Court says it's okay to snoop email

In a troubling ruling, the 1st U.S. Court of Circuit Appeals has said it is okay to read other people's email while it is "stored" on a server. Yahoo! News reports on the legal case of Interloc, a company that read the email of its subscribers to find out what Amazon.com was sending to them, and why.

The ruling seems to rely on hairsplitting, rather than commonsense. Wiretapping of "live" communications has always been subject to rigorous oversight, but email is not "live" in the same sense that a phone conversation is. An email messages transits through several servers, and is stored, sometimes for long periods of time, on the email server used by a particular user. The courts are taking the view that it is okay to read the email while it is stored on a third party machine.

It is as if the court said it was okay to open and read a piece of mail while it is in the mailbox down the street from your house.

It is hard to understand how the judges could so easily trample what seems obvious--email is and should be considered private, and both commercial companies and law enforcement officers should be constrained from reading email without strict oversight.

Fortunately, there is a perfectly good solution to the conundrum--encryption. We have the tools today to encrypt email using public key encryption, and this ruling will hasten more widespread use of encryption for routine communications. Done properly, encryption of email can be nearly transparent, but will be very effective as a deterrent to casual snooping of the kind done by Interloc. Encryption is the equivalent of putting our email in a tamper-resistant envelope; it keeps most people out. Is it perfect? No--but then neither are envelopes, but we've used them for centuries without much fuss or worry.

Unfortunately, part of the problem here is the lack of interest in improving email clients. Most email clients are given away free, so there is little incentive to improve them or to make features like encryption easy to use. But it's a business issue for the private sector, and as the bigger companies demand it, easy to use encryption will spread.

In the meantime, it would be a good idea to check your email settings to make sure you don't leave mail on your server, where it can now, apparently, be read by anyone with server access. Google's Gmail has been attracting a lot of attention because it offers a gigabyte of server-based mail storage for free. But I've already written about my concerns there--Google admits they insert ads into your email by reading the contents. And now, Google has free reign to read all your mail stored on its servers, any time it likes. Analyzing that information and selling it is, in all probablility, not far behind.

Welcome to the Knowledge Democracy, whether you like it or not.

Technology News: