For those of you who do not know, I am a partner/owner of two companies. One of them is Advantage Services and focuses primarily on corporate network management, training, consultation and high-end web development. We are a small company, about 9 employees, and pride ourselves on what we call a "boutique" level of service. Our customers appreciate the human to human (here's my cell phone number, call me if you need anything) level relationship we have that you can't get from the larger companies.

Our hosting company, WDDX.NET, was founded on the same principles. We pay for rack space that sits on top of an OC-48 ring with three OC-12 redundant pipes backing it up. Of course, we share it with others, but you can almost reach out and touch the incoming fiber from where our servers sit. Even still, we only take care of a few hundred companies and e-mail accounts that are only approaching the tens of thousands.

Though we are small in the vast scheme of things it is still a lot of responsibility. That's why I was so bothered when I read that a Federal Appeals Court ruled that an e-mail provider did not break the law when they copied and read e-mail messages sent to customers through their servers...

Upholding a lower-court decision that the provider did not violate the Wiretap Act, the 1st U.S. Circuit Court of Appeals set a precedent for e-mail service providers to legally read e-mail that passes through a network.

The court ruled (PDF) that because the provider copied and read the mail after it was in the company's computer system, the provider did not intercept the mail in transit and, therefore, did not violate the Wiretap Act.

This is heinous. When a customer calls and complains about not receiving e-mail, I can understand sending test messages to their account and then looking in their main.mbx to make sure that they arrived, but if this ruling is not overturned, that gives the ISP or Hosting Services company the right to really read anything they damn well please.

The court ruled that because the mail was already on Councilman's computer network when he accessed it, he didn't intercept it in transit and therefore was not guilty under the Wiretap Act. The court said the mail was in storage at that point and, therefore, was governed under the Stored Communications Act.

In a similar case in 1991, the U.S. Secret Service seized three computers belonging to a company called Steve Jackson Games. The company, in addition to producing fantasy books and games, hosted an online bulletin board for gamers to communicate with one another. An employee of the company was under suspicion for activities conducted outside work, but the Secret Service confiscated his employer's computers as well. The Secret Service accessed, read and deleted 162 e-mail messages that were stored on the computers used for the bulletin board.

So the deal is that as long as the mail is just sitting there, the ISP is only prosecutable under the terms of the Stored Communications Act. Fine and dandy, but service providers are exempt from the Stored Communications Act!

Granting e-mail providers the ability to read e-mail is equivalent to granting postal workers the right to open and read any mail while it's at a post office for sorting, but not while it's in transit between post offices or being hand-delivered to a recipient's home or business.

So what else is stored? Well, internet based backup solutions, for one. How about voice mail? Isn't that stored digitally somewhere?

In the end, in the absence of laws to preserve privacy, the best solution for e-mail users to protect their privacy is to use encryption. But until encryption for voicemail messages becomes common, you'll have to settle for talking in tongues.

And even that is a poor solution. I am a proponent of encryption technology, I think it is great. Even still, I don't think I have sent an encrypted e-mail this year, and can probably count how many times I sent one last year on one hand... and I am technologically savvy! In most cases, I can simply send a fax, pick up a phone and talk to someone or take care of things that require that level of security in person. In order for encryption to work, your recipient has to use the same kind of encryption technology that you do, and you have to exchange each other's public keys in order to make it work. Sorry, but the rest of the world is just not ready for the discipline required to make such a solution viable. Oh yeah, it will happen. Maybe Microsoft will buy PGP and build the technology into Outlook. But that day is not yet here.

As a personal note to my customers: beyond the boundaries of troubleshooting on your behalf and whatever business practices are morally acceptable (like seeing the mail that AOL sends us when they file a complaint about one of our customers) we will not read your mail. I find that reprehensible.

We wear white hats. We're the good guys.

Posted by Michael at July 12, 2004 11:06 AM