Dec 15 2010

Your email deserves due process

Published by at 6:13 am under Government,Privacy,Risk

A few years ago Mike Rothman over at Securosis dubbed me “Captain Privacy”.  And thanks to my wife’s sense of humor, I even have a cape and domino mask (but no tights, for which everyone is thankful).  I like my privacy and I often argue against movements by our government to erode the controls protecting our privacy.  And this is one of the more subtle points that Mike and other people miss about me: I am not arguing against the government having the ability to spy on people when they need to, I’m arguing for strong controls around the ability and judicial oversight to ensure that the ability to monitor citizens isn’t abused.  To some it’s a very subtle difference, but to me it’s an incredibly important distinction. 

So it should come as no surprise to anyone that I’m thrilled that the 6th Circuit Court of Appeals has ruled that email is protected by the Fourth Amendment.  For years now law enforcement has been arguing that there should be no expectation of privacy for your email on corporate and cloud services (like Gmail) and that there was no need to get a search warrant prior to seizing copies of email records from service providers.  In other words, since your email is hanging out on a public service provider’s servers, they felt they could just walk in at any time, demand a copy of your email and no one would tell you until you were served up with an arrest warrant.  No due process, no judicial oversight, just quietly take what you want whenever you want it.  Understand why the police would want this power, but I also believe that it’s something that’s just waiting to be severely abused, if it hasn’t been already.

This is an appeals court, so it is possible that the ruling could be overturned by the Supreme Court if it got to that level, but it’s unlikely.  The 6th Circuit Court made it very clear that you and I have every right to expect our email to be as secure from covert observation as our physical mail.  Which means that police and federal officers can monitor it if they can prove to a judge that it’s necessary and appropriate.  And that’s all Captain Privacy really wants for Christmas, the knowledge that someone is double-checking what our LEO’s are doing and making sure that due process is being followed.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “Your email deserves due process”

  1. Mike Son 15 Dec 2010 at 9:32 am

    In my opinion, the existence of the event that brought about this court case is evidence enough that the police were already abusing this non-existent authority.

    It should be so well known as to be taken for granted that although there are good cops, there will always be government agents willing and eager to abuse any power they think they have or can get away with, in order to abuse the populace. That was the very reason for the creation of our government with its Bill of Rights! (It’s Bill of Rights day today, too!)

    If anyone can enumerate or list all the cases that have gone to court over police or government agents abusing legitimate powers or usurping authority they did not have, I’d first be very impressed, and then extremely depressed at the quantity.

  2. Shane Con 15 Dec 2010 at 11:52 am

    Some of us security folk work for local governments, doing the same sort of things we would for private industry. How might this decision affect ordinary policing of the local government’s emails, such as content filtering? Let’s say that the ordinary email filtering tools detect something possibly or obviously illegal. If I act on this, will it all be in vain owing to privacy protections? What if we’ve already told our users they should not expect such privacy? Is that warning now crossing the line?

    While I respect that, in general, emails should be considered private correspondence (and I have to say I consider that almost laughable in reality), when the emails of those employed by governments are under consideration, where can one draw the line on privacy?

    Things are just getting grayer.

  3. Martinon 16 Dec 2010 at 5:07 am


    I don’t think this particular ruling had much to do with the gentleman’s work email, they were going after his private email at his service provider. Work email is still pretty clearly something that an employer can look at whenever they want and can share with the police if they decide it’s necessary. So this has no affect at all on you doing your day job and dealing with email filters, this is just about a private citizen using a public resource to do his own thing.

    This is pretty black and white, not grey.


%d bloggers like this: