In another thread, respondents debated the expectation of privacy regarding email. I
think this is a reasonable topic for an email mailing list, since there are many differing
perceptions.
Of course, laws and customs vary across the world. In the United States, there is a
rather complex hierarchy of limitations of scrutiny of electronic communication,
particularly by the government. In general, there is:
1) No recgnized expectation of privacy with respect to most header information (to, from,
addressing and routing information, etc).
2) No recognized expectation of privacy regarding aggregate information that would be
logged by a provider (number of emails sent, websites visited, amount of data transmitted,
etc).
3) There is variable expectation of privacy regarding the content of the email.
3a) There is a reasonable expectation of privacy regarding email sent from one person to
one other person.
3b) With respect to mailinglist emails, the Supreme Court concluded in US v Maxwell:
"Expectations of privacy in e-mail transmissions depend in large part on the type of
e-mail involved and the intended recipient. Messages sent to the public at large in the
"chat room" or e-mail that is "forwarded" from correspondent to
correspondent lose any semblance of privacy. Once these transmissions are sent out to more
and more subscribers, the subsequent expectation of privacy incrementally diminishes. This
loss of an expectation of privacy, however, only goes to these specific pieces of mail for
which privacy interests were lessened and ultimately abandoned."
4) Finally, emails that are *stored after reading* on a server lose the expectation of
privacy. The analogy the courts used was that of a paper letter. A sealed letter
delivered to a recipient carries an expectation of privacy. Once the recipient has opened
the letter, the expectation of privacy depends on what he or she does with it -- it is the
responsibility of the recipient, not the sender. If the recipient puts the letter in a
safe, it retains the expectation. If the recipient leaves it sitting on the table and
walks away, it loses the expectation of privacy. In the eyes of the court, saving an
email on a server constitutes putting it on the desk and walking away. Similarly,
abandoned emails lose the expectation, just as abandoned letters do. Thus, email that is
stored on a server eventually loses its expectation of privacy even if not read.
In addition, there are differences in *who* can read emails. For instance, while the
government may be limited in some instances, a private company can read any communications
made by any employee on a company machine, at least if there is notification somewhere.
The effect of warnings, banners, and statements of privacy are variable, depending on the
relationship of the sender and recipient. Generally, the banners are effective in
removing rather than providing an expectation of privacy. They seem to be meaningless in a
practical manner with it comes to multiple recipient emails sent outside a closed
organization.
In my profession as a forensic pathologist, I am frequently called to court. Occasionally
I, and some of my colleagues, have been surprised to find that emails we sent to
mailinglists of various sorts pop up as exhibits when people attempt to challenge our
testimony. The admission of these has never been successfully challenged on the basis of
expectation of privacy in any of the cases I'm aware of.
Any person who expects that their emails to a mailinglist are private is, at least in the
US, doomed to disappointment. If you don't want your emails published generally,
don't send them to a mailinglist.
billo