A U.S. Circuit Court of Appeals ruling involving an ISP’s ability to scan and use the content of customer e-mails equates to “free rein to invade the privacy of users” for ISPs, according to privacy advocates.
Others downplayed the impact of the ruling in U.S. v. Councilman, which involves a defendant who configured software to copy and compile certain customer e-mail. The issue also generated debate over the need to update electronic communication privacy law.
“We no longer have any Fourth Amendment right or interest in our e-mail, and the implications of that are staggering,” said Electronic Frontier Foundation attorney Kevin Bankston, who told TechNewsWorld that the ruling might also become the basis for increased and unfettered snooping by law enforcement officials.
The First Circuit Court of Appeals in Massachusetts held that it was not a violation of federal, criminal wiretap laws for the provider of an e-mail service to monitor the content of users’ incoming messages without their consent.
The actual case involved a provider — a seller of rare and used books that offered e-mail service — and the use of software to intercept all incoming e-mail from competitor Amazon.com.
“As the court itself admitted, ‘it may well be that the protections of the Wiretap Act have been eviscerated as technology advances,'” said a statement from the EFF.
“This decision makes clear that the law has failed to adapt to the realities of Internet communications and must be updated to protect online privacy,” said Bankston.
Protected in Policy
Stewart Baker, a technology law expert and partner with Washington, D.C.-based Steptoe & Johnson LLP, downplayed the impact of the ruling, arguing that the number of cases where the ISP ability to snoop e-mail actually causes harm might be very limited.
“Most ISPs value their reputations too much to do something like that,” Baker told TechNewsWorld. “E-mails are subject to stored communication [law], so ISPs could have been doing this all along, but there hasn’t been a flood of cases saying ISPs could use information in a way that is harmful to the customer.”
Baker added that the more people look into the case, the less significant it will be and any resulting changes in legislation are unlikely.
Spy Ops Opportunity
EFF’s Bankston disagreed, pointing to the public’s expectation of privacy in e-mail and the changing and nonbinding nature of most ISP policies.
Bankston also said that while the Councilman case was a rare use of information, there is no way to tell how much similar e-mail monitoring activity is taking place.
The attorney added that while the U.S. Department of Justice is unlikely to change its policy until the case is resolved on appeal or by the Supreme Court, law enforcement officials might have broader ability to capture and use e-mail content as a result of the ruling.
Technology and Time
Lara Flint, staff counsel with the Center for Democracy and Technology, said that although provider policies and protections are good, consumers are not protected by law as much as they should be.
“The leading ISPs all have very good privacy policies, but I do think this highlights that there is inadequate protection in law against ISP use of customer e-mail without notification or consent,” Flint told TechNewsWorld. “I do think this exposes a hole in the law.”
Flint said that the federal wiretap rule in question, written in 1986, has little relevance for today’s ISPs, which are now among the largest companies in the world.
Flint also cautioned that the ruling could help create a “loophole for law enforcement” to get and use e-mail content.