The Obama administration is asking Congress to amend the Electronic Communications Privacy Act (ECPA) to give the Federal Bureau of Investigation (FBI) greater access to e-mails and web browsing information. The proposed change would enlarge the scope of information that communications providers must turn over to the FBI without a warrant.
Under the current law, communications companies must give the FBI a customer’s name, address, length of service and toll billing records if the FBI says the information is needed for a terrorism or intelligence investigation. The proposed amendment would require the release of e-mail addresses to which messages were sent, the times and dates e-mail was sent and received, and maybe even a user's browser history.
Speaking as Chairman of the Senate Judiciary Committee, Senator Patrick Leahy said the ECPA should “be updated to reflect the realities of the Digital Age.” He cautioned, however, that the proposed changes to the ECPA raised important privacy and civil liberty concerns that should be addressed in hearings by the Committee this fall.
A South Carolina woman discovered her husband was having an affair, but she didn’t know the identity of the other woman. So, her daughter-in-law hacked into the husband’s Yahoo e-mail account by changing his password. She copied e-mails exchanged between the husband and “other woman,” and turned them over to her mother-in-law and her divorce attorney.
The husband later sued the daughter-in-law, his former wife, and her divorce attorney for their unauthorized access into his e-mail account. A trial court threw out his lawsuit. It said the husband didn’t show the e-mails were in electronic storage, so he failed to show a violation of the Stored Communications Act (SCA). The South Carolina Court of Appeals, however, reversed the trial court’s decision and reinstated the husband’s lawsuit against the daughter-in-law.
The Court of Appeals said that e-mails stored on the hard drive of the husband’s computer weren’t covered by the SCA. But in this case, the daughter-in-law took the e-mails directly from Yahoo's system. The Court reasoned that because the e-mails were stored on Yahoo's servers where the husband could access them again, they were stored by an electronic communication service for purposes of backup protection. They were therefore protected by the SCA.
Billions of e-mails are sent and received every day, from simple "How are you?" messages, to confidential business matters. You may think that the messages you send and receive are private. However, as a recent case shows, your e-mail isn't as private as you may think it is. In fact, it enjoys very little privacy at all.
Many of the facts of the case aren't known, but the judge's decision is important regardless.
In July 2009, federal law enforcement agents asked a judge for search warrants for e-mails that belonged to certain subscribers to Google's gmail service. The search warrants were issued, but the judge refused the government's request that the subscribers not be informed about the search of their e-mail messages.
The government thought the judge made a mistake and so it appealed - it asked another judge to look at the request. Judge Michael W. Mosman agreed with the government and decided that the government didn't have to tell the subscribers that their e-mail accounts were going to be searched. Rather, all the government had to do was tell the internet service provider (ISP), Google.
Judge Mosman decided that the Fourth Amendment to the US Constitution, which protects us from unreasonable searches and seizures at the hands of the government, doesn't apply to your privacy in your e-mails. Rather, the law - particularly the Fourth Amendment and the Stored Communications Act, which is part of the Electronic Communications Privacy Act of 1986 (ECPA) - requires agents to get a search warrant and serve it on the true owners of the e-mails, the ISP.
Not really. Although there's at least one legal decision that leans toward protecting e-mails under the Fourth Amendment, there's plenty of history and legal material out there that goes the opposite way.
For example, it's pretty well settled that your employer has the right to monitor, read, and search the e-mails you send and receive from your work computer. That's because you don't have a "reasonable expectation of privacy" in the e-mails. The key is "reasonable." The computer belongs to the employer, so it's not realistic for an employee to think that anything stored on property not belonging to him is private.
The e-mails you send from and receive from your personal computer aren't much more private. As Judge Mosman points out, the messages are being sent along and stored in computers that belong to someone else - the ISP. So, the messages lose any "expectation of privacy" once they're sent. In fact, under the ECPA, your ISP can look at your stored messages and messages you've sent and received. It can't tell anyone else about those messages, however, unless there's a search warrant.
Is There ANY Privacy?
E-mail privacy is low, simply because you're willingly making the contents of the message known to a third party - the ISP. This makes it different from a letter sent through the US mail ("snail mail") and even telephone conversations. So, how do you protect your e-mail privacy?
At work, there's not much you can do, except take care not to send personal messages over your work computer unless you're comfortable with the very real possibility that your employer may read it.
As for your personal e-mails, you can try encrypting your messages. This is where you scramble your messages, like a code. The person you send the message to must have the "key" to decode and read the message. Until the message is decoded, it's generally unreadable. Of course, with the proper search warrant, law enforcement officials can still get to the messages on your computer, and even on the computer of the persons you sent them to.
The moral of the story is this: E-mail is a fast, efficient, and easy way to communicate. It's just not the most secure and private way to do it.
Questions for Your Attorney
- Police officers took my computer because they said my son was using it to arrange illegal gambling activities. Does that mean they can look at my files and messages on the computer, or can they only look at things in my son's files and e-mail account?
- Can my employer demand to look at e-mails I send from personal blackberry while I'm at work? If I upload messages from my work computer to my blackberry, are the messages now "private?"
- I'm being investigated at work for breaking rules about sending personal and confidential client information through e-mail. I think someone else at work is using my computer to do it, but my employer doesn't believe me. Is there anything I can do?