News, Developments, and Insights

Privacy of Email - Councilman

In United States v. Councilman, a 1st Circuit panel held that email intercepted contemporaneously with its transmission did not fall under the protections of the Wiretap Act.  The case went en banc and an opinion has yet to issue.  Orin Kerr at the VC just wrote a post about recent developments about the issue.   He writes:

Congress has introduced a number of statutory amendments to try to settle the matter. The best was introduced on April 28: Senator Leahy introduced S. 936, the E-Mail Privacy Act of 2005, which is a very short and sweet solution. The Leahy bill adds just a few words to the definition of “intercept” under the Wiretap Act to make its already implicit temporal scope textually explicit. It’s an elegant and correct amendment.

Orin is correct that this does fix the Councilman problem, but I think that many important issues are being lost in the debate.  Even if the Councilman problem is fixed, this still leaves open tremendously important issues about how email should be protected by electronic surveillance law.

To understand the issues, consider these scenarios:

1. An email is intercepted contemporaneously as it is being transmitted.  This is Councilman.  Orin is correct that the panel was wrong; this should be covered by the Wiretap Act that governs intercepting communications contemporaneously with their transmission.

2. An email is accessed while residing at an ISP server, not contemporaneously with transmission, but prior to the recipient downloading the email.  This is covered under the less stringent protections of the Stored Communications Act.  Should there be a difference?  Why should it matter whether the email was obtained contemporaneously or while stored but unread?  In this respect, email will generally get less protection than telephone calls.   Obtaining the contents of a phone call is done by a contemporaneous interception.  But email communications are often stored for periods of time; their contents can be obtained non-contemporaneously.  This means that email will in many instances get less protection under federal electronic surveillance law than a phone call.   I believe that the contents of an email should be protected just as much as the contents of a phone call.

3. A person’s webmail account containing the emails they have read and have sent are accessed.  According to the DOJ interpretation, once an email has been read, it is no longer even a stored communication.  Since it is not accessed contemporaneously with transmission, there is no violation of the Wiretap Act.  And there’s no protection under the Stored Communications Act since it falls outside of the definition of stored communication.  The problem is that many people are increasingly using webmail, which has large storage capabilities, and are storing all of their outgoing and incoming emails.  I believe that it is a huge problem that all of this falls outside the scope of electronic surveillance law.

These are just a few of the big issues facing email.  Councilman is one issue, but I believe that the other issues warrant significant attention, and I hope with that all the attention on Councilman, Congress does not lose sight of these other problems.  I discuss many of these problems in my article, Reconstructing Electronic Surveillance Law.  Orin Kerr’s articles on the Stored Communications Act and on the problems of a lack of an exclusionary remedy under ECPA are also definitely worth reading.

Originally posted at PrawfsBlawg


* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
LinkedIn Influencer blog

TeachPrivacy Ad Privacy Training Security Training 01