Thursday, August 07, 2008
Email Hacking Legal According to California Court
Washington Post writer Ellen Nakashima reports that a federal appeals court in California has ruled that email hacking is not illegal if the hack retrieves 'stored' emails instead of snagging them in transit, even when that storage lasts only a fraction of a second. The legal definition of "interception" needs to evolve to reflect the protocols of digital transmission. According to Nakashima:
"A federal appeals court in California is reviewing a lower court's definition of "interception" in the digital age, in a case that some legal experts say could weaken consumer privacy protections online.
The case, Bunnell v. Motion Picture Association of America, involves a hacker who in 2005 broke into a file-sharing company's server and obtained copies of company e-mails as they were being transmitted. He then e-mailed 34 pages of the documents to an MPAA executive, who paid the hacker $15,000 for the job, according to court documents.
The issue boils down to the judicial definition of an intercept in the electronic age, in which packets of data move from server to server, alighting for milliseconds before speeding onward. The ruling applies only to the 9th District, which includes California and other Western states, but could influence other courts around the country."
Federal laws about wiretapping limit surveillance by the government and private citizens. Now it seems that, at least in the 9th district, email privacy is not protected. The Electronic Frontier Foundation has filed a brief raising concerns about this breach of privacy. Nakashima's article quotes from the EFF brief:
""The case is alarming because its implications will reach far beyond a single civil case," wrote Kevin Bankston, a senior attorney for the Electronic Frontier Foundation in a friend-of-the-court brief filed Friday. If upheld, the foundation argued, "law enforcement officers could engage in the contemporaneous acquisition of e-mails just as Anderson did, without having to comply with the Wiretap Act's requirements." Those requirements are strict, including a warrant based on probable cause as well as high-level government approvals and proof alternatives would not work.
Cooper's ruling also has implications for non-government access to e-mail, wrote Bankston and University of Colorado law professor Paul Ohm in EFF's brief. "Without the threat of liability under the Wiretap Act," they wrote, "Internet service providers could intercept and use the private communications of their customers, with no concern about liability" under the Stored Communications Act, which grants blanket immunity to communications service providers where they authorize the access."
So, as long as emails are taken from "storage," rather than as they are transmitted then they can be collected by law enforcement, corporate spies, or anyone else who can convince an ISP to let them have access. It remains to be seen if this federal appeals court decision will provide a precedent for other districts as well.
The other interesting aspect of this case is that it began with an alleged attempt at corporate espionage in which a mainstream media trade association, the MPAA was trying to learn the secrets of Valence Media a company that created Torrentspy which was a search engine for people seeking the torrents used to download audio and video files. The MPAA needed this information to prove that Torrentspy was being used to facilitate the download of copyrighted materials. The MPAA won a $110 million judgement against Torrentspy and its parent Valence Media. Valence Media shut down Torrentspy during the litigation.
Labels: copyright, email, hacking, IP, privacy
