E-mail privacy suffered a serious setback on Tuesday when a court of appeals ruled that an e-mail provider did not break the law in reading his customers' communications without their consent.
The US First Circuit Court of Appeals (covering large parts of New England) ruled that Bradford C. Councilman was not in violation of wiretap laws when he copied and read customers email so that he could monitor their business transactions with rival Amazon.com.
Councilman, owner of a website selling rare and out-of-print books, offered book-dealer customers e-mail accounts through his site. But unknown to those customers, Councilman installed code that intercepted and copied any e-mail that came to them from his competitor, Amazon.com. Although Councilman did not prevent the mail from reaching recipients, he read thousands of copied messages in order to know what books customers were seeking and gain a commercial advantage over Amazon.
Authorities charged Councilman with violating the Wiretap Act (formally known as the Electronic Communications Privacy Act or ECPA), which governs unauthorized interception of communication. But the court found that because the e-mails were already in the random access memory, or RAM, of the defendant's computer system when he copied them, he did not intercept them while they were in transit over wires and therefore did not violate the ECPA, even though he copied the messages before the intended recipients read them. The court ruled that the messages were in storage rather than transit.
However, the court did acknowledge that the Wiretap act might be inadequate to protect consumers privacy over the Internet. In spite of all the criticism being levelled at them, the decision could have been correct; the court was merely interpreting this law, and not legislating, as American courts too often do. (Roe v. Wade, anyone?) The judge, in his decision (PDF) appears to rely on the distinction between electronic and wire communications. Quoting from the ECPA:
"wire communication" means any aural transfer made in whole or in part through the use of facilities for the
transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station)... and such term includes any electronic storage of such communication
"electronic communication" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce...
"electronic storage" means--
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication;
Note the absence of the phrase "electronic storage" from the definition of "electronic communication", even though it is included in the definition of "wire communication." The judge cites precedents which uphold the principle that
"When Congress includes a particular language in one section of a statute but omits it in another section of the same Act, it is generally presumed that Congress acts intentionally and purposely in the the disparate inclusion or exclusion."As RAM most definitely is electronic storage, he appears to have interpreted the law correctly.
It seems that the judge sympathises with the authorities, but believes that a strict interpretation of the law compels him to acquit the defendant. In order that this miscarriage of justice is not repeated, they believe that the ECPA should be revised. To that extent, I agree. If this is what the law says, then (quoting Mr. Bumble) "the law is an ass" and we need a new law. The implications for online privacy are stunning. Any email you send over the net can now be legitimately read by your ISP and/or email service provider, and they can freely use the data however they see fit. I can't even begin to describe the consequences! Compared to this, the automated parsing of email by Gmail is entirely innocuous. The ECPA should be modified immediately. Posters on Slashdot have a brilliant solution: Gillbates writes "I feel like starting an ISP and offering free email accounts to congressmen, judges, FBI agents, etc... The time difference between an embarrassing email leak and legislation outlawing reading another's email is left as an exercise for the reader...."