<<< Date Index >>>     <<< Thread Index >>>

[IP] more on more on E-mail intercept ruling - good grief!!




Stew is a former Council for NSA djf

Begin forwarded message:

From: "sbaker@xxxxxxxxxxx" <sbaker@xxxxxxxxxxx>
Date: July 2, 2004 9:55:17 AM EDT
To: "'dave@xxxxxxxxxx'" <dave@xxxxxxxxxx>
Cc: "Albertazzie, Sally" <SAlbertazzie@xxxxxxxxxxx>
Subject: RE: [IP] more on more on E-mail intercept ruling - good grief!!

Dave,

There's been a real overreaction to Councilman. Meanwhile, we're missing a
more important problem with the law of electronic communications.

Broadly speaking, federal law recognizes three levels of protection for
electronic communications -- real-time intercepts are treated as wiretaps
and get the highest level of protection, stored communications get
intermediate protection, and traffic data (who you sent messages to, how big the files were, etc.). The top tier of protection is ferocious, requiring extensive judicial oversight of the law enforcement intercept and providing criminal penalties for private taps. The bottom tier is not protected very
well at all (in fact, there are several categories at the bottom with
varying levels of protection that I'm skipping over).  In the middle are
stored communications, which are pretty well protected; they can't be
obtained without a search warrant, for example, and it's a crime to access
them without authority.

When stored communications were first put on this intermediate step, the
category was intended to be quite small -- it covered only communications stored as an "incident to" the transmission. The most obvious category is email stored in a Hotmail account before the recipient has read it. But the
courts have found this narrow definition to be a weird and unsatisfying
reading of the words "stored communications," and they've begun to stretch
the category into something that more closely resembles what most people
would consider "stored" communications. The result has been both to push some communications off the top tier and into the middle tier and to pull a vast amount of material out of the bottom tier and up to the middle tier.
Thus, in the Ninth Circuit's Theofel case, if you read an email in your
Hotmail account, then leave it stored in your mailbox, that read email is still treated as a stored communication, even though it really isn't stored
"incident to transmission" any more.  In short, "already read" email now
can't be obtained except with a search warrant and they are protected by the
criminal sanctions on unauthorized access.

The Councilman decision of course expands the category of stored
communication from the other direction, moving in-transit storage from the top tier to the middle tier. Frankly, of the two, by far the more important decision is the Ninth Circuit case (called Theofel). It vastly increased
the quantity of heavily protected personal information compared to the
modest, cheese-paring change made by Councilman. Somehow, though, I don't
remember a big flap about how the Theofel case misunderstood the law or
improperly allowed changing technology to move information from a largely
unprotected to a heavily protected category.

Understanding these distinctions should help address Peter Swire's concern.
Even if VOIP intercepts could be conducted by digging content out of
intermediate in-transit storage, and even if the Councilman case makes that
legal (there's a big distinction between how a vague criminal statute is
construed and how a vague intercept authority would be construed), law
enforcement would still be required to get a search warrant to perform the intercept. Since, at its most aggressive, the 4th amendment only requires that law enforcement get a warrant for a search, it would be hard to find a
constitutional objection to intercepts conducted with a warrant.

Maybe Congress should look again at both Theofel and Councilman to decide
whether we want a technical, narrow approach to protecting stored
communications or a broad, more common-sense reading of that term, but that
doesn't strike me as particularly urgent; indeed, from a policy point of
view, I think the courts may have got this about right -- in both
directions.

Internet civil libertarians would be wiser to focus on a more substantial problem distorting Net architecture -- the extraordinarily low protection given to traffic data on the bottom rung. It's so easy to get traffic data today that law enforcement has begun distorting CALEA, which was meant to protect law enforcement's intercept capability, into a mechanism to protect
law enforcement access to cheap, abundant traffic data.  In short, the
government is so in love with the data on the bottom rung that it's forcing
hardware, software, and Internet service providers to recentralize the
Internet in order to generate and make that data more readily available.
Giving more protection to the bottom rung would probably increase privacy
and diminish the Justice Department's enthusiasm for rewiring the Net.

Stewart Baker


-----Original Message-----
From: David Farber [mailto:dave@xxxxxxxxxx]
Sent: Friday, July 02, 2004 9:07 AM
To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on more on E-mail intercept ruling - good grief!!




Begin forwarded message:

From: Peter Swire <peter@xxxxxxxxxxxxxx>
Date: July 1, 2004 2:52:11 PM EDT
To: dave@xxxxxxxxxx
Subject: RE: [IP] more on E-mail intercept ruling - good grief!!
Reply-To: peter@xxxxxxxxxxxxxx

Dave:

        On VOIP interception, there is a statutory and a constitutional
issue.

        The statutory issue is whether VOIP is a "wire" communication (like
a phone call) or an "electronic" communication (like an e-mail or web
communication). The Councilman court said that "wire" communications are
considered "intercepted" even if they are in temporary storage. The key
holding of the case was that "electronic" communications are not
"intercepted" if the wiretap takes place while the communication is in
temporary storage.

        "Wire communication" is defined as "any aural transfer made in whole
or in part through the use of facilities for the transmission of
communications by the aid of wire, cable or other like connection between the point of origin and the point of reception." I do not know whether a
court has ruled on whether VOIP counts as a "wire communication."  Quick
research just now suggests we don't have a case on that yet.  I can see
arguments either way, based in part on whether a packet-switched
communication counts as "aural."

        Under Councilman, if VOIP is an "electronic communication", then the
provider therefore could intercept the VOIP calls for the provider's own use without it counting as an "interception." Providers already can intercept communications with user consent or to protect the system, but this would be
blanket permission to intercept communications.

        The constitutional question is whether users have a "reasonable
expectation of privacy" in VOIP phone calls. Since the 1960's, the Supreme
Court has found a 4th Amendment protection for voice phone calls.
Meanwhile, it has found no constitutional protection for stored records. In an article coming out shortly from the Michigan Law Review, I show why VOIP
calls quite possibly will be found NOT to have constitutional protection
under the 4th Amendment. It would then be up to Congress to fix this, or else have the Supreme Court change its doctrine to provide more protections
against future wiretaps.  Article at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=490623 .

        Peter

        
Prof. Peter P. Swire
Moritz College of Law, Ohio State University
John Glenn Scholar in Public Policy Research
(240) 994-4142, www.peterswire.net


-----Original Message-----
From: owner-ip@xxxxxxxxxxxxxx [mailto:owner-ip@xxxxxxxxxxxxxx] On Behalf Of
David Farber
Sent: Thursday, July 01, 2004 12:12 PM
To: Ip
Subject: [IP] more on E-mail intercept ruling - good grief!!




Begin forwarded message:

From: Ed Belove <ed@xxxxxxxxxx>
Date: July 1, 2004 12:50:19 PM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] E-mail intercept ruling - good grief!!


But Councilman argued that no violation of the Wiretap Act had occurred
because the e-mails were copied while in "electronic storage" -- the
messages were in the process of being routed through a network of servers to
recipients.

A scary thought: does this mean that VOIP packets can be copied from routers
(by ISPs or anyone else) while they are "stored"?


-------------------------------------
You are subscribed as peter@xxxxxxxxxxxxxx
To manage your subscription, go to
   http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

-------------------------------------
You are subscribed as SBaker@xxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/