This statement: "Newly disclosed documents prepared by IRS lawyers says that Americans enjoy 'generally no privacy' in their e-mail, Facebook chats, Twitter direct messages, and similar online communications" is entirely consistent with the existence of Warshack. Warshack covers the Sixth Circuit, which includes the following states: Kentucky, Michigan, Ohio, and Tennessee. The IRS is bound by this precedent in those states and nowhere else. Other circuits might find this precedent persuasive and agree in future cases, and that is something the IRS will have to deal with in future prosecutions, but for a Handbook on the law as it stands now, this statement is absolutely accurate.
The nation-wide precedent is they can access anything older than 180 days without a warrant, which for IRS's purposes is basically anything that would be relevant to a criminal tax prosecution (there is no statute of limitations on willful tax evasion or fraud).
Should we have privacy rights in our e-mails and personal messages? I think so. But the Constitution doesn't protect that, any more than it protects "one's papers" if those papers are left on the premises of a third party.[1] Not everything that is a good idea must be necessitated by the Constitution.
[1] Wikipedia's article on "expectation of privacy" is pretty good: http://en.wikipedia.org/wiki/Expectation_of_privacy ("In general, one cannot have a reasonable expectation of privacy in things held out to the public."). If you understand how SMTP works, it's hard to argue that it's a private means of communication. You send a clear-text message to a publically-accessible service that is empowered to forward the message to other publically-accessible servers if necessary.
> If you understand how SMTP works, it's hard to argue that it's a private means of communication. You send a clear-text message to a publically-accessible service that is empowered to forward the message to other publically-accessible servers if necessary.
Whoa, hold it, I don't think so. Almost every SMTP server out there today requires authentication and quite a few require either SSL or TLS. That is the very definition of trying to keep things private.
Hell, I use Google's solution and have two-factor authentication set up.
Should I really start adding "this email is privileged and confidential" to every email like my lawyer?
The lock on my door is to prevent someone from pretending to be me to enter my property. This is not the same as trying to keep my stuff private or safe.
Note how your statement does not hold in the real world.
Email being transmitted by 3rd parties is not different from voice calls being transmitted by 3rd parties. Yes, you are trusting a provider, with the expectation that your provider will send the data where you've asked it to send the data, and nowhere else. This is still true whether you're talking postal service, landline voice calls, SMS, cellular voice calls, Skype, etc.
Maybe I'm expressing myself in too cryptic of a fashion. I'm simply asserting that while privacy and authentication sometimes overlap, they are not the same thing.
From the parent of my original comment:
Almost every SMTP server out there today requires authentication ... That is the very definition of trying to keep things private.
Do you disagree with me? Do you believe that SMTP authentication contributes to privacy and not authenticity?
Hey, hey, what's with the "..." and cutting out the relevant parts? I explicitly mention SSL and TLS. Those are encryption standards that are designed exclusively for privacy.
If I am using them to communicate with a 3rd party, I have a reasonable expectation of privacy between myself and that 3rd party. You would most certainly need a warrant to turn around and try to get access to a message stored on their servers.
On top of that, quite a bit of email today doesn't even touch SMTP. If I'm sending an email from one GMail user to another GMail user, I'm pretty sure it is just shuffled around on Google's internal servers. And, of course, I'm connecting to Google using SSL, an encrypted connection.
Hey, hey, what's with the "..." and cutting out the relevant parts? I explicitly mention SSL and TLS. Those are encryption standards that are designed exclusively for privacy.
I cut out the SSL and TLS because I don't disagree; SSL and TLS certainly says "privacy". I wanted to specifically address the notion that "authentication =~ privacy"
While you are making your point, you're being overly pedantic, and the point is irrelevant. Email should not be able to be accessed by a third party without warrant period. Whether or not the analogies line up.
The protections for phone calls arose back when phone lines were dumb analog wires between telephones. E-mail has never been like that, and it's always involved storing communications on a third party's systems.
>E-mail has never been like that, and it's always involved storing communications on a third party's systems.
Why should storing something on a third party's system obviate the need for a warrant? If I rent real property and use it to store my papers, does that mean the government should be entitled to seize them without a warrant because I'm storing them on the premises of a third party? If not, what's the difference?
So the true comparison might be standing naked on your walkway to your front door from the curbside, and saying people don't have a right to take your picture. It's prviate property that's publicly viewable. When expressed this way, then it's actually pretty easy to see how it extends to the real world (you have no expectation of privacy in the publicly viewable space).
No, think private car with tinted windows and a privacy partition shuttling you from home to the office. You'd be annoyed if your changing clothes in the back seat showed up on YouTube, because while your transport was along public routes, it was encapsulated in an expectation of privacy afforded you by your private car provider.
The mailbox in the foyer of your building and whatnot are not your property. The lock keeps other tenants from accessing "your stuff" and not your landlord himself.
There are special laws protecting mailboxes. They are actually property of the USPS. A better example is if you left a computer printout in your building's leasing office. That is not protected.
The data I put in Google is MY property, I want that data protected and don't care less about servers just as I do not claim ownership to the school locker.
If you want it protected, don't leave it in clear text in the custody of someone else who may or may not choose to hand it over to the authorities without your permission.
In other news: you can't invoke the 4th amendment if you stash boxes of weed at a friend's house and he hands them over to the government when asked.
You are consistently morphing the issue and providing bad analogies.
There are privacy policies and terms of service that cover what a service provider will share with whom and under what conditions. This represents an agreement between the user and the service.
However, that is wholly different from the rights held by the government (IRS) to compel the service provider to provide information at the government's demand.
Your analogy with the "boxes of weed" are similarly misguided and completely unrelated. The more relevant analogy would be that the government forced your friend's landlord to unlock his door without a warrant, entered, discovered the boxes of weed with your name on it, then arrested you.
And, to put your analogy back into the subject e-mail context, if you e-mailed something incriminating to your friend and your friend opted to turn you in to the authorities, that is entirely different from the government gaining access to your e-mail of its own volition, and without a warrant.
So if I send a letter via USPS do I have the right to expect that someone will not intercept and open that letter without getting the correct permission?
Mail theft was a pretty serious crime in USA I am led to believe, regardless of whether it is sent in encrypted form or not...
You can easily demonstrate the veracity of your statement by letting us all know what publicly-accessible server we can access to read your email, without using violence and coercion (for which 'government power' is a euphemism) against a service provider to circumvent your 'authentication'.
I think you are making the same mistake as some other people in this chain. We are talking about SMTP, not IMAP. You don't need violence or coercion to sniff unencrypted mail in-flight.
To prove to yourself that SMTP is primarily concerned about authenticity over privacy, just try setting up your own mail server. Ensuring your mail is not blocked and/or marked as spam is an involved process of establishing multiple checkpoints re-confirming your identity. DKIM, SPF, domainkeys- each intended to establish that you sent this (unencrypted) message, and not someone pretending to be you.
>You don't need violence or coercion to sniff unencrypted mail in-flight.
Google won't hand you a packet capture from eth0 on smtp.gmail.com because you asked nicely. You would have to coerce an insider (or exploit your way in).
The only situation in which your statement applies is if you're abusing a position of trust as a network administrator. While it's true that this is possible, it's also possible for someone to break into your (postal) mailbox. You still have an expectation of privacy.
You're talking about the server <> client connections, right? Between servers, SMTP is still often unencrypted and even when they use SSL, I doubt they authenticate each other.
Of course, if you send an email to an account with the same provider, it's probably secure.
Have you asked your attorney why he adds that warning, and asked whether attorney-client privilege is waived if email messages and documents are exchanged over an SMTP system which allows the messages to be read by providers and intermediaries?
I asked once. The answer was: no, it is not waived and no warning need be attached. Applicable law revolves around intent and that is largely determined by who you choose for recipients. There is some allowance for typos and mistakes when addressing or sending. The warning is just to remind people of appropriate conduct, encourage them to report incorrectly addressed messages, and make the intent extra clear.
The law of client/attorney privilege and the Constitutional prohibitions against unreasonable search have distinct bases and are governed by different law. Attorney/client communication focuses on the whole communication, while 4th amendment focuses on the specific piece of evidence. So if you for example gave your client some advice relayed through your secretaries, you could invoke the privilege if they were questioned. However, if you gave your secretary a note to pass to your client, and she kept a copy, you cannot invoke the 4th amendment.
There is no reasonable expectation of privacy when it comes to private carriers like FedEx or UPS. The expectation of privacy only extends to First Class USPS mail, under the consideration that extra protections are needed given that the USPS is an organ of the federal government and that USPS workers are bound by the 4th amendment just as any other agent of the government (and unlike private mail carriers!)
> There is no reasonable expectation of privacy when it comes to private carriers like FedEx or UPS.
Absent an expectation of privacy, the government is entitled to search whatever and whenever it pleases. Are you suggesting there is court precedent establishing the government does not require a warrant to search a box being delivered by UPS?
I agree. If you sign an agreement with UPS that allows it to simply give your package to the government upon its request, then you've effectively waived your Fourth Amendment rights.
But, absent that, the government cannot simply compel UPS to hand over the package or relay its contents without a warrant. That would be a violation of the Fourth.
OTOH, if the UPS employee simply looked in the box, it wouldn't be a Fourth issue. It is only so if the employee did so at the behest of the government. In other words, you are correct: in that case the employee is acting as a government agent[1], which triggers the Fourth:
Miller: Can private parties ever trigger the 4th Amendment?
Solari: Yes, as we discussed, if a private party were to be acting at the behest of the government -- if a government agent were to ask that FedEx person to open up a package and look inside, or to ask someone’s girlfriend to go through their things looking for evidence to turn over to the police, then that would be government activity. That would be the actions of a government agent because government agents can’t ask private parties to do something they themselves couldn’t do under the 4th Amendment, so in that type of instance it would be extended to that private party.
Thank you. I didn't know of this distinction. I poked around a little and found something at the EFF website[1].
Now my next question is can someone force the third party to give up the information without a warrant? I know they most likely will just comply. However, just for completeness, can a company like FedEx say that they require a warrant before opening packages?
Google's email isn't encrypted, it is sent as text over a network. Authentication doesn't change the fact that your email can be intercepted through the network in which it has been sent or received.
Based on my server logs, Google will offer STARTTLS and also use STARTTLS when offered. So there can be MTA<->MTA encryption. Unfortunately, many MTAs don't do one or both, and that includes those run by some of the largest ISPs.
Presumably you can pick a lock or attach a lineman's handset to the POTS phone lines outside of someone's house too, but aren't we talking about the expectation of privacy?
You should never expect privacy over an unencrypted connection.
However where I do disagree with rayiner is that you should be able to expect that third parties which you willingly entrust your communication to, should not be compelled to turn over that message without a warrant.
If they turn it over willingly that's caveat emptor, but email to me feels more like a hand-to-hand transfer of a postcard than dropping a postcard on a public desk (as used in a different example), and therefore you should be able expect that it's not treated as essentially public domain.
>You should never expect privacy over an unencrypted connection.
What does "should" have to do with it? A landline telephone isn't encrypted, people still expect their conversations to be private. And I don't see why email should be different -- if it came out that human Google employees have been reading your emails it would be a huge scandal.
> If they turn it over willingly that's caveat emptor
I don't know about that. Do you think it would also be reasonable without a court order for them to provide your private emails to a party other than the government, like a reporter or your company's customers or suppliers?
Phone connections used to be an actual end-to-end circuit that you had to have very specialized knowledge to be able to tap into, which is where that expectation comes from. Email is very much like handing a postcard to your secretary to pass to the mail room to walk up and leave in a bin labeled with the destination address. There are multiple stops en route, and the data just sits there instead of existing transiently. So yes, people shouldn't expect that it magically stays private.
But I'll take it further, to the extent that a secure channel isn't possible by phone today, people shouldn't expect privacy there any more either.
Being able to keep the government from using your information is different from privacy, and that's my big point. These conversations always go the route that Big Brother knowing about something is the worst thing that can happen to you, but really it's not. How many people get fired from their jobs without one bit of government intervention based solely on their employer becoming aware of a message they sent? That's what I'm talking about, you should not expect privacy from unencrypted email. Even if your provider is awesome, the recipient and the recipient's provider might not be, and that's beyond your control in most cases.
> > If they turn it over willingly that's caveat emptor
> I don't know about that. Do you think it would also be reasonable without a court order for them to provide your private emails to a party other than the government, like a reporter or your company's customers or suppliers?
Do I think it would be reasonable? Not at all. But it's certainly not illegal, which is why I say caveat emptor. Pick your contractors carefully and vote with your wallet for the one that will guard your data.
Except that the mail server gets to see the body of the email, which is not even remotely private. Encryption gives you privacy; instead of politely asking people to not read your mail, why not politely ask people to encrypt messages?
>Except that the mail server gets to see the body of the email, which is not even remotely private.
Privacy should not (and in more enlightened countries and legal systems it does not) mean "others are not technically able to see it".
It should mean: "this piece of information should not be attempted to be seen by others without the owners implicit or explicit permission".
(And then legal formulas could be used to define "permission" (ie the recipient of an email has an implicit permission to read it)).
If we use the BS notion of privacy of the US courts, then copyright should not exist either (because, by the same logic, one can break the copyright protection easily). Even theft would be OK (hey, I can steal your stuff if you left your belongings in a public place).
So, no, whether my mails are in Google's servers or wherever else, it should be illegal to read them for any purpose I don't agree with. Much the same as if the postman delivers my email to the neighbor's box by mistake, he should not be allowed to open and read it.
The problem with relying on legal formulas here is that you need to rely on many people -- hundreds, maybe even thousands -- to not break the law over a long period of time. Your email is not really "sent," it is copied from system to system, and anyone with access to those systems could potentially read it. Backup tapes may be lost or stolen. Hard drives full of email may be sold off. This is not privacy; it is trusting hundreds of strangers to keep your confidence for an indefinite period of time.
> Privacy should not (and in more enlightened countries and legal systems it does not) mean "others are not technically able to see it".
This is really at the heart of the disagreement in this thread. Maybe this is what you think it should mean. But that's not what it means Constitutionally. The Constitution doesn't talk about privacy, it talks about unreasonable search and seizure. And the precedent is that if you've voluntarily handed the information to someone else, its not unreasonable for the government to get that information from them.
Sure, but I don't care much about the constitution. I care about what's fair and right. Constitutions can be changed and amended, especially if they were written 3 centuries ago.
> It should mean: "this piece of information should not be attempted to be seen by others without the owners implicit or explicit permission".
So WireShark is now illegal in your ideal world?
Email is computer technology and demands a technical answer: if you want something to not be eavesdropped on, encrypt it. This is why we use ssh and not telnet any more.
>Why are you trying to legislate technology when you could just make the tech work the way you want?
Because I don't want technology to rule us, I want us, humans, to rule technology. We say a lot of times that "technology is a tool". If we have to adopt ourselves and our society to it, instead of adapting it to our preferences, goals and morals, then it's not a tool, it's a ruler.
In this case, cryptography might be a solution. But it's not a perfect solution for me. For one, it's not widespread and it's confusing for most people to integrate to their mailing habits. Second it breaks lots of workflows and conveniences (e.g full text search of emails).
Second, I don't want the government, Google, or anybody else to have it be legal to look into my email if they can break the cryptography or find the key. I want it to be illegal even at that case.
Third, while cryptography might be a case were technology can solve this problem (privacy) there are other issues just piling technology cannot be used to solve them -- where legislation is needed.
"I don't want technology to rule us, I want us, humans, to rule technology"
Personally, I want technology to solve human problems. If technical solutions to problems exist, they should always be preferred over legal solutions. We do not need to increase the size of an already out-of-control legal code, and we do not need more laws that will be selectively enforced (as almost all laws are).
"it breaks lots of workflows and conveniences (e.g full text search of emails)."
That is not an insurmountable problem: get an email client that can do full text searches of your email by automatically decrypting it while the search is performed. If for some reason you need to export your search to some server, cryptographers have developed systems for doing that in a secure way, though their computation cost is a bit high (much more than searching the plaintext).
"I don't want the government, Google, or anybody else to have it be legal to look into my email if they can break the cryptography or find the key. I want it to be illegal even at that case."
I would be cautious about that. It is almost certainly the case that such a law would not be enforced when a government agency or large corporation are breaking it -- see e.g. the warrantless wiretapping program. More likely, such a law would be used when a whistleblower exploits a weakness in a cryptosystem to expose government wrongdoing.
Expanding the legal code is dangerous. We have so many laws that the government has lost track:
We have seen over and over how this vast legal code is abused to crack down on protesters and dissidents. Adding more laws to it is just asking for more trouble, and doing so when we have technical solutions is a pointless risk.
"while cryptography might be a case were technology can solve this problem (privacy) there are other issues just piling technology cannot be used to solve them -- where legislation is needed."
Sure -- but we are not talking about those problems, we are talking about a specific problems that is well studied and which has been solved for decades.
Indeed. Making something that could be made impossible (or extremely difficult) "only" illegal will tend to make people complacent. If the expectation is that bad people won't do something because it's against the law, good people may fail to ensure that they can't. And then bad people do it anyway, leading to outrage, panic and harmful reactionary legislation. Not to mention bad people getting away with doing bad things, which could all have been prevented with sound engineering.
This isn't to say that every problem can be solved with a technical solution -- but when the technical solution is extremely effective, a legal solution is surplus to requirements.
While I would not argue against encryption giving you privacy, I think it is easy to argue that there is an expectation of privacy in sending emails. At least, as much of one as if you were sending actual correspondence.
Consider, in a public restroom there is very little done to prevent people from seeing each other. However, one almost certainly has a reasonable expectation of privacy in such a situation. Hell, consider using the restroom in someone else's house. If you record videos of everyone that uses your restroom...
We put doors on restrooms. Claiming that unencrypted email should carry a legitimate expectation of privacy is like claiming that people should expect privacy when they go to the bathroom on the side of the highway. People may want their email to be private, but that does not mean that we should pretend that email really is private.
Really, we need encryption to be widely used, for people to learn about it in school, and for people to generally expect messages to be encrypted. We have not really won this fight until people encrypt private messages and get angry when private things are sent in the clear.
Irrelevant. When you are in a restroom, you have an expectation of privacy. Period. Doesn't matter whose restroom you are at or what is going on. Hell, the door could be broken or just bad and you still have an expectation of privacy.
Consider, someone could have a camera mounted onto their foot or on a poll to get over the standard stall doors. Would you just claim that folks should be ok with this? Because, "hey, it was possible? Quite easily done, actually."
I am pushing this point so heavily especially because a large company is pushing cameras that are mounted on people's faces. If someone were going into a restroom taking pictures, people would feel rightfully violated. Soon, this is likely to be happening more than you'd care to consider. The ease with which it can be done is irrelevant to the legality of it.
"Hell, the door could be broken or just bad and you still have an expectation of privacy."
So let's take that argument to its extreme: you are standing in an open field going to the bathroom. Do you still think you have an reasonable expectation of privacy?
The problem with your argument is that it is based on the idea that if people want privacy, they are entitled to it even if they do nothing to protect that privacy. There is nothing wrong with expecting people to be a bit proactive when it comes to their privacy -- closing doors, drawing their curtains, encrypting their email. People should not just shrug about someone filming them on the toilet, they should do something to prevent it (and if a person started to drill holes in the door, sure, prosecute them -- for destroying someone's property).
"If someone were going into a restroom taking pictures, people would feel rightfully violated"
No, if someone were going into a restroom taking pictures of other people going to the bathroom in a closed stall they would rightly feel violated. Any weaker standard is basically saying that nobody can take pictures in public, because they might accidentally catch a person peeing on a wall and thus violate their privacy.
"The ease with which it can be done is irrelevant to the legality of it."
No, it is very relevant to the legality, because when we make easy and popular things illegal we worsen an already out-of-control criminal justice system. We do not want to start arresting people just because they are using their cameras, even if their cameras are mounted on their heads, even if they wear their head-mounted cameras into bathrooms. If cameras are everywhere and used by everyone, the answer is to build bathroom stalls that go from the floor to the ceiling, not to open the door to waves of prosecution (which will almost certainly be used selectively against "undesirable" people).
The appropriate place to draw the legal line with privacy is with people taking proactive and reasonable measures to be private. Putting letters in envelopes, closing curtains, closing doors, and yes, encrypting emails. You have no expectation of privacy in public parks, nor if your door is left open, nor if your curtains are left open, so why should you expect privacy when you send unencrypted email?
But the problem with your argument is you are assuming they did nothing to protect their privacy. They specifically addressed the email to someone. Or had it specifically addressed to them.
As the other poster said, consider the urinal. Whether intended or not, there are about to be a lot of images of people at the urinal taken by a capture device. Should men just get used to this idea and expect these pictures online?
I roughly get and agree with what you are saying. But, consider, it is trivial to build a microphone that can pick up every word you said within your house. Do you feel that police should be able to use such a device from a van outside without a warrant? Hell, it is trivial to build a camera that can see through most clothes nowdays.
That is, the laws are there precisely to cover things which may be easy otherwise. Hell, it is trivial not to pay your taxes. Illegal. It is trivial not to honor a contract. Illegal. We don't make laws against jumping to the moon. Because... not exactly relevant from a legal perspective.
"As the other poster said, consider the urinal. Whether intended or not, there are about to be a lot of images of people at the urinal taken by a capture device. Should men just get used to this idea and expect these pictures online?"
Yes, or else just walk to the stall and pee in the toilet. I see guys doing that all the time where I work -- some men want to be private about it, and urinals are not and have never been private.
"But, consider, it is trivial to build a microphone that can pick up every word you said within your house. Do you feel that police should be able to use such a device from a van outside without a warrant? Hell, it is trivial to build a camera that can see through most clothes nowdays."
I did say that closing your door should give you a reasonable expectation of privacy. I also said that things that are easy and popular should not be made illegal. If everyone walked around with a parabolic microphone or a millimeter wave scanner, we would have to adjust our laws, habits, and notions of what counts as a reasonable expectation of privacy accordingly. It is currently reasonable to expect that wearing clothes protects you from having your naked body photographed; that would have to change if it were common for people to carry cameras that could see through cotton.
You missed the point of my last question. Right now. Today. You have an expectation of privacy in your own home. For anyone that understands how surveillance works, you would know that closing your door is pointless as far as keeping the sound in. By your logic, this is not appropriate. Because, "hey, you should know that it is easy to hear inside your home."
However, if police wish to violate this, using relatively common and accessible tools, they have to have a warrant. Consider the phone calls you place. These are just as exposed to third parties as any email you send. Yet to intercept them police need a warrant. For others to do so is illegal.
Note, the deciding point here is not that it is hard or easy to intercept your communications. Or sit outside with a microphone. The point is that those activities require a warrant. Because they are illegal otherwise.
>We put doors on restrooms. Claiming that unencrypted email should carry a legitimate expectation of privacy is like claiming that people should expect privacy when they go to the bathroom on the side of the highway. People may want their email to be private, but that does not mean that we should pretend that email really is private.
Why not? It's just a law away for this to happen.
We can fully well pretend that email really is private.
It doesn't matter if it is technically private (ie if someone can access it or not). What matters is for accessing it to be illegal.
You can't normally read SMTP exchange between two arbitrary servers. Granted, there's a range of attacks possible to a motivated hacker, but they are exactly that: attacks. Your email is normally not exposed to third parties.
Not when the snail mail is in an envelope. When you send plaintext email, you are exposing the entire body of the message to casual inspection by any of the mail servers that are involved in delivering it. Unlike the postal system, however, your email is copied and stored by the servers involved in sending it, and you have little control over how long it is stored.
It would be as though you communicated by sending post cards, and the postal works took every post card and ran it through a copy machine, leaving them all in a neatly organized (by sender and receiver) pile somewhere.
So by your reasoning, if I mail you a postcard, and you put the postcard in a locked container placed inside of the trunk of a rental car, it is OK for the police to bypass your access controls and read the postcard?
How you transmitted or handled something at a point in time is not relevant to it's status at rest.
This issue here is that the government asserts that email is a communications system only. The problem is that while it does enable people to communicate, it also serves as a filing system to many email users. The law as written in 1986 didn't forsee 25GB mailboxes on O365 or Google with the equivalent of many file cabinets worth of memos, etc.
1) A rental car, like a rented house, is still under your control. But your e-mail account on Google's servers is under their control. They can do whatever they want with it. It's more like your friend letting you use part of his garage to store stuff--a third party still retains full control over the space.
2) As far as I can tell, Google can access your e-mail whenever it wants, so the "locked container" analogy also fails.
Again, I think the fact that Google/Microsoft/etc can scan your emails and documents to send you targeted ads is determinative here. If you're voluntarily exposing the contents of your documents to that process, how can you claim to have an expectation of privacy?
I pay Microsoft to host my email on my behalf so that I can consume the service. Just like I pay Avis for the use of a car or Hilton for use of a room. I don't own either, but are given controls to regulate acess (ie a key)
The interesting thing to me here is that the IRS is not claiming Google/Microsoft, it is claiming all email. Including that which is served by private servers that goes to other recipients on the same private servers.
The fact that you own the box that email was delivered to and that email never left that box has no bearing in the matter for the IRS. They still claim the right to inspect it, without a warrant.
You don't own your gmail inbox, you don't own your twitter account, you don't own your facebook account. Google, Twitter, and Facebook own them. You don't even rent them. Google, Twitter, Facebook, etc, fully own them and fully control them at all times, retaining the right to do whatever they want with them at any time.
You just missed the point. The IRS is speaking to all email systems. If I have a private server in my private house, and I send another message to another user on the same server (i.e. local delivery only), then the IRS's claims still apply to that. I don't see how the Google/Twitter/Facebook come into play here.
I'm not sure how you can parse a phrase that starts "generally..." and read it as encompassing "all email systems." That's facially not what the IRS is saying.
Google, Twitter, etc, come into play because they are the kinds of communications the IRS is referring to--electronic communications stored on servers controlled wholly by unrelated third parties.
The BIG difference is that you'll know about it, because the warrant will go to you. Not only will you know about it, but you can control the timeframe in which you respond as well as explore legal challenges and remedies. You will be in control of how things play out.
The IRS isn't going to break into your mail server.
People should really, really be running their own mail servers, and I suspect should be providing their own dialtone as well. The latter is certainly much more complicated and technical, but that level of control is a very nice thing to have.
Because I know and expect that Google will use my emails to display targeted ads. And I also know that, under this process, my data remains in the custody of Google. I still fully expect Google not to send my data outside its servers, except to my recipient.
The 4th amendment does not restrain the government from looking at any information you don't want them to look at. It restraints them from personally harassing you to get information without a warrant. Once the information is out of your hands, you can imagine laws that will protect that information so it is used only according to your expectations, but the 4th amendment isn't the mechanism for that.
No, that's stupid. That's equivalent to claiming telephone calls aren't private, because they're transmitted in the clear by third party exchanges accessible to authorized users. (email servers generally aren't publicly accessible, rather they're only accessible to authorized (registered) users)
You don't lose your reasonable expectation of privacy by making something publicly available. You lose it by exposing it to a third party (note that e.g. nothing prevents the recipient of your letter from handing it over to the government without a warrant). When you send an e-mail, you make the complete clear text of the e-mail accessible to a third party.
The extension of 4th amendment protections to telephone calls dates to a time when it was a direct analog connection between your phone and the other person's phone. But Google/Gmail is not just a dumb wire. It's an intermediate third party that can read your email and scan it to sell you ads.
It's true that this has always been the position of the Federal government, but that argument has always seemed pretty weak to me, and I don't accept it on principle, no matter how pervasive it's become. People don't expect their email to be read by others, especially the government, period. The reality that they are in fact doing this anyway just means citizens have to push harder to affect a change in the law.
This isn't a new fight. The government literally used the same exact argument when telephones were invented. It took years to work in protections for phone calls, I see no reason why the same can't be done for new modes of communications like email.
> People don't expect their email to be read by others, especially the government, period.
That is inconsistent with the wide usage of GMail, which (robotically) reads your mail to give you directed advertising. So GMail users at least cannot claim that they expect no one else to read their email as they've opted-in to having their mail read by running the service at all.
email servers generally aren't publicly accessible, rather they're only accessible to authorized (registered) users
Yes, sending email requires authorization to the SMTP server but MTA to MTA communications (as in when your mailserver actually sends your email to the recipients mail server) are clear text and can easily be intercepted.
The difference between telephone calls and email is that you generally don't have access to the things you need to listen in on a telephone call, but email you only need to have access to one of the routers that it's routed through
The SMTP protocol is used both from client to server and from server to server. RFC 3207 (2002) complaint MTAs communicate with each other over a TLS (i.e. encrypted) connection.
Complaint MTAs include: sendmail (>= 8.11), postfix (>= 2.2), MS Exchange (>= 5.5). Patches have existed for qmail to add support since 1.01, though they aren't in the main distribution for reasons that I'm sure make sense to djb.
>If you understand how SMTP works, it's hard to argue that it's a private means of communication.
No. No. No.
The test is one of reasonableness. Is it reasonable to assume that an individual--who addresses a message directly to another individual by means of that individual's unique identifier--intends that only that individual will view the e-mail? Of course it is.
The suggestion that people should understand the vulnerabilities in the underlying technology is a red herring.
Perhaps this is why the Sixth Circuit concluded that e-mail is private.
To play the devil's advocate, do you expect any privacy with postcards? It is also addressed directly to another person by means of a unique identifier... why is email any different? IMAPS et al. is just for the connection between you and your email provider, everything after that is plaintext (till the recipient's email provider gets it.)
Now, the interesting question is: is IRS entitled to access emails if both the sender and receiver are using the same provider and it doesn't leave their servers? (I'm guessing the situation is similar to delivering a note by hand through a single third party... again, I wouldn't expect any privacy there.)
I don't believe your analogy holds. Reasonable people understand that other humans will necessarily see the exposed-in plain-sight content of a postcard in the process of delivering postal mail.
However, reasonable people know that no humans are required in the process of delivering e-mail, and further, the average person doesn't necessarily believe that other people will read an email even if they know it is technically possible.
By contrast, in France for example, secrecy of correspondence is the default. It has been explicitely extended in 2004 to e-mail, but the law as it was after a change in 1988 certainly already covered that.
Tampering with e-mail is thus punished the same way as tampering with a physical letter. Being an agent of the government constitutes aggravating circumstances.
Circumventing those protections requires the intervention of an independent (as in independent from the executive) judge.
To (mis-) quote Rick Steves, the city of Paris repaved its streets, removing the historic cobbles, to prevent the citizens from using the streets...as weapons.
>If you understand how SMTP works, it's hard to argue that it's a private means of communication.
Wrong. The users' providers can see the message, but they will only pass it to the next link in the chain to the recipient. That doesn't mean it's okay or expected that it'll be shared with anyone else.
Handing off your voice calls to AT&T does not eliminate the expectation or privacy, nor does handing off your letters to USPS. Both of these services will move your information around internally, and AT&T will route your voice call to a Verizon switch if necessary. This still does not negate the expectation of privacy.
> You send a clear-text message to a publically-accessible service that is empowered to forward the message to other publically-accessible servers if necessary.
In the postal system, your message is generally encapsulated in a tamper-evident envelope, carried in locked cars and trucks that enjoy Federal protection against intrusion, and end up in mailboxes that are almost always on private property and/or locked.
>> In the postal system, your message is generally encapsulated in a tamper-evident envelope...
Those are all mechanisms, not legal protections. All could be bypassed by a determined person.
In both email and physical mail, someone else can secretly read your mail if they try hard enough. In both, you expect them not to. In both, we have the same question: should the government need a warrant to violate that expectation?
I can plant a secret microphone in your house. That doesn't mean I have a right to.
You can unglue an envelope over steam or on a hot surface.
That's beside the point though. People in general expect their mail correspondence to remain private, although a motivated third party might be able to defeat security.
They expect their (physical) mail to remain private because there's a massive legal framework that protects it. There's an entire section of US code regarding the operation and authority of the post office (title 39) and a whole mess of criminal code about protecting the mail (in title 18).
And yet you enjoy no 4th Amendment protections for parcels you send by a private carrier such as UPS or FedEx. They can snoop in your stuff all the want and it would be at most a civil matter (with rare exceptions).
Your analogy would make better sense if you were talking about using a government-provided email service. But trust me, you don't want to do that, at least if it's anything like my government-provided work email.
Substituting the postal service with private carrier services, the point still stands. People just not expect their correspondence to be peeked into, no matter how technically easy is that.
When you have a conversation in a busy mall, you have no expectation of privacy. When you communicate one on one in confines of private apartment, your speech isn't meant for others to be heard, even if that would be laughably easy to eavesdrop for a government agency.
It's not really a technicality we are arguing about but very basic expectations from a communication medium. If I write an email to my wife I don't expect it to be exposed to arbitrary strangers, although I understand that it's not as secure media as say diplomatic cables cough.
I agree that people expect discretion from their couriers (electronic or otherwise), but I wasn't talking about technical limitations this time. Privacy is something that encompasses even more than government.
The 4th Amendment is specifically a limitation on government power to compel unreasonable search or seizures. That's why I said having a private courier give up your information (not at the demand of the government) would be at best a civil matter such as breach of contract.
Now does FedEx and UPS routinely give up our parcels to the wrong party? No, but the reason isn't the 4th Amendment. The reason they try to deliver to the right party is because of the incredible market reaction that would occur if they were known to be routinely diverting deliveries or snooping.
But your expectation of privacy in general (as opposed to privacy against government interception) does not have any backing in law AFAIK (sadly), which is what I think rayiner was pointing out. From the perspective of the law, if you're willing to disclose information to some "random" third-party then why wouldn't you be willing to disclose it to anyone else (incl. the government)?
I agree that we should be able to expect privacy even in these cases, as it seems like a fairly large loophole if rayiner is right, especially in a world that is far advanced from the days where long-distance communications of any sort required government services and so privacy really did mostly mean "privacy from government".
Nice analysis. I tend to think the evolution of expectation of privacy from regular mail to email is similar to the evolution of expectation of privacy from land-line phones to cell phones.
That is under the 4th Amendment land-line phone users have a reasonable expectation of privacy; therefore, Gov. must obtain a search warrant to use evidence gathered from such sources against the criminal defendant. Yet, Courts define cell phones as little more than radios, and one does not have a reasonable expectation of privacy of radio transmissions, so evidence gathered can be used against a criminal defendant without being obtained by warrant.
So, right or wrong, I think the whole frame is similar to mail and email, of course emails are not defined as radio transmissions. Now all that said, between the Bush and Obama administrations reasonable expectation of privacy has been eroded (and as a result the 4th Amendment), and de facto there is no expectation of privacy over anything except maybe what is in your head.
The Government (prosecutors at State and Federal levels) but to the best of my knowledge the Courts have always upheld defendants reasonable expectation of privacy as to landlines in the home.
I suppose pay phones are landlines, but reasonable expectation of privacy is more complicated - originally courts upheld reasonable expectation of privacy when there was a phone booth, but not when the pay phone was in the open - this varies from state to state but I would not be surprised if this expectation of privacy has whittled away in the majority of states.
IANAL, but cell phone calls are encrypted, and I'm pretty damn sure you need a warrant to legally decrypt a cell phone conversation over the air.
But I bet you wouldn't need a warrant if you wanted to just capture and show the existence of the emitted radio waves as evidence, ignoring their contents (if you were making some kind of a traffic analysis type of argument).
I think the confusion you and I share is that the topic of the precedent is mail that is physically stored on a 3rd party's server. The transport mechanisms are irrelevant.
Now, what if you used a service like gmail, but made sure that you deleted all your mail before they aged to 180 days. What if the mails are not actually deleted from the underlying storage, but just not presented to you. If the mails still "exist" could they be used against you? Would google give them up? Was there an expectation of actual deletion?
That's a fine opinion, but it's no more than that, and fortunately the 6th Circuit disagrees with you, ruling that the ECPA's 180-day expiration date for an expectation of privacy is unconstitutional:
> "Given the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection.... It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve."[1]
And of course their opinion carries quite a bit more weight, to the point that both Google and Microsoft, at least, put their disagreement with the IRS in writing, requiring a warrant before disclosing the content of emails, regardless of the age of those emails.
ctrl-f "warrant" in both of these for more details, but here are some snippets. From Google:
> "On the face of it, ECPA seems to allow a government agency to compel a communications provider to disclose the content of certain types of emails and other content with a subpoena or an ECPA court order (described below). But Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure....
> The threshold is higher still for an ECPA search warrant. To obtain one, a government agency must make a request to a judge or magistrate and meet a relatively high burden of proof: demonstrating "probable cause" to believe that contraband or certain information related to a crime is presently in the specific place to be searched. A warrant must specify the place to be searched and the things being sought. It can be used to compel the disclosure of the same information as an ECPA subpoena or court order—but also a user's search query information and private content stored in a Google Account, such as Gmail messages, documents, photos and YouTube videos. An ECPA search warrant is available only in criminal investigations."[2]
And from Microsoft:
> "Does Microsoft reject subpoenas from law enforcement seeking content data?
> Yes. We require an order or warrant before we will consider releasing content. Like other companies, we implemented the holding of U.S. v. Warshak, which held a provision of the Electronic Communications Privacy Act to be unconstitutional."[3]
The Sixth Circuit's decision certainly holds higher weight than mine, but that doesn't make it national law. Until more circuits agree with the Sixth, the IRS handbook is absolutely correct when it states that there is generally no privacy interest in e-mail and other electronic communications.
You're speaking of the third party doctrine, which isn't strictly law, more a collection of precedent, and has never been ruled to actually apply to retained email. If you read the 6th Circuit's decision, you'll see a number of statutes that directly contradict the 180-day provision, and which give an additional legal basis for the protection of emails beyond just an interpretation of the 4th as overriding the law and striking it as unconstitutional.
The IRS trying this would be a great benefit to us all, short of congress getting their act together and revising the ECPA, and the EFF would love nothing more than to take up the case. Considering that it has already been confirmed that Google is requiring warrants and Microsoft has taken such a strong stand while releasing their latest transparency report, it seems like we also have at least two corporate sponsors (and, actually, this is a bad position for most companies to be in, as many email providers can't easily figure out which Appeals Court their customer falls under. This exposes them to risk if they disclose email content without a warrant, which is another motivation to take the conservative approach and ask a court to decide if they have to disclose emails with only a subpoena).
Your SMTP server requires it to send email to prove it's really you and really them, yes, the mail server however sends your email to the recipient in clear text and can easily be intercepted if you happen to be inbetween the two servers.
In which case you are a network administrator of a (probably tier 1) ISP and abusing your position of trust. As well as probably violating your contracts with the companies for which you have agreed to carry traffic.
It's also possible for me to read mail from my neighbors' mailboxes, and most of their PSTN demarcs are hanging off the side of the house and not protected by a fence or anything. Mail and voice calls are still private.
The crux of the matter is "knowing exposure to third parties." So you have an expectation of privacy in sealed postal mail, but not say post cards or anything printed on the outside of envelopes. While a postal service as a matter of course can't read what's in peoples' sealed letter mail, e-mail is sent in plain text and can be seen by any intermediary SMTP server as well as system administrators of the sending and target mail servers. That's just the nature of the protocol.
Moreover, the fact that the U.S. Postal Service is an agency of the government puts it under heightened scrutiny as compared to e-mail providers who are private parties. The fact that people would be horrified if the U.S. Postal Service were tearing open envelopes and scanning mail to send targeted catalogs, etc, to people but accept Google, etc, doing the same thing as a matter of course really cuts at the knees of the argument that people have the same "expectation of privacy" in their e-mail as they do their letter mail.
Gmail has SSL to Google's e-mail server. If you e.g. send a mail to someone using Outlook, it's sent in clear text. And at both ends it's scanned to deliver everyone involved targeted advertising.
"Reasonable expectation of privacy" doesn't have an implicit "only as against the government." If you're knowingly exposing the contents to Google and Microsoft to scan, you can't claim to have a "reasonable expectation of privacy" in the contents.
The problem is this works only with 2 parties that have already agreed to, and are willing to use, encryption. How many websites, services, and other sources of email have an option to encrypt your email to you with your public key? Not many at all.
I've stopped putting my public key on emails I send, because almost no one ever encrypted email to me, unless they were specifically sending something perceived to be sensitive.
Absolutely. Some of the biggest failures in security is lack of ease of use by and large, in addition to ignorance. I think most people are willing to do the proper thing, but they'll actually do it only if it's easy.
Is it reasonable to have different feelings about an automated system than some random person?
The ad-bots at Google aren't known to be very gossipy.
(I don't mean this to be snide. I think this is an instance of a very interesting phenomenon, where we reason about our society as if it were a village.)
The law avoids anthropomorphizing computers. So the "person" here is Google, not the ad-bots. The ad-bots are just tools used by the person who has access to your e-mail.
> If you understand how SMTP works, it's hard to argue that it's a private means of communication.
This is true, and a great point. I often open my neighbors' postal mail using this same excuse. Sometimes you can even read the letters and notices right through the paper envelope!
Postcards are the better analogy for SMTP, not "opening postal mail".
With that said, it's actually a Federal crime to remove mail from someone else's mailbox to obstruct or pry into their business (even for postcards), which would seem to support your overall point.
That's sort of my point, yeah. Think of your mailspool (protected by a password and login, at the very least, and oftentimes encrypted via SSL-IMAP or the like) as your postal mailbox and the analogy I was aiming for makes perfect sense.
Sure, it's easy to snoop emails in-flight, but once it arrives at its destination, it ought to be hands-off.
When will "does not give the option to encrypt all outgoing correspondence with my PGP public key" become as embarrassing for an important website as "doesn't have an SSL cert" or "emails/stores passwords in plaintext"?
Edit: added word "outgoing" for pedant below. ;) Of course it'd be nice to get their public key too if you had to correspond back without going through say their https website.
It'll happen only when PGP isn't just used by .001% [1] of email users.
It needs some really good integration with an email client somewhere, where addresses are picked up from a public key server and automatically encrypted. I'm picturing an iMessage style thing where as you're typing someones email address, the keyserver is getting pinged and the address turns a different color and a lock icon appears by it. Now all your correspondence with that person is encrypted. PGP purists might not like it ("but you're automatically trusting some random key!! The web of trust, the web of trust!") but it would be a step in the right direction.
I think a better solution is identity based encryption, so that the sender can encrypt the message before the receiver has their private key. Senders should have multiple IBE services to choose from, and we should have standards that allow or even require threshold IBE (so that no single party can decrypt all messages). IBE services may fail to take verification seriously, but the sender of a message could simply refuse to use services with a reputation for being lazy or malicious. It might also make sense to create a hybrid system, combining IBE with PGP.
[Edit: it pains me to say this, of course; I am not a fan of systems where some other party or coalition of parties can decrypt messages. However, it would be better than what we have now, and it is closer to the "putting a letter in an envelope" abstraction.]
It then automatically fetches my public key from the URL in that record, checks it matches the fingperint, and then imports it.
For extra goodness, the DNS for "grepular.com" is secured with DNSSEC also.
The technology exists for sharing public keys and using PGP. The major mail providers couldn't care less about providing user interfaces for it though.
Yeah but you still had to generate and publish that key before I could send you an encrypted message. If I need to communicate with someone who has not done so, what I am supposed to do? Nag at them to do it? Try to explain the important of encryption? I have tried it, and I still try, and it is basically not going to work: people generally do not see the point, and they hate the fact that they cannot check their mail from arbitrary systems (smartcards help here, but now you need to get reliable smartcard readers deployed all over the place).
We need a system that lets people encrypt messages without having to wait for the receiver to do anything. That's the point of IBE: your public key is your email address, you get your private key from the service of the sender's choice. The service clearly needs to do something to verify your identity, which is the weakness -- but it is still better than what we do now, and it does not require us to wait for everyone to upgrade their email clients.
Yeah, what you say is true. That would be better than what we have now. Re your comments about smart card readers. You can have smartcard functionality on any machine with a USB port if you use one of these:
I received one a couple of weeks ago and it works great. I also have an OpenPGP v2 smart card, a USB smart card reader, and a reader built into my Thinkpad.
If you want to send someone a message, you have to use their public key. If a message is encrypted with your public key, it can only be decrypted by your own private key.
Yes, he meant if he gives his email out to a website (amazon.com, say) he wants to give them his PGP public key as well so that all correspondence to him will be encrypted through PGP.
I would like this, too. Internet, please get on that.
It wouldn't surprise me if various enforcement agencies viewed encryption as sufficiently suspicious behaviour to arrest/investigate you for some kind of "terrorism" charge anyway.
Is there any evidence that the IRS has ever been able to get access to people's emails without a warrant, or is this entire discussion theoretical? It seems to just be quoting a 2009 handbook recently obtained.
Google won't give your email away without a warrant, and neither will Facebook. So I'm not sure what this means.
But Google and Facebook are not the only two companies that store users' electronic messages (it's not just email, remember, but also direct messages, stored IM chats, etc.)...
Also don't forget about Carnivore/Echelon and their ilk that presumably have the ability to intercept and store basically all email. Then once your email is duplicated in a government database somewhere, it being primarily housed on a Google or FB server is irrelevant.
It's not irrelevant. The 4th amendment is enforced primarily by the exclusionary rule. The fact that Carnivore, Echelon, etc, can get to your e-mail anyway doesn't mean that the government can introduce it as evidence in court. To the extent that the 4th amendment doesn't extend to the stuff you store on Google's, Facebook's, etc, servers, the government can introduce that as evidence against you.
Wait, sorry - I don't quite get that, what am I missing here? The logic I'm hearing:
1. Because your emails are "open" (like a postcard) when being transferred over a network, you do not enjoy an "expectation of privacy" for them
2. Therefore if the government "sees it go by" (like a postcard in the mail), they can read it
3. So if the government plants themselves in the middle of a bunch of networks to "see emails go by" and then stores them in a big database, that should be admissible, no?
It seems like the postcard analogy should hold all the way through, right? Ie the government could photograph all mail going through, store it, and look it up later to use in court if they wanted to.
Sure - the IRS may or may not actually look into those databases it in practice due to national security concerns, etc - it's just that they could. [edit: formatting]
But it does mean they could use your email contents to decide to audit you, then in the course of the audit find information which is permissible in court. I'd be shocked if given the revelation in this article, the IRS doesn't browse the email of some people before auditing them.
Carnivore/Echelon will never be introduced as evidence in court. These are tools of war. When they were hunting Bin Laden, they weren't planning on taking him to court in the end and introducing his emails as evidence against him...
That's precisely why ordinary people don't need to worry about what information is collected by Carnivore/Echelon. The results are too valuable to risk disclosure by introducing them into evidence for prosecuting run of the mill crimes. It's highly unlikely that agencies like the IRS even have access to this information for those reasons.
It's funny how in one breath the government tells us that there is no reasonable expectation of privacy for data on the internet and in another the DMCA says that the act of knowingly breaking any security, no matter how weak, is a serious crime.
This article would be much more concerning if it was titled 'Google claims the IRS can read your email without a warrant.' The IRS can think whatever it pleases about accessing your email, however it still needs your provider to cooperate and turn over your email without a warrant.
Its time Americans realized that their government does whatever the hell it pleases. There are too many secret courts and black op intelligence agencies operating within US borders for a rational citizen to reach any other conclusion.
If the government wants to read your email, it will. If it refrains from reading your email it's only because it doesn't find you interesting enough to go through the hassle of doing so.
This thread is full of hackers eager to apply a technological solution - encryption - to a problem which is better solved legally. Encryption has rather obvious usability problems, such as being fundamentally incompatible with webmail (and remote access in general - even if you use a client that decrypts emails, you can't search without downloading your entire inbox); while it's highly valuable for myriad use cases, I shouldn't have to use it for all my random mail. Yes, email seems fundamentally insecure technically, SMTP servers bouncing messages to other SMTP servers in the clear, but older networks such as physical mail and telephone are even worse and harder to secure, yet I still have an expectation of privacy (even if I use a PO box to store my mail remotely...) because it has been established by law. There is zero reason this shouldn't apply to email.
The problem with email privacy: it's trivial to copy/forward email, but hard to ensure every endpoint is secure. Even if you are running your own MX in your basement, all of your email recipients use Gmail.
The nation-wide precedent is they can access anything older than 180 days without a warrant, which for IRS's purposes is basically anything that would be relevant to a criminal tax prosecution (there is no statute of limitations on willful tax evasion or fraud).
Should we have privacy rights in our e-mails and personal messages? I think so. But the Constitution doesn't protect that, any more than it protects "one's papers" if those papers are left on the premises of a third party.[1] Not everything that is a good idea must be necessitated by the Constitution.
[1] Wikipedia's article on "expectation of privacy" is pretty good: http://en.wikipedia.org/wiki/Expectation_of_privacy ("In general, one cannot have a reasonable expectation of privacy in things held out to the public."). If you understand how SMTP works, it's hard to argue that it's a private means of communication. You send a clear-text message to a publically-accessible service that is empowered to forward the message to other publically-accessible servers if necessary.