The Councilman Case ...what it says and what it doesn't say

Whenever e-mail and privacy are concerned many people and advocacy groups panic. They read things into the decisions and see the end result of a "slippery slope" often when it is no more than what it is, a decision on this one case.

I have received many e-mails and communications regarding this recent decision by the First Circuit Court of Appeals in the United States. This is the highest appellate court for the region, other than the U.S. Supreme Court. Other decisions rendered by other Circuit Courts of Appeal have no bearing on this court, other than by being clear articulations of the law and worthy of being followed.

This case involved a rare book dealer that also provided e-mail accounts for its customers. The e-mails were handled directly on servers owned and operated by the rare book dealer. When the dealer was acquired by another company, that company decided to try and gather information about Amazon purchases and inquiries made by these customers. A program was written to allow the dealer to collect e-mails sent ot their customers by Amazon and to gather information regarding their transactions. The customers were not aware of this collection or privacy breach.

The e-mails were actually acquired after they had arrived and were accessible to the customers, although in most cases before they were accessed by the customers.

An indictment was obtained by the US. Attorney (the federal prosecutor in this case) for violation of the federal wiretap statute, the ECPA (Electronic Commnications Privacy Act).

Essentially, the court held that becasue the e-mails were stored on the dealer's server and the transmission to the server from the e-mail sender was complete, that the ECPA section in question was not violated. That involved the interception of communications in transit. The e-mails had already arrived, ruled the court, and were therefore not in transit. While the case may have involved a violation of another section of the ECPA, regarding "stored communications" the court did not reach any legally binding conclusion reagrding whether any isp can access and read e-mails of its e-mail customers.

The company argued that it had not violated the stored communications prohibition, but the court said that since the indictment didn't involve a charge that it had, they didn't have to deal with the issue.

Period.

It doesn't say that e-mail providers can access and use e-mail communications of their customers.

don't panic.

to read the entire case, look at the prior blog post...the entire case is pasted within it.

The earlier case dealt with related issues. If anyone has questions about that case, let me know.

but for now lax. And read your isp's privacy policy. it is a legally enforceable document. That, not fears about this case, should govern your concerns.

Parry