Stop me if you have heard about this already. On June 29, 2004, the United States Court of Appeals for the First Circuit (Massachusetts) issued a majority (two to one) ruling stating that, in effect, an ISP is free to read email passing through its systems--well, strictly speaking, not just passing through its systems, but more on that later.
The case that the court ruled on involved a bookseller that also ran an ISP. The bookseller portion of the business was primarily an online rare and out-of-print book listing service. Sometime around January 1998, the vice president of the bookseller/ISP told his system administrator to rewrite the procmail.rc mail processing code so that it would intercept, copy, and store any email from Amazon.com to any of the ISP's customers--before the messages were passed along to the customers. The bookseller then read the email in an attempt to gain a competitive advantage.
The government charged the bookseller/ISP under the Wiretap Act. Siding with the defendant, the court ruled that the act only applies to communications in transit, not in storage. It said that, because the bookseller/ISP was acting on messages that were either in RAM or on disk, even though they may have been there for less than a second, the messages were in storage and not in transit. Thus, according to the court, the bookseller/ISP's actions did not breach the Wiretap Act.
Maybe it is just because I have absolutely no legal training or experience, but when I read this, two questions immediately came to mind. First, what the devil was going through the minds of the two judges who issued the majority opinion? And second, is whatever they were on at the time legal?
Think about this. Doesn't that logic mean that if you subscribe to a phone company's voicemail service, the phone company should be free to listen to your messages because they are stored on the company's servers and not in transit? And shouldn't the post office be allowed to read your mail because, hey, it is stored in their sorting plants and trucks for a while. While we're at it, shouldn't owners of public washrooms be allowed to collect your urine, have it analyzed and sell the results to insurers for underwriting purposes because, what the heck, your urine is stored in their toilettes or urinals for a few seconds or minutes rather than just passing right through? Now, there's a reason to remember to flush!
I am (not entirely successfully) fighting the urge to preface most of the thoughts in this tirade with a warning that because of my lack of legal knowledge, my opinions may, from a legal perspective, just be the ravings of a blathering idiot. (I don't particularly want to hear from those of you who think that, from all perspectives, all of my views are the ravings of a blathering idiot.) With that caveat being stated, I think that if the average person would reasonably expect confidentiality, then we have an implied contract with these service providers to maintain the privacy of our messages and bodily fluids unless specifically stated otherwise in our contracts with them. Is that really too much protection to ask of the law? I think not.
While we are on the subject, let's consider companies that routinely monitor employees' emails and voicemails to ensure that employees are not violating company policies. I think that these types of actions should be legal. (Again, keep in mind my legal vacuum.) After all, the company owns the computers and phone equipment used to create, store, and retrieve these messages--equipment that is supposed to be used only for company purposes. Unlike the ISP's equipment, an employer's servers are the end points of the communications, not just conduits for them. Furthermore, an employer pays employees to do work for the company, not carry on personal conversations. Therefore, I think that it should be fair game to spy on employees in this way. That having been said...listen up people...just because something is legal, doesn't mean that you have to do it.
How much do you want to bet that most of the companies spying on their employees in this way are the same ones who loudly and frequently proclaim that "people are our most valuable assets?" Yeah, right. They think employees are valuable all right; they just don't trust them worth a damn. If you have such little faith in your people, why the heck did you hire them in the first place?
Come on. If Mary occasionally uses your email system to tell Uncle Bill that she will be in town this weekend, is it really going to destroy your company? If Fred's proctologist leaves a message on Fred's office voicemail saying that his test results are ready, do you, Fred's employer, really need to know that? Give your employees a break. Sure, these are not company purposes, but grant your employees--the people who you swear up and down are so valuable to your company--the occasional personal use of email and voicemail. And respect their privacy while doing it. If you don't, remember that ISPs on the long and circuitous path that your email takes through the Internet now have the legal right to read and use some emails that you might not want made public. One of those ISP owners might just be a friend or relative of an employee that you are now spying on. Think about it. Not that I'm threatening you or anything.