E-mail providers allowed to read customer mail

[epp_b]

Are postal workers allowed to read your mail? No. So why are e-mail providers allowed to?!?

A US appeals court has ruled that a company that provides e-mail service has the right to copy and read any message bound for its customers.

Continued... http://in.rediff.com/news/2004/jul/01email.htm

[nlinecomputers]

No offense but you need to learn about E-Mail. E-mail is transmitted unencrypted and in the open. The virtual equivalent of sending a postcard. You can't help but read it because NO effort is made to hide it. Every SMTP server that your email passes through stores that message and it may even get backed up to tape or other archives. If you send a threating email to the president expect 6-10 servers to keep a copy of that mail for you. The only way to keep email private from legal or illegal eyes is by encryption. The only way a court could realisticly forbid someone to read what is openly transmitted would be to force users to use encryption. People somehow think that just because it has the word MAIL in it it somehow should be assumed to have the same level of protection as real mail. The problem is that while it is called mail it is transmitted as a broadcast that anyone can hear. It's like shouting your messages with a megaphone. Can't expect privacy with that. Don't expect it with email.This was written in 1991 and it's still just as valid today as it was then.http://www.pgpi.org/doc/whypgp/en/

[Ed_P]

Are postal workers allowed to read your mail?

You don't think they read the postcards? That their eyes don't see the msg next to the address?Email, as far back as I can remember, has always been considered to be the same as postcards. That's why people are warned about sending sensitive information like credit card numbers and passwords in emails. It's not secure, ie others can read it.I think the case in question is more about corporations and their employees using their internal email systems to contact customers but it could be extended to basically all ISPs. Interesting.

[epp_b]

I am completely aware of the insecurities and openness of SMTP, thank-you. What I'm angry about is that it has been made legal for the service providers to read the e-mail that comes to or through their server(s). If you were to intercept an e-mail by hacking into a server or packet sniffing, you'd surely get into some trouble for that.I wouldn't say that a post card is quite the same. You have to look at the post card to get the address. You, as a human being, do not have read every single e-mail so that you can tell your server(s) to send it to the proper recipient (that's handled by e-mail server, of course). You would have to, explicitly, find the e-mail in order to read it. This is not the case with a post card. And yes, a postal worker has to look at the address on a post card, but I they'd certainly get in trouble if someone noticed that they were spending an awful lot of time reading them (ie.: not just reading the address ).

[nlinecomputers]

I wouldn't say that a post card is quite the same. You have to look at the post card to get the address. You, as a human being, do not have read every single e-mail so that you can tell your server(s) to send it to the proper recipient (that's handled by e-mail server, of course). You would have to, explicitly, find the e-mail in order to read it. This is not the case with a post card. And yes, a postal worker has to look at the address on a post card, but I they'd certainly get in trouble if someone noticed that they were spending an awful lot of time reading them (ie.: not just reading the address

Morally you have a point. But how would you enforce it? Some laws are pointless to try and enforce. Anyone can run a mailserver. There are no licenses, bonds, background checks, or tests needed to do so. At least Mr. Postman can be screened and Mr. UPS is bonded and insured. Is your ISP? Is the 15 year old kid that runs his own mailserver on Linux? In such a wild environment it is pointless to define a crime when no one can set the norm.

You would have to, explicitly, find the e-mail in order to read it.

No I don't, my computer can be programmed to screen if for me. I could set search parameters and have it flag me when topic X or person X's mail shows up. Isn't that what Google is doing with Gmail? They are going to automatically send you ads based on the content of your mail. [sarcasm]And NO ONE at Google is going to note what are the most called up search items? [/sarcasm]And what kind of privacy do I have when I send someone an email that is forwarded. How do you think you get on spam lists? Want to create a spam list? Send a joke. 90% of the world wide idiots out there will forward you email and are too stupid/lazy/ignorant/rude to strip out all the old email address or to use BCC. Presto one big list of spam targets.

[epp_b]

Morally you have a point.  But how would you enforce it?

That's usually how I conclude my points

Some laws are pointless to try and enforce. Anyone can run a mailserver.  There are no licenses, bonds, background checks, or tests needed to do so.  At least Mr. Postman can be screened and Mr. UPS is bonded and insured.  Is your ISP? Is the 15 year old kid that runs his own mailserver on Linux?  In such a wild environment it is pointless to define a crime when no one can set the norm.

Sometimes, it's pretty sad how the Internet is not kept on a tighter chain. But you do have a good point.

...No I don't, my computer can be programmed to screen if for me.

Ah, but you'd have to explicitly program that

I could set search parameters and have it flag me when topic X or person X's mail shows up.  Isn't that what Google is doing with Gmail?  They are going to automatically send you ads based on the content of your mail.  [sarcasm]And NO ONE at Google is going to note what are the most called up search items?  [/sarcasm]

Google's ad targeting is electronic, is it not?

And what kind of privacy do I have when I send someone an email that is forwarded.  How do you think you get on spam lists?  Want to create a spam list?  Send a joke.  90% of the world wide idiots out there will forward you email and are too stupid/lazy/ignorant/rude to strip out all the old email address or to use BCC.  Presto one big list of spam targets.

That's partially irrelevant IMO...that could be a whole other topic: lusers

[NRD]

Morally you have a point.  But how would you enforce it?  Some laws are pointless to try and enforce.  Anyone can run a mailserver.  There are no licenses, bonds, background checks, or tests needed to do so.  At least Mr. Postman can be screened and Mr. UPS is bonded and insured.  Is your ISP? Is the 15 year old kid that runs his own mailserver on Linux?  In such a wild environment it is pointless to define a crime when no one can set the norm.

The bigger point seems like they now have the legal right to read and possibly use the information contained in the E-mail. This wasn't expressly permitted before.I wonder how the US supreme court will handle this, if at all. It seems to me that the average person has a reasonable expectation of privacy in that their email won't be read by an isp.I wonder what percentage of the computing public actually realizes that email is completely open. Probably very low.

[nlinecomputers]

There is a difference between the legal expectation of privacy versus what the public expects. Cell phone for example are broadcasts and I have right to set up a receiver and pickup any transmission that comes my way. To wiretap a phone I've got to physically intercept the line at some point. Radio broadcasting is open to anyone that can receive it.

[epp_b]

There is a difference between the legal expectation of privacy versus what the public expects.  Cell phone for example are broadcasts and I have right to set up a receiver and pickup any transmission that comes my way.  To wiretap a phone I've got to physically intercept the line at some point.  Radio broadcasting is open to anyone that can receive it.

On an unrelated note, I was able to pick up a signal from a cell phone nearby on my walkman radio once. Don't worry, I turned it off

[epp_b]

NRD, thanks for adding to my points

[nlinecomputers]

Guys the courts can't rule on laws that don't exist. If I give a written note to EdP to give to Epp_b and EdP reads the note has a crime been committed. NO. If I didn't want him to read it then I shouldn't have given it to him. Was it wrong for EdP to read it. Perhaps, but it is not a crime. Now If I give EdP an envelope with postage on it and tell him to mail it and he opens it and reads it. THAT IS A CRIME!E-Mail is NOT a government backed or protected message service. Partly because there is no way to protect email from viewing. How is an American law going to protect you from email sent overseas. My webhost is in Australia. Even if it was illegal here how could you convict me if my webmaster stole your email?

[NRD]

The point is not conviction, and the "other country" argument is irrelevant as what is illegal here may not be overseas.The point is that ISP's now have the legal right to read and USE the information in an email.This decision has basically made them a party to the conversation. Email is not passing a note. One of the criteria for an expectation of privacy is the sophistication and invasiveness of the surveillance technology employed.Also this decision was based on a narrow interpretation of the wiretap act stating that because the email is recorded, however briefly (milliseconds) it is not protected.

[NRD]

I also have to disagree with your bullhorn analogy.Email is not broadcast to every server on the Internet, like a bullhorn. It is sent to specific servers needed to route the message.I think a better analogy is the telephone. When you make a call, it may travel to several switching stations and at each and in between, an operator or person may have the ability to listen in on the call. They do not have an express right to listen and use the information, just because they easily can.To me email is no different. Just because something can be easily read by certain individuals doesn't mean they should have the legal right to do so.The court didn't decide in favor of the defendant because it is easy to read email or that its open, but because it is not continually in transit like a phone call.

[Peachy]

Of course the Law is An Ass when it comes to the Internet... Yesterday, the Supreme Court of Canada ruled that ISPs in Canada do not have to pay royalties to recording artists (erm, actually the record labels as represented by SOCAN) because they are not responsible for what their users do with the Internet service. The ISPs argued that they were like the telephone company and therefore just a carrier with no concern for what goes on along the wire. Now, extrapolate that to email and if any ISP tried to argue they have a right to snoop mail then this argument falls apart.Getting back to the issue, it's not ISPs that are seeking these powers. It's really organisations that provide mail to their members. In other words, businesses are claiming this right, not ISPs. Big difference. Businesses don't relay mail like ISPs (or shouldn't if they have secured their mail servers.) What is at the heart of this ruling is that businesses, that provide the hardware to send and receive mail for their employees, are claiming the right to monitor/read company email without liability. This has always been accepted practice, but never codified into law.However, reading this news article is misleading because it doesn't provide any details of the case, whether an ISP asked for this or a business. If it was an ISP, I can't believe they would argue for this because this will force them to do other monitoring that they've shunned before: P2P, child porn, etc. I suspect it was a business. But I can't see how it could be extended to ISPs. Home users are not employees, just customers. Yet the article suggests:

a company that provides e-mail service has the right to copy and read any message bound for its customers.

So it seems to indicate ISPs.

[epp_b]

Actually, that Canadian law about ISP's not having to pay royalties to artists/labels is something I think that I agree with. They just provide the connection.Think about it: do construction companies have to pay royalties for cars that are lifted on the highways they build? They just pave the roads.

[NRD]

But I can't see how it could be extended to ISPs. Home users are not employees, just customers.

I guess it would depend on your definition of ISP. A webhost or email provider can be classified as an isp. Here is a quote on the case.

The First Circuit Court of Appeals dealt a grave blow to the privacy of Internet communications with its decision today in the case of U.S. v. Councilman. The court held that it was not a violation of criminal wiretap laws for the provider of an email service to monitor the content of users' incoming messages without their consent. The defendant in the case is a seller of rare and used books who offered email service to customers. The defendant had configured the mail processing software so that all incoming email sent from Amazon.com, the defendant's competitor, was copied and sent to the defendant's mailbox as well as to the intended recipient's

Full article with a copy of the decision here

[Peachy]

See, the Law IS An Ass! This is some business providing email services trying to monitor its customers email from Amazon. They are not an ISP!!! That court decision has to be overturned before someone else uses it for even more mundane reasons. They're trying to have their cake and eat it, too, and the courts just gave them a second helping!

[epp_b]

See, the Law IS An A**! This is some business providing email services trying to monitor its customers email from Amazon. They are not an ISP!!!

I see email and website services as hosts...although, technically, they are providing "Internet Services" as well. "ISP" is sort of a coined phrase for a company that gives you a connection, IMO.

That court decision has to be overturned before someone else uses it for even more mundane reasons. They're trying to have their cake and eat it, too, and the courts just gave them a second helping!

Yeah, this is all because the judges are probably Lusers too <_<Laws regarding Internet legalistics should be decided by people who actually know what they're talking about (ie.: people like...well, just about any highlander), not by judges who attempt to interpret the situation. That's why the law is a...donkey.

[wawadave]

hello for more sencitive emails try useing pgp works well.they can read it won,t know what it is though.

[Manny Carvalho]

I am completely aware of the insecurities and openness of SMTP, thank-you.  What I'm angry about is that it has been made legal for the service providers to read the e-mail that comes to or through their server(s).  If you were to intercept an e-mail by hacking into a server or packet sniffing, you'd surely get into some trouble for that.

The ruling didn't making reading your own emails by third parties legal. It was a very narrow ruling concerning whether or not reading emails already stored on the guys server was against the wiretapping law. The judge decided it wasn't against the law while at the same time stating that current law does not define emails as wiretapping and Congress needs to device new rules.This whole Internet/email business is still so new that the appropriate laws have yet to be written. As such they try to extend existing ones and it doesn't always work.

[Freddy]

The difference between email and mail is that the message portion is not packaged separately. The textual headers are part of the message. A program searches the message for routing information on our behalf, so therefore the owner of the computer forwarding the mail has rights to view that mail.There is no security, privacy or QOS guarantee on intermediate servers.

[Cluttermagnet]

There is a difference between the legal expectation of privacy versus what the public expects.  Cell phone for example are broadcasts and I have right to set up a receiver and pickup any transmission that comes my way.  To wiretap a phone I've got to physically intercept the line at some point.  Radio broadcasting is open to anyone that can receive it.

Oops! Sorry, Nathan- emphatically no! What you say was once true, but those days are long gone! Being an amateur radio operator, I'm a little more familiar than most people with radio law and its subtleties. Cell phone systems, which use radio links, are a very special case. The industry got together and lobbyed the FCC heavily and convinced them to outlaw the manufacture of receivers capable of receiving in the cellular bands in the UHF portion of the radio spectrum. Furthermore, even the act of listening in on such radio conversations was heavily criminalized, to the point of being draconian IMO. This outlawing of the reception of specific frequency bands was new and unprecedented, and it was really not necessary. Thus, the mere reception of cellular frequencies (by a third party) is by definition a crime that is essentially as seriously regarded as wire tapping on the old 'metallic' (wireline) circuits, and by extension, on any portion of the fiberoptic (or other) backbone carrying that traditional traffic.All this was to cover for the cell phone industry which was caught with trou down when it became widely known that reception of the older analog cellular broadcasts was trivially easy. This was not seen as a minor problem- it was a dagger aimed at the heart of the growing cellular industry. If folks got wind of just how insecure their conversations were on the older analog networks, this might have meant that cellular would quickly fade in popularity. Rather than fix the problem themselves, the cellular guys went whining to the government and won unprecedented concessions that are tantamount to the proverbial 'one guy to hold the light bulb and four guys to turn the ladder'. :'( The implications of all this are quite far ranging. Just for example, compare older TV's with those manufactured today, and you will see that the older ones have reception capabilities on some of the higher UHF channels (up to Channel 82 if I remember right) that are now refarmed to cellular phones (radio). You won't find these UHF broadcast channels on your newer TV's, although you will find some more cable channels have been added that were never on the older sets. I remember for a brief period being able to click the tuner way up towards the higher channels and occasionally hear some snatches of cell phone conversations. That is long gone, as most every cellular operator has long since switched over from analog to digital transmission, which is much harder to intercept, though far from impossible if someone is determined.You guys are right- the law is an ass in a variety of ways, and internet matters are a prime example. I believe that most well-informed folks know very well how open emails are, but the vast majority are probably clueless about this. You know- the ones that think a computer is just another home appliance and they should not have to be bothered with security matters. :'(

[ibe98765]

List of privacy resources. Many to choose from:https://netfiles.uiuc.edu/ehowes/www/info21.htmIf you are concerned about email privacy, then the only solution is encryption. Right now, it is still legal to encrypt your email. Who knows what the future will hold, particularly if Ashcoft and the current admin remain in power.

[nlinecomputers]

cluttermag,Interesting. I was unaware of the changes. What if you own a scanner that is able to scan the frequencies used by cell phones? Are you no longer allowed to use it or even own it? I agree that the law has problems but new legislation needs to be passed. We do not need to use the courts to effectively create laws by bending the wiretap law way out of whack just to wrap it around email.

[Cluttermagnet]

cluttermag,Interesting.  I was unaware of the changes.  What if you own a scanner that is able to scan the frequencies used by cell phones?  Are you no longer allowed to use it or even own it?  I agree that the law has problems but new legislation needs to be passed.  We do not need to use the courts to effectively create laws by bending the wiretap law way out of whack just to wrap it around email.

As I understand it, your possesion of that older radio is legal. You could probably sell it legally as well. Manufacturing one today with that frequency coverage (inclusion of cellular bands capability) would be highly illegal. I doubt you can find such an item new. If you could intercept cellular radio transmissions on the receiver you have now, that would be highly illegal, although very difficult to detect and enforce. This particular issue is moot anyway, since virtually all cellular radio systems in current use are now digital. Your radio would not recover audio from them even if you can receive such signals.I have no idea whether or not new legislation pertaining to the privacy of internet emails would help at all- but I doubt it would. For me, the best answer seems to be to educate users as to the 'postcard' nature of emailing. Looks to me like strong encryption is the only protection available to the average user today. Just watch- they will probably try to make encryption of emails illegal for reasons of national security.

[epp_b]

...Just watch- they will probably try to make encryption of emails illegal for reasons of national security.

:'( :'(

[nlinecomputers]

As I understand it, your possesion of that older radio is legal. You could probably sell it legally as well. Manufacturing one today with that frequency coverage (inclusion of cellular bands capability) would be highly illegal. I doubt you can find such an item new. If you could intercept cellular radio transmissions on the receiver you have now, that would be highly illegal, although very difficult to detect and enforce. This particular issue is moot anyway, since virtually all cellular radio systems in current use are now digital. Your radio would not recover audio from them even if you can receive such signals.I have no idea whether or not new legislation pertaining to the privacy of internet emails would help at all- but I doubt it would. For me, the best answer seems to be to educate users as to the 'postcard' nature of emailing. Looks to me like strong encryption is the only protection available to the average user today. Just watch- they will probably try to make encryption of emails illegal for reasons of national security.

Thanks that is what I figured. They would have to have a grandfather clause in it.I agree with you about regulating e-mail. I don't think it is possible. As I said earlier anybody can setup an email server. age, background, liability, are not checked and one can host a server to overseas as easily as you can here. It wouldn't be possible without much international effort. People just need to learn that email isn't secure and never will be(even with some kind of legal protection).

[epp_b]

Yeah, I might as well settle in and get used to it.

[Freddy]

The gov't has been fighting encryption since the early days of PGP and long before 9/11, Ashcroft and Bush.. The FBI didn't want to permit any form of communication they could not decipher without tipping off the person being monitored - after a court approved wiretap has been granted.One of the solutions proposed incorporating a private decrypt key into the cypher and the FBI would use that key when granted approval.

[ibe98765]

The gov't has been fighting encryption since the early days of PGP and long before 9/11, Ashcroft and Bush..  The FBI didn't want to permit any form of communication they could not decipher without tipping off the person being monitored - after a court approved wiretap has been granted.One of the solutions proposed incorporating a private decrypt key into the cypher and the FBI would use that key when granted approval.

Right, but the government gave up on this proposal, realizing that they couldn't control software that was distributed electronically from outside the country.This of course does not mean that government will stop trying. For instance, they could try to pass a law to make it illegal to possess and/or use encryption software that was not on an approved government list, a list where only products with back-door keys would exist. Given the existence and passage of the Patriot Act law, it is only a small hop, skip and a jump to imagine a future where an attempt as described above could be tried.