Thursday, July 01, 2004

Much Ado About Nothing

Reason's Hit & Run blog is currently carrying a post about the recent ruling by Massachusetts' First Court of Appeals which essentially gives carte blanche to ISPs to read the email messages of their employees. To quote the Wired article:

E-mail privacy suffered a serious setback on Tuesday when a court of appeals ruled that an e-mail provider did not break the law in reading his customers' communications without their consent.

The First Court of Appeals in Massachusetts ruled that Bradford C. Councilman did not violate criminal wiretap laws when he surreptitiously copied and read the mail of his customers in order to monitor their transactions.


Councilman, owner of a website selling rare and out-of-print books, offered book dealer customers e-mail accounts through his site. But unknown to those customers, Councilman installed code that intercepted and copied any e-mail that came to them from his competitor, Although Councilman did not prevent the mail from reaching recipients, he read thousands of copied messages in order to know what books customers were seeking and gain a commercial advantage over Amazon.

Authorities charged Councilman with violating the Wiretap Act, which governs unauthorized interception of communication. But the court found that because the e-mails were already in the random access memory, or RAM, of the defendant's computer system when he copied them, he did not intercept them while they were in transit over wires and therefore did not violate the Wiretap Act, even though he copied the messages before the intended recipients read them. The court ruled that the messages were in storage rather than transit.
To all of this, Reason poster Hanah Metchis says:
Almost makes me want to run my own server.
Personally, I think this is all a lot of hot air, as was the big fuss over GMail's privacy implications. Anyone sending messages in cleartext over the Internet who has any privacy expectations whatsoever is clearly living in a dream world, as there are far too many ways in which such messages can be intercepted. Nor is it the case that running one's own server is any sort of panacea, whatever Hanah Metchis might imagine to the contrary, as all it would take to get a peep at her messages would be for someone to run a packet sniffer like the freely available Ethereal in her network neighborhood.

If people really are half as concerned about privacy as they like to make out, there's an almost trivial means of ensuring that their privacy will indeed be respected, and it's one that works even with free online services like GMail, Yahoo and Hotmail - public key cryptography, which for most people means PGP. Encrypt your messages with a 2048-bit RSA key and even the NSA won't be able to break it in the next two decades - or, even if they do, they won't be able to act on this capability, for fear of letting the word get out to far more important targets than some private individual wishing to keep his correspondence hidden from prying eyes. Anyone who makes a big fuss about email privacy while refusing to make use of the excellent and freely available tools to protect that privacy is no more than a clown as far as I'm concerned.