Who Could Be Reading Your E-Mail?

A U.S. appeals court has ruled that the vice president of an Internet service provider can't be charged with violating federal wiretapping laws for snooping on e-mail sent to his customers, a decision that will give ISPs and other e-mail providers free rein to spy on e-mail, privacy advocates said.

The U.S. Court of Appeals for the First Circuit's decision Tuesday affirms a district court ruling dismissing a criminal wiretap charge against Bradford C. Councilman, who was vice president of Interloc, a rare book listing service, in 1998. Interloc, since acquired by another company, provided an e-mail service to book dealers who were its customers, and in January 1998, Councilman told employees to write computer code to read incoming e-mail messages from rival book dealer Amazon.com.

Councilman was charged with violating the U.S. Wiretap Act, which prohibits private citizens from intercepting communications, but appeals court Judge Juan R. Torruella wrote that U.S. law doesn't prohibit ISPs and other e-mail providers from reading e-mail residing on their servers. The Wiretap Act gives wire and oral communication more protection against interception of stored communications than it does for electronic communication, Torruella added.

"We believe that the language of the (wiretap) statute makes clear that Congress meant to give lesser protection to electronic communications than wire and oral communications," Torruella wrote. "Moreover, at this juncture, much of the protection may have been eviscerated by the realities of modern technology. We observe, as most courts have, that the language may be out of step with the technological realities of computer crimes. However, it is not the province of this court to graft meaning onto the statute where Congress has spoken plainly."

Blow to Privacy?

Privacy advocates including the Center for Democracy and Technology and the Electronic Frontier Foundation questioned the appeals court ruling. By ruling that an e-mail was in storage instead of transit when it stopped for a "millisecond" on Interloc's servers, the appeals court has opened up e-mail to easier spying by law enforcement or ISPs, said Lara Flint, staff counsel for the CDT.

"We think it's a very strained interpretation of the law," Flint said of the appeals court ruling. "I think people understand that their employer has the right to read their work e-mail, but I don't think people have the concept that their personal e-mail is susceptible to being read and used by their ISPs . . . without their consent."

The decision "dealt a grave blow to the privacy of Internet communications," the EFF said in a statement.

"By interpreting the Wiretap Act's privacy protections very narrowly, this court has effectively given Internet communications providers free rein to invade the privacy of their users for any reason and at any time," Kevin Bankston, an EFF attorney and Equal Justice Works fellow, said in a statement. "This decision makes clear that the law has failed to adapt to the realities of Internet communications and must be updated to protect online privacy."

But Councilman's lawyer said the decision was the right one given that Congress provides less protection to stored electronic communication than it does to other forms of communication. Congress may want to change the law, but Councilman didn't break existing law, said Andrew Good, of the law firm Good and Cormier in Boston.

"It's the right decision on what the law is," Good said. "It isn't a decision about what the law should be."

Under current law, e-mail users shouldn't expect privacy, and current law doesn't distinguish between an e-mail service provided by an employer or an ISP, Good added. "Everybody knows, I think, that when you use an e-mail service provider from an employer, a school or an ISP, that they have access to your e-mail and don't need your permission," Good said.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.

Related:
Shop Tech Products at Amazon