RealTime IT News

ISPs Can Check E-Mail

Backed by the clear, though perhaps out-of-date, language of the Wiretap Act, e-mail providers have the right to read and copy the inbound e-mail of their clients, a federal appeals court ruled Wednesday. The decision sparked howls of protest from privacy advocates, despite immediate assurances from some of the nation's largest ISPs that they would never engage in such practices.

The U.S. Court of Appeals for the 1st Circuit in Boston voted 2-1 Wednesday to uphold the dismissal of a 2001 indictment against Branford C. Councilman, the vice president of now-defunct Interloc Inc., a rare and out-of-print books site.

The U.S. district attorney for Massachusetts charged Councilman, who maintained an e-mail service for his clients, with illegal wiretapping for making copies of e-mail sent to his clients from Amazon.com. The district attorney claimed Councilman copied the e-mail to gain a competitive advantage.

But Councilman's attorneys argued his actions were within the legal limits, because he did not intercept the messages in transit. E-mail, often only momentarily, is routed through servers. The U.S. District Court for Massachusetts ultimately ruled that counted as storage and dismissed the indictment.

Yesterday's decision echoed that ruling in voting to uphold the indictment dismissal, saying e-mail does not enjoy the same eavesdropping protections as telephone conversations, because it is stored on servers before being routed to recipients.

Samantha Martin of the Massachusetts district attorney's office said, "We are still in the process of reviewing that decision and weighing our options on what steps to take next."

The two-judge majority deferred to the language of the Wiretap Act, noting it prohibits the unauthorized interception and storage of "wire communications," but only makes reference to the interception of "electronic communications."

"The Wiretap Act's purpose was, and continues to be, to protect the privacy of communications. We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than wire and oral communications," Appeals Court Judge Juan R. Torruella wrote. "Moreover, at this juncture, much of the protection may have been eviscerated by the realities of modern technology."

"We observe, as most courts have, that the language may be out of step with the technological realities of computer crimes," Torruella wrote. "However, it is not the province of this court to graft meaning onto the statute where Congress has spoken plainly."

In his dissenting opinion, Appeals Court Judge Kermit V. Lipez said there is no distinction between the electronic transmission and storage of e-mail.

"All digital transmissions must be stored in RAM or on hard drives while they are being processed by computers during transmission," Lipez wrote. "Every computer that forwards the packets that comprise an e-mail message must store those packets in memory while it reads their addresses, and every digital switch that makes up the telecommunications network through which the packets travel between computers must also store the packets while they are being routed across the network."

Lipez concluded: "Since this type of storage is a fundamental part of the transmission process, attempting to separate all storage from transmission makes no sense."

America Online, EarthLink and Yahoo , three of the country's largest ISPs, all have privacy policies prohibiting them from reading customer e-mail, except in the case of a court order.

"Consistent with Yahoo's terms of service and privacy policy, we do not monitor user communications," said Yahoo spokeswoman Mary Osako said.

Also jumping to the ISP defense was EarthLink spokeswoman Carla Shaw.

"EarthLink has a long history of protecting customer privacy, and that protection extends to e-mail," she said. "We don't retain copies of customer e-mail, and we don't read customer e-mail."

But this does little to alleviate the concerns of folks like Kevin Bankston, an attorney for the online privacy group Electronic Frontier Foundation.

"By interpreting the Wiretap Act's protections very narrowly," Bankston said in a statement, "this court has effectively given Internet communications providers free reign to invade the privacy of their users for any reason and at any time."

Bankston added that the law "has failed to adapt to the realities of Internet communications and must be updated to protect online privacy."