Email privacy

From Infogalactic: the planetary knowledge core
(Redirected from E-mail privacy)
Jump to: navigation, search

Email privacy is the broad topic dealing with issues of unauthorized access and inspection of electronic mail. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user computer. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters and get legal protection from all forms of eavesdropping comes under question because of the very nature of email. This is especially important as more and more communication occurs via email compared to postal mail.

Email has to go through potentially untrusted intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to tell if it was accessed by an unauthorized entity. This is different from a letter sealed in an envelope, where by close inspection of the envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a postcard whose contents are visible to everyone who handles it.

There are certain technological workarounds that make unauthorized access to email hard, if not impossible. However, since email messages frequently cross nation boundaries, and different countries have different rules and regulations governing who can access an email, email privacy is a complicated issue.

Technological workarounds

There are some technical workarounds to ensure better privacy of email communication. Although it is possible to secure the content of the communication, protecting the metadata of (who sent email to whom) is fundamentally hard.[1] Even though certain technological measures exist, the widespread adoption is another issue because of reduced usability.

Encryption

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

A significant fraction of email communication is still unencrypted. In general, encryption provides protection against malicious entities. However, a court order might force the responsible parties to hand over decryption keys; a notable example is Lavabit.[citation needed] Encryption can be performed at different levels, resulting in significantly different consequences.

Transport level encryption

With the original design of email protocol, the communication between email servers was plain text, which posed a huge security risk. Over the years, various mechanisms have been proposed to encrypt the communication between email servers. One of the most commonly used extension is STARTTLS. It is a TLS (SSL) layer over the plaintext communication, allowing email servers to upgrade their plaintext communication to encrypted communication. Assuming that the email servers on both the sender and the recipient side support encrypted communication, an eavesdropper snooping on the communication between the mail servers can not see the email contents. Similar extensions exist for the communication between an email client and the email server.

End to end encryption

In end-to-end encryption, the data is encrypted and decrypted only at the end points. In other words, an email sent with end-to-end encryption would be encrypted at the source, unreadable to service providers like Gmail in transit, and then decrypted at its endpoint. Crucially, the email would only be decrypted for the end user on their computer and would remain in encrypted, unreadable form to an email service like Gmail, which wouldn’t have the keys available to decrypt it.[2]

OpenPGP is a data encryption standard that allows end-users to encrypt the email contents. There are various software and email-client plugins (FireGPG, Enigmail, GPGMail, etc.) that allow users to encrypt the message using the recipient's public key before sending it. At its core, OpenPGP uses a Public Key Cryptography scheme where each email address is associated with a public/private key pair.

OpenPGP provides a way for the end users to encrypt the email without any support from the server and be sure that only the intended recipient can read it. However, there are usability issues with OpenPGP — it requires users to set up public/private key pairs and make the public keys available widely. Also, it protects only the content of the email, and not metadata — an untrusted party can still observe who sent an email to whom. A general downside of end to end encryption schemes—where the server does not have decryption keys—is that it makes server side search almost impossible, thus impacting usability.

Architectural impact

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

The architecture of the system also affects the privacy guarantees and potential venues for information leakage. Traditional email protocol was designed for email clients — programs that periodically downloads email from a server and store it on the user's computer. However, in recent years, webmail usage has increased given the simplicity of usage and no need for the end users to install a program. Secure messaging is in use where an entity (hospitals, banks, etc.) wishes to control the dissemination of sensitive information. In case of secure messaging, the user is notified of a new message using some mechanism, and the user can log on to a website operated by such entity to read the message.

Both in case of secure messaging and webmail, all email data is stored on the email provider's servers and thus subject to unauthorized access, or access by government agencies. However, in case of email clients, it is possible to configure the client such that the client downloads a copy of the message as it arrives, which is deleted from the server. Although there is no way to guarantee whether a server has deleted the copy of email, it still provides protection against situations where a benign email server operator is served with a court order.

Other workarounds

Although encryption provides for a way to protect the contents of the metadata, it still fails to protect the metadata. Theoretically, mix networks can be used to protect the anonymity of communication (who contacted whom).

Another workaround that has been used [3] is to save a message as a draft in a webmail system, and share the webmail login credentials with an intended recipient. As an example of dead drop, this method defeats any kind of monitoring based on the actual email sent. However, this method infamously failed to protect the privacy of the participants in the Petraeus scandal; after coming under investigation for unrelated activities, communication between the parties was accessed by the FBI.[4][5]

Legal standing

United States

Constitutional protection

Protection under the United States constitution

The Fourth Amendment of the US constitution provides that “[T]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” This Amendment guarantees the privacy, dignity, and security of persons against certain arbitrary and invasive acts by officers of the government or those acting at their direction. Fourth amendment is often envied to protect the privacy rights against government activities.

In case of employer emails, although the words “the people” may appear to be broad and to include any employee, this amendment (or any other part of the United States constitution) has not been interpreted to protect the privacy interest of private- sector employees. Usually public-sector employees of federal, state, and local governments have privacy protection under the United States Constitution.

The protection under the fourth Amendment is not unlimited. For example, in O'Connor v. Ortega, the officials at a State Hospital, after placing Dr. Magno Ortega on administrative leave pending an investigation into possible workplace improprieties, searched his office.[6] Dr. Ortega filed an action against the hospital alleging that the search violated his Fourth Amendment rights. The district court found that the search was proper while on appeal the circuit court found that the search did violate Dr. Ortega’s Fourth Amendment rights. The Supreme Court disagreed with both the lower courts. The Courts's decision was based on consideration of two factors (i) whether Dr. Ortega had a reasonable expectation of privacy, and (ii) whether the search of Dr. Ortega's office was reasonable. The Court held that because Dr. Ortega had a private office, he had a reasonable expectation of privacy. But, the Court also found the search of his office to be reasonable because it was work-related. The government’s need to ensure efficient operation of the workplace outweighs an employee’s expectation of privacy, even if the privacy expectation is reasonable. Since work environments vary, a public-sector employee’s expectation of privacy must be determined on a case-by-case basis. Factors the Court considered included (i) notice to employees, (ii) exclusive possession by an employee of keys to a desk or file cabinet, (iii) the government’s need for access to documents, and (iv) the government’s need to protect records and property.

In view of the Ortega decision, the extent of constitutional protection with respect to emails is unclear. Unlike a locked desk or file cabinet, emails are not locked. The employer has access to all messages on the system. Thus, it may be argued that with respect to email, the public-sector employee’s legitimate expectations of privacy are diminished.

In some cases the US constitutional protection can also extend to private-sector employees. This is possible when a private-sector employee can demonstrate "involved sufficient government action."[7]

Protection under state constitutions

State constitutions in at least 10 states (Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina and Washington) grant individuals an explicit right to privacy. The privacy protections afforded by some of these states mirrors the Fourth Amendment of the U.S. Constitution but often add more specific references to privacy. Further, general constitutional provisions in other states have also been interpreted by courts to have established privacy rights of various types. Like the rights under the US constitution, the privacy rights under the state constitution also usually extend to protection from the actions of state governments, not private organizations.

In 1972, California amended Article I, Section 1 of its state constitution to include privacy protections.[8] A California appellate court then held that the state’s right of privacy applied to both public and private sector interests.[9] Further in Soroka v. Dayton Hudson Corp., the California Court of Appeals reaffirmed this view and held that an employer may not invade the privacy of its employees absent a "compelling interest".[10]

In August 2014, Missouri became the first state to provide explicit constitutional (art. I, § 15) protection from unreasonable searches and seizures for electronic communications or data, such as that found on cell phones and other electronic devices.[11]

Statutory protection

Federal statutes

The real-time interception of contents of electronic communication is prohibited under the wiretap act,[12] while the Pen Register Act [12] provides protection for the interception of the non-content part of the electronic communication. The "From" and "To" fields along with the IP address of the sender/receiver have been considered as non-content information,[13] while the subject has been considered as the content.[14] Once the email is stored on a computer (email server/user computer), it is protected from unauthorized access under the Stored Communications Act (Title II of Electronic Communications Privacy Act).[15]

After 180 days in the U.S., email messages stored on a third party server lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record.[12][16] After this time has passed, a government agency needs only a subpoena—instead of a warrant—in order to access email from a provider. However, if the emails are stored on a user's personal computer instead of a server, then that would require the police to still obtain a warrant first to seize the contents. This has been criticized to be an obsolete law; at the time this law was written, infinite storage at webmail servers was not available. In 2013 members of the U.S. Congress proposed to reform this procedure.[17]

There is, however, an important exception to these laws: provider exception.[12] Under the provider exception, these laws do not apply to "the person or entity providing a wire or electronic communications service.".[18] This exception, for example, allows various free email providers (Gmail, Yahoo Mail, etc.) to process user emails to display contextual advertising.

Another implication of the provider exception is access by employers. Email sent by employees through their employer's equipment has no expectation of privacy; the employer may monitor all communications through their equipment.[citation needed] According to a 2005 survey by the American Management Association, about 55% of US employers monitor and read their employees' email.[19] Even attorney–client privilege is not guaranteed through an employer's email system; US Courts have rendered contradictory verdicts on this issue.[20] Generally speaking, the factors courts use to determine whether companies can monitor and read personal emails in the workplace include: (i) the use of a company email account versus a personal email account and (ii) the presence of a clear company policy notifying employees that they should have no expectation of privacy when sending or reading emails at work, using company equipment, or when accessing personal accounts at work or on work equipment.[21]

State statutes

Privacy protections of electronic communications vary from state to state. Most states address these issues through either wiretapping legislation or electronic monitoring legislation or both.[22]

Unlike, the EPCA most state statutes do not explicitly cover email communications. In these states a plaintiff may argue that the courts should interpret these statues to extend protection to email communications. A plaintiff can argue that the wiretapping statutes reflect the general intent of the legislature to protect the privacy of all communications that travel across the telephone line (including emails). Further, the plaintiff may argue that email communications may be analogized to telegraphic communications, that are explicitly protected under most state statute.[22]

Generally, such efforts are not effective in protecting email privacy. For example, in Shoars vs. Epson America, Inc. case (Cal. Sup. Ct. filed July 30, 1990) a California superior court refused to find employee email privacy protection in California’s criminal. California Penal Code Section 631 prohibits wire-tapping without the consent of all parties involved, adding that a person may not “read or attempt to read, learn the contents or meaning of any message, report, or communication while the same is in tran- sit or passing over any such wire, line, or cable, or is being sent from, or received at any place within the state.”[23] The court dismissed the lawsuit, ruling that Section 631 did not apply since the legislation did not specifically refer to email communication.

State common law protection

The protection of email privacy under the state common law is evolving through state court decisions. Under the common law the email privacy is protected under the tort of invasion of privacy and the causes of action related to this tort.[22] Four distinct torts protect the right of privacy. These are (i) unreasonable intrusion upon the seclusion of another, (ii) misappropriation of others name and likeliness; (iii) unreasonable publicity given to another's private life and (iv) publicity that unreasonable places another in a false light before the public. Of these the tort of "unreasonable intrusion upon the seclusion of another" is most relevant to the protection email privacy.[22]

European Union

The fifty-five article long Charter of Fundamental Rights of the European Union grants certain fundamental rights such as "right to be left alone" and "respect for private life" to both the European Union citizens and the residents.[24] According to article 7 of the charter, everyone has the right to respect for his or her private and family life, home, and communications. The charter came into full legal effect when Lisbon Treaty was signed on December 1, 2009.

The individual member states can not enforce contradictory local laws to what they have already agreed upon as a European Union member. This was established in Costa v ENEL that the European Union law is placed above the laws of its individual member states.

Email privacy concerns (US)

Email at work

Most employers make employees sign an agreement that grants them right to monitor their email and computer usage. Signing this agreement normally deprives an employee of any reasonable expectation of privacy which means that employer can rightly search through employee emails. Even without an agreement, courts have rarely found that the employee had a reasonable expectation of privacy to his or her email at work for a variety of reasons. For example, one court held that emails used in a business context are simply a part of the office environment, the same as a fax or copy machine, in which you don't have a reasonable expectation of privacy. Another court found that by corresponding with other people at work, work email was inherently work-related, and thus there could be no reasonable expectation of privacy. Employers usually do not have very many obstacles preventing them from searching the employee emails. Employees are sending communications from their equipment that could affect their business. This is usually a sufficient justification to search through employee emails. Employees are supposed to be working, and monitoring email at work is one way to ensure that employees are using work email appropriately. Further, workplace harassment lawsuits are prevalent, and one way for them to protect themselves from liability is to monitor and prevent any harassment in the first place. Many employers run software that searches for offensives words and highlights problematic emails. The other main concern with liability is that old emails may be used against the employer years down the road in a lawsuit. So the employers need to impose an established and reasonable practice of screening and purging its emails.[25]

Government employees and email

Government employees have further reduced privacy than the private sector employees. Under various public records acts and the Freedom of Information Act (FOIA), the public can gain access to almost anything a government employee writes down. Also, due to the nature of their job, courts are typically unwilling to find that government employees had a reasonable right to privacy in the first place.[25]

Email from home/personal accounts

Unlike the work emails, personal email from one's personal email account and computer is more likely to be protected as there us a much more reasonable expectation of privacy. But even personal emails may not be fully protected. Because emails are stored locally, at the ISP, and on the receiving end, there are multiple points that hackers or law enforcement can gain access to them. While it may be difficult for law enforcement to legally gain access to one’s personal computer and local copies of saved in one’s personal computer, they may be able to get them easily from the ISP. ISPs are also increasingly creating End User Service Agreements that users must agree to abide by. These agreements reduce any expectation of privacy, and often include terms that grant the ISP the right to monitor the network traffic or turn over records at the request of a government agency.[25]

Global surveillance

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

From the documents leaked by ex-NSA contractor Edward Snowden, it became well known that various governments have been running programs to tap all kinds of communication at massive scales, including email. While the legality of this is still under question, it is certainly clear that the email of citizens with no ties to a terrorist organization have been intercepted and stored. Whistleblower and former National Security Agency (NSA) employee William Binney has reported that the NSA has collected over 20 trillion communications via interception,[26] including many email communications, representing one aspect of the NSA warrantless surveillance controversy.

A lawsuit filed by the American Civil Liberties Union and other organizations alleges that Verizon illegally gave the U.S. government unrestricted access to its entire internet traffic without a warrant and that AT&T had a similar arrangement with the National Security Agency.[27] While the FBI and NSA maintain that all their activities were and are legal, Congress passed the FISA Amendments Act of 2008 (FAA) granting AT&T and Verizon immunity from prosecution.[28]

See also

References

  1. Mattingly, Phil. "Why Email Can't Be Protected From Government Surveillance", MakeUseOf, 21 August 2013. Retrieved on 2 April 2015.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Kaplan, Eben. "Terrorists and the Internet", Council on Foreign Relations, 8 January 2009. Retrieved on 2 April 2015.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. 12.0 12.1 12.2 12.3 18 U.S.C. § 2510-2522 Cite error: Invalid <ref> tag; name "statute" defined multiple times with different content Cite error: Invalid <ref> tag; name "statute" defined multiple times with different content Cite error: Invalid <ref> tag; name "statute" defined multiple times with different content
  13. United States v. Forrester, 495 F.3d 1041 (9th Circuit 2007).
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Erin Fuchs, "No One Is Talking About The Insane Law That Lets Authorities Read Any Email Over 180 Days Old", Business Insider, 7 June 2013.
  17. Andrea Peterson, "Privacy Protections for Cloud E-mail", Think Progress, March 20, 2013.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. 22.0 22.1 22.2 22.3 Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. 25.0 25.1 25.2 Lua error in package.lua at line 80: module 'strict' not found.
  26. Lua error in package.lua at line 80: module 'strict' not found.
  27. Lua error in package.lua at line 80: module 'strict' not found.
  28. Lua error in package.lua at line 80: module 'strict' not found.

External links