. The content of e-mail is something that the user “seeks to preserve as private,” and therefore “may be constitutionally protected.” Katz, 389 U.S. at 351. It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past. See Katz, 389 U.S. at 352 (“To read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.”)Notably, the court's Fourth Amendent analysis combines aspects of the probabilistic, private facts, positive law and policy model (the above-quoted section being from the policy model section).
All Related Posts (on one page) | Some Related Posts:
- Sixth Circuit Grants Petition for Rehearing En Banc in Warshak v. United States:
- Warshak Files Reponse; Sixth Circuit Rejects All Amicus Submissions:
- My Amicus Brief in Warshak v. United States:...
- A Series of Posts on Warshak v. United States, the E-Mail Privacy Case:
- Sixth Circuit Blockbuster on E-Mail Privacy:
- Warshak v. United States:
AM-I-CUS!!
AM-I-CUS!!
AM-I-CUS!!
I have adapted the disclosure to my desires and append the following to my e-mail communications:
"E-mail communication is not a secure method of communication; any e-mail that is sent to you or by you may be copied and held by various computers it passes through as it goes from me to you, or vice versa; persons not participating in our communication may intercept our communications by improperly accessing your computer or my computer or even some computer unconnected to either of us which the e-mail is passed through. If you no longer want me to communicate with you by e-mail, please let me know."
You mean besides using encryption?
We have a reasonable expectation of privacy for landline telephone calls, even though they can easily be intercepted.
Since I just lost a case in front of the Tenth Circuit a few months ago wherein the panel not only decided the case on an issue that neither party raised, but which the panel admitted it could find no supporting law for, I would agree it is presumptuous, but it is hardly unprecedented.
All that said, I find it fascinating that Scooter Libby's judge criticized amici while the Sixth Circuit endorsed the amicus position.
That sounds right to me, tho I happily confess to knowing none of the relevant law.
There is a difference between knowing that, in theory, your e-mail could be intercepted and read, and someone's actually sitting down to do just that with all your e-mails in practice. Whether that difference has any legal ramifications, I cannot say.
There might actually be something there.
I'm thinking of O'Connor's concurrence from Florida v Riley (which dealt with the 4th amendment issue of police using a helicopter to observe illicit activity inside an area they could not have otherwise viewed from ground level)
Her argument was something along the lines of, to knowingly expose something to observation from the air, not only do you have to demonstrate that it's conceivable it could be viewed from the air, but that it was reasonable. That is, there has to be some evidence that other aircraft flew over the area.
However, as I recall, O'Connor thought that the burden of proving a reasonable expectation of privacy from aerial observation should be on the Defendant, while the dissenters thought proving it didn't exist should remain with the prosecution.
To Continue,
One could argue a similar standard on emails. Sure, it's conceivable that someone could jack into the server and be reading your emails, but given the technical requirements of doing so, and the massive volume of emails many servers handle, it seems that it's somewhat unreasonable.
However, It seems to me the stronger argument is the phone argument. Even if the record of a phone call is not protected, (pen registers) the content of a phone call is, and tapping a phone line from a switching board is no more technically laborious than tapping into a mail server.
Can an expectation of privacy be "reasonable" when it is based on faulty analogies and widespread ignorance?
Telephone "circuits" are generally transient in nature. Copies of all your conversations via landline(and wireless line) are not stored on a score or more of computers worldwide with data storage systems that are routinely backed up and archived to permanent storage by a score of different organizations and individuals. As a practical matter, your telephone conversation can be "trapped" and copied only if a special effort is made by the local service provider of one of the conversation participants. (In theory an intermediate long-distance carrier can trap the conversation as well. In practice this is much more difficult and expensive)
When you send an email, numerous copies are created routinely. Most email servers cannot route an email UNLESS they make a copy first. Its not generally possible to send a plain-text email without putting copies semi-permanently into the hands of multiple organizations, many of which are strangers to the sender and the recipient.
Email is actually _much_ less private than a postcard. At least with a postcard (sent domestically), only one organization normally handles carriage in between sender and recipient, and that carrier is legally prohibited from making copies.
Email is not really all that similar to sealed letters or telephone conversations. A more appropriate analogy is probably found in comparing it to records held by a third party such a bank, financial institution or creditor.
Is there a market here for an email services that does not save copies?
I believe that in California state courts, an appellate ruling based on an issue not briefed is subject to rehearing on that ground. It's really a due process ground; a party should have notice of and an opportunity to argue the issues on which the appeal is decided.
Sorry, no.
There might be 3 or 4 machines that keep a copy of your mail message, but by NO MEANS are there 20 or more.
If I send email to my mom, I make a copy on my computer in a client. That client then sends it to her ISP, which keeps a copy until my mom downloads it, at which point the ISP doesn't have a copy any more.
Now the email is on two computers. Maybe it's on three, if my mom keeps copies on her ISP's computer.
Twenty years ago email worked differently, but these days the mail in its readable form only exists at the source and at the destination, and at places that either of those endpoints have designated.
In some cases this is deliberate, it's a second backup that allows email to be recovered if one or more systems go down.
In others it's merely a leftover. A copy is saved on the server as a result of transmitting it, and deleting it would require extra steps on the program and consequently more processing power, when it is simpler to merely allow the emails to remain and then overwrite them as is necessary.
These are just two explanations, and I admit I'm only facially familiar with SMTP protocols.
However, in some ways this is indicative of a broader problem with adapting the law to technology. Similar issues exist in last weeks District Court holding regarding discovery of data stored in RAM in the "torrentspy" case (Columbia Pictures v Bunneli)
Practically everything that is sent or received on the internet is stored somewhere for some period of time, some longer, some more briefly. Does that mean there's never any expectation of privacy in it at all? Surely not.
What was the argument raised by the Amicii that the Government did not respond to?
The Opinion says "The government attempts to argue that under several scenarios, an e-mail user will not maintain a reasonable expectation of privacy in his e-mail account and, therefore a court order under section 2703 would not raise any Constitutional problems."
So it appears the Goveernment did respond to the issue of whether email users have a reasonable expectation of privacy. Was it just the analogy to telephone calls that the Court discussed?
Lesson being, I suppose, don't ignore arguments that amicii make.
From the opinion:
Well, ya gotta start somewhere.
I picked up the summary posted by Howard Bashman --
On remand, therefore, the preliminary injunction shall allow seizures of e-mail in three situations: (1) if the government obtains a search warrant under the Fourth Amendment, based on probable cause and in compliance with the particularity requirement; (2) if the government provides notice to the account holder in seeking an SCA order, according him the same judicial review he would be allowed were he to be subpoenaed; or (3) if the government can show specific, articulable facts, demonstrating that an ISP or other entity has complete access to the e-mails in question and that it actually relies on and utilizes this access in the normal course of business, sufficient to establish that the user has waived his expectation of privacy with respect to that entity, in which case compelled disclosure may occur if that entity is afforded notice and an opportunity to be heard.
-- and one of the 2.7 commenters at my humble blog asked, re: (3):
Doesn't the third situation basically open up all e-mail, as long as a government-friendly company is in charge of some aspect of the routing?
Thought I'd toss that question out there &see if anyone has a response, since I am woefully ignorant on the subject (&haven't even had time to read the op yet).
This advanced fiber optic tech allows someone to tap the line and you have no indication that anyone was stepping in between the ip you visit on the web and your home computer ip. While I imagine it is expensive to save all the traffic, it is also now clear that they have the ability to listen to whatever they want, and no electronic trail exists to document such an act. This is the telescreen in action.
Is the average citizen supposed to understand the technical details of how messages are transmitted, stored, etc?
1. eternal, and
2. evidence
Is the standard objective or subjective?
Whatever the law is for telegraphs should be the law for emails.
It is basically the same things 1s &0s (long &short dashes) transmitted over copper wires (or fiber now a days) relayed by a machine or person (depending on the tech).
And even when relayed by a machine the Admin of the machine can read any email on the server. Email passes through multiple servers, at least the sending SMTP and the receiving POP/IMAP machines. I have no control over my ISP's POP server or the Admin thereof.
I assume there was no expectation of privacy in a telegraph and there should be none in an email. It would be nice, but it ain't how it works.
The Fourth Amendment was a rather different animal in the telegraph era than it became after Katz, IIRC ...
Both! Here's the language from Justice Harlan's concurrence in Katz that seems to be the applicable law:
My understanding of the rule that has emerged from prior decisions is that there is a twofold requirement, first that a person have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as "reasonable." Thus a man's home is, for most purposes, a place where he expects privacy, but objects, activities, or statements that he exposes to the "plain view" of outsiders are not "protected" because no intention to keep them to himself has been exhibited. On the other hand, conversations in the open would not be protected against being overheard, for the expectation of privacy under the circumstances would be unreasonable.
So is an e-mail more like a conversation in one's home, or shouting in an open field?
And, is the "objective" test really subjective? Who is "society"? Techies? Lawyers? The average Joe? Congress?
Isn't this the default? Doesn't it mean that the person should not have exhibited a plain disregard for privacy? I don't "exhibit an expectation of privacy" when I talk on the phone, but I expect it to be private unless I'm talking loudly on a public phone.
Without directly quoting Harlan, the Katz test as I understood it from Criminal Procedure.
Something is "private" (and hence requires a warrant or an exception) when
1. you had the subjective intention that it would remain private
2. That intention was reasonable.
If you're shouting out the window you can intend for it to remain private as strong as you want to, but that's not reasonable.
But as far as I'm aware, that doesn't work the other way. (I don't think there's a paranoid exception) If you're unlucky or dumb or were tricked into admitting that you didn't have a subjective intention of privacy regarding your communication in some place where it becomes evidence. You've just had a bad day.
Regarding Telegraphs, is there any caselaw on that? My gut says no because telegraphs predate most, if not all 4th amendment jurisprudence, but it would be interesting to say the least.
Haven't looked at the procedural issues, but given Orin's description, overturning on that seems reasonable.
). Justin, I missed your earlier posts on the topic of the 4th Amendment and the proper characterization of current technology. Would you mind telling where I can view your comments and analysis on this topic? (Comments to posts on the Conspiracy, articles, whatever.) Thanks.