Federal Court: E-Mail Entitled To Fourth Amendment Protection
A Federal Appeals Court in Ohio has handed down what could become a landmark ruling in the application of the 4th Amendment to the Internet.
In what could turn out to be a landmark case, a three-judge panel of the Sixth Circuit Court of Appeals ruled that email held on an ISP server is subject to the protections of the Fourth Amendment:
In a landmark decision issued today in the criminal appeal of U.S. v. Warshak, the Sixth Circuit Court of Appeals has ruled that the government must have a search warrant before it can secretly seize and search emails stored by email service providers. Closely tracking arguments made by EFF in its amicus brief, the court found that email users have the same reasonable expectation of privacy in their stored email as they do in their phone calls and postal mail.
EFF filed a similar amicus brief with the 6th Circuit in 2006 in a civil suit brought by criminal defendant Warshak against the government for its warrantless seizure of his emails. There, the 6th Circuit agreed with EFF that email users have a Fourth Amendment-protected expectation of privacy in the email they store with their email providers, though that decision was later vacated on procedural grounds. Warshak’s appeal of his criminal conviction has brought the issue back to the Sixth Circuit, and once again the court has agreed with EFF and held that email users have a Fourth Amendment-protected reasonable expectation of privacy in the contents of their email accounts.
From the decision:
Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age. Over the last decade, email has become “so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification.” Quon, 130 S. Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313; United States v. Waller, 581 F.2d 585, 587 (6th Cir. 1978) (noting the Fourth Amendment’s role in protecting “private communications”). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 (“It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.”).
If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call—unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114; Katz, 389 U.S. at 353. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception.
(…)
Given the fundamental similarities between email and traditional forms of communication [like postal mail and telephone calls], it would defy common sense to afford emails lesser Fourth Amendment protection…. It follows that email requires strong protection under the Fourth Amendment; otherwise the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve…. [T]he police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call–unless they get a warrant, that is. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement….
In the case at hand, which involved a criminal fraud prosecution of the owners of the company that sold the “male enhancement” produce Enzyte, the Court went on to find that the facts indicated that a good faith exception existed to the failure to obtain a warrant for the search at issue. As a result, the criminal convictions were sustained. Nonetheless, the Court’s finding that the Fourth Amendment’s protections extend to email kept on a third-party server stands and given the prevalence of web-based email today, it’s an important one as well. Conceptually, there doesn’t seem to be any reason why an email provider like, say, Google, should be treated any differently than a delivery service or a post office. The expectations of privacy of the average citizen are similar, and the fact that someone chooses to store email on a web server rather than downloading it doesn’t strike me as a relevant distinction for 4th Amendment purposes. Besides, the idea that the Federal Government would be able to access electronic mail without any need for a showing of probable cause that a crime has been committed strikes me as so offensive to American concepts of liberty that the outcome here seems rather self-evident.
But, of course, nothing in the law is self-evident. This holding only applies in the Sixth Circuit for the moment and it will be up to other courts across the country to apply the holding. Hopefully, they’ll do the right thing.
You can read the full opinion here, but be warned that it’s long (98 pages) and much of it deals with issues unrelated to the Fourth Amendment ruling.
Except that the technology of email is pretty different from the technology of mail or package delivery. The most important difference is one of custody. When you put a letter in a mailbox, absent somebody cracking into the mailbox, the letter is in the hands of the Post Office until it arrives at its destination (or the attic of a mail carrier, whichever comes first).
That isn’t the case with email.
The fact that we need a court to tell us that email isn’t public domain is pretty effing pathetic.
Dave, so why is that distinction relevant? That its the post office rather than Google.
Or closer to the point, what is the law regarding seizing a fedex package? I;m sure that has been done, but does law enforcement need a warrant or is the package the property of fed ex and they would just hand it over.
This is only ‘landmark’ in that it creates a split in the courts. Further, this case is narrowly built around ‘search incident to arrest’ and the meaning of ‘container’, not all searches. I think it only a data point that will eventually lead to a Supreme Court decision.
Is there the same expectation of privacy in dropping a letter into the mailbox as there would be handing it to the first passerby? I don’t think so.
From what I recall, the issue at hand was a precedent that said once a physical letter is delivered to the recipient, the sender no longer had an expectation of privacy, which means the government could get the content of the email from anywhere, including the ISP, without a warrant. From the parts of the opinion you posted, it’s not immediately clear if that was resolved in this ruling.
“Is there the same expectation of privacy in dropping a letter into the mailbox”
According to legal precedent and federal law there is.
Do you have any case law on that, Davebo?
Either the 6th Circuit is overturning its 2001 decision on this subject or the decisions must be narrower than the coverage would seem to suggest. I believe that the 4th, 8th, and 10th have similarly found no reasonable expectation to privacy under the circumstances outlined.
Perhaps I’m wrong but my understanding was that the expectation of privacy attenuates with the sender’s control over the third party recipient. I chose my example carefully: not a person of trust or a friend but a random stranger who may pass the letter to another stranger and so on.
That’s roughly the way the Internet works. It’s not point-to-point.
I would say the expectation of privacy is different in degree and nature between these different forms of communication being discussed — the question in this instance would be whether those differences are material in the legal context of the Fourth Amendment. Even if the Sixth Circuit’s position is adopted, it doesn’t mean those differences might no be material in other legal contexts.
The funny thing for me is how little we rely on encryption and digital signing in our correspondence.
For a while the public key folks were predicting a secure future, and I kind of believed it.
I guess it was never quite transparent enough, easy enough, for mail to the grandparents.
I’ve not read the decision since Doug scared me off of it, but two things scare me about e-mail communication. One is it’s ease to broadcast, which a lot of people use to copy everybody on everything, the “reply all” button being hit instead of “reply” with formely “private” correspondence appended at the end. The second would be the use of the office Internet connection for personal matters, presuming that this is private.
“Is there the same expectation of privacy in dropping a letter into the mailbox as there would be handing it to the first passerby? I don’t think so.”
HUHHHHH??????????????
Dave, not sure what point you are trying to make, but the violation of one is a federal offense, the other is…. well, impolite. Not sure why you can’t tell the difference, but I can.
It is about 5 to life…. (or something like that)…………….
Well with GMail, your connection to them is encrypted, so unless you don’t consider Google to be a person of trust, your analogy doesn’t work there. I’m not sure how many other email providers use encrypted communication.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
I rely on it quite a bit, actually. Important emails aways get signed, and the few that need it are encrypted.
Some of us are already living it.
SSL was a pain, and the web-of-trust was supplanted by a handful of “trusted” root CAs. PGP/GnuPG is actually very easy, but Microsoft has mostly ignored it, so it didn’t get very far in the general public.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0IGt8ACgkQ0AmR2tFiv8lI9wCfStfx12Zp51Q70OE25LzOqwHm
rPUAoJlqdH8EvFl2UoFOAXnrDF+IgL6n
=7u9G
—–END PGP SIGNATURE—–
Dave Schuler has a point, but I’d say his example is not quite right. When you send e-mail, you are not handing it off to a random stranger. Rather, you are handing it off to entities who have various types of agreements in place for e-mail. Usually, the agreements would be contractual, more or less. But they *could* be volunteer, or even random, in theory.
It all depends on how the destination handles e-mail.
The comment about Google is only for the entity that initiates the delivery process. It starts at Google, but could go through numerous entities before it reaches its destination.
I understand that e-mail is not that secure. Still, my personal *expectation* is exactly the same as for snail mail. I certainly don’t feel that the “random passerby” analogy is reasonable.
“Do you have any case law on that, Davebo?”
Well Dave, it’s a federal offense to even damage mail that is not your own. That’s what I was thinking of. The laws are so extreme that you can’t even hang a for sale sign on your mail box.
I suppose I just assumed the same applied to various authorities, especially at the city/county/state level but also the Feds.
However, since we now allow the federal government unfettered access to literally all electronic communications (I’m talking to you AT&T, Sprint, Verizon, etc.) I guess we should give up any expectations to a right to privacy.
What amazes me honestly is it took the WAR on terror to bring it about. Couldn’t they have built special “processing rooms” for the WAR on drugs?
It does raise a entirely new set of questions. If your gmail or yahoo email account is hosted on servers in Spain, can US authorities demand access without a warrant and if not who would issue it?
It’s truly a pathetically sad state of affairs. In 2010 we’re still wondering where we stand on such basic issues of liberty.