You've Got Mail (and AOL Can Read It)

Information Management Journal, Sep/Oct 2004 by Swartz, Nikki

In an online eavesdropping case with profound implications for electronic communications, a federal appeals court ruled that a company that provides e-mail service can copy and read its subscribers' messages.

The ruling stems from a nowdefunct online literary clearinghouse, Interloc Inc., which made copies of clients' e-mails in 1998 so it could peruse messages sent to them from rival Amazon.com, An Interloc executive was subsequently indicted on an illegal wiretapping charge.

In a 2-to-1 decision, the Bostonbased appeals court upheld a federal judge's dismissal last year of a wiretapping charge against Branford C. Councilman, former Interloc vice president. According to the indictment, Councilman directed employees to write computer code to intercept and copy all incoming e-mails from Amazon.com to Interlock subscribers, who were dealers seeking buyers for rare and out-of-print books. The government alleged Interloc tried to develop a list of books, learn about competitors, and attain a commercial advantage. Councilman argued that no violation of the Wiretap Act had occurred because the e-mails were copied while in electronic storage (the messages were in the process of being routed through a network of servers to recipients). The wiretapping law protects eavesdropping on any "wire, oral, or electronic communication" that is not stored - such as an unrecorded phone conversation - but does not afford the same legal protections to stored messages. The wiretap law makes it a crime to intercept messages, but the court ruled that it did not apply because there had been no actual interception.

The court ruled that because e-mail is stored, even momentarily, in computers before being routed to recipients, it is not subject to laws that apply to eavesdropping of telephone calls, which are continuously in transit. As a result, the court majority agreed that companies or employers who own the computers are free to intercept messages before they are received by customers.

Privacy advocates, however, say e-mail should enjoy the same protections as telephone conversations or letters sorted by mail carriers and fear that the ruling could expand e-mail monitoring by businesses and the government. An advocacy group said the decision opens the door to further interpretations of the federal Wiretap Act that could erode personal privacy rights and put all electronic communications in jeopardy.

The New York Times said the court's "analysis was predicated on the bizarre notion that our e-mail notes are not in transit once we send them, but in storage with an intermediary ... The same logic would suggest that the postal service can read your letters while they are in 'storage.'" A spokesman for the U.S. attorney's office in Boston told the Times that the department had not yet decided whether to appeal the court's decision.

Large e-mail providers such as America Online and Microsoft Corp. have policies governing their terms of service that generally state that they do not read customers' mail or disclose personal information unless required by law enforcement agencies. Based on the court's ruling, however, law enforcement officials would need only a search warrant to gain access to e-mail before it reaches its recipient, instead of a harder-to-obtain wiretap order.

According to the Times, a 1986 law, the Stored Communications Act, grants significant protection to e-mail messages, but does not go as far as the wiretap law: it lets prosecutors access stored messages with a search warrant, while imposing stricter requirements on parties in civil suits.

In a San Francisco case, Theofel vs. Farey-Jones, a small Internet provider responded to a subpoena by giving a lawyer copies of 339 e-mail messages received by two of its customers. The customers claimed the subpoena was so broad it violated the wiretap and stored communication laws. A district court agreed the subpoenas were too broad but ruled they were within the law.

The plaintiffs appealed, and the Justice Department filed a court brief arguing that the Stored Communications Act should not apply. The appeals court ruled that e-mail stored on an Internet provider's computer server is indeed covered by the Stored Communications Act, even after it has been read. The court noted that the act refers both to messages before they are delivered and to backup copies kept by the provider.

According to the Times, while the Councilman ruling would limit the applicability of wiretap laws to e-mail, it appears to apply to a small number of potential cases. The Theofel decision, however, by defining more e-mail as "stored communications," could have a greater effect on privacy if other U.S. courts follow that ruling.