I just read something on Slashdot that should be a great big red flag to anyone that has any interest in email privacy at all.
The 11th Circuit court handed down a decision in Rehberg v. Paulk which severely limits how much fourth amendment protection there is for Email. The decision was that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered.
The problem with this is that because of how email works, Just because a copy of the message was delivered to you when your email program downloaded it from the server it doesn’t mean that the copy on the server instantly ceases to exist. This means that the government or any Law Enforcement Agency can just wait until email is delivered and then snag a copy from the server it was delivered from.
If you’d like an in depth look at why this decision is wrong I suggest you have a look at this article. The author goes into the legal nuts and bolts of why the 11th circuit court is wrong.
Regardless of whether it’s ever overturned or not, this case serves as a reminder that even with forth amendment protections, email is NOT very private at all unless you take steps to MAKE it private.
The only real answer to the problem of course is to use encryption. And before you start going with the “If you haven’t got anything to hide then you have nothing to worry about” crap think about this. For the average person (even law abiding people), it’s not a question of having “something to hide” so much as having privacy. Back in the days when everybody used postal mail, if you didn’t want the contents of your message to be read then you would use a security envelope or perhaps even put it into a package that was much more difficult to open.
The same thing applies to email. People send emails every day the contents of which they very much do NOT want to be read by anyone but the intended recipient. Those emails can be literally anything from important business matters about a new secret project to you Aunt Jane’s secret collection of home remedies for acne. The point is that you want them to be read only by the person that you’re sending them to and that anyone else reading them is an invasion of privacy.
This is where encryption comes in. For example if you use Thunderbird as your email program it’s a small thing to get a plugin called Enigmail and a copy of GnuPG, take a few minutes to read some instructions about how to set them up and create a keypair, publish the public part of the key and you’re ready to begin encrypting your email.
Ok, Granted, it’s not much use to encrypt email unless the other party has the same kind of setup but that’s really easy. All of the programs I just mentioned are free and take only minutes to set up.
I have personally been using encryption for years. Even when I don’t encrypt emails I use Enigmail & GnuPG to digitally sign all of my emails so that the recipients can A, verify that it was me that sent it and B, they can tell if the message has been altered in any way.
If you want your email to be private the ONLY way to insure this is to use encryption. I think that it’s long overdue for encryption to come into mainstream use. It’s not hard to do and does something that regular, unencrypted, email can’t do: It guarantees that you have an “Expectation of privacy” because you have taken extra steps to make it clear to anyone looking at the message that you don’t want anyone but the intended recipient to read it.
Technorati Tags: gnupg, forth amendment, privacy, email, encryption, 11th circuit court, enigmail