Expectation of privacy
Bill Oliver
vendor at billoblog.com
Thu May 2 18:48:36 UTC 2013
In another thread, respondents debated the expectation of privacy regarding email. I think this is a reasonable topic for an email mailing list, since there are many differing perceptions.
Of course, laws and customs vary across the world. In the United States, there is a rather complex hierarchy of limitations of scrutiny of electronic communication, particularly by the government. In general, there is:
1) No recgnized expectation of privacy with respect to most header information (to, from, addressing and routing information, etc).
2) No recognized expectation of privacy regarding aggregate information that would be logged by a provider (number of emails sent, websites visited, amount of data transmitted, etc).
3) There is variable expectation of privacy regarding the content of the email.
3a) There is a reasonable expectation of privacy regarding email sent from one person to one other person.
3b) With respect to mailinglist emails, the Supreme Court concluded in US v Maxwell:
"Expectations of privacy in e-mail transmissions depend in large part on the type of e-mail involved and the intended recipient. Messages sent to the public at large in the "chat room" or e-mail that is "forwarded" from correspondent to correspondent lose any semblance of privacy. Once these transmissions are sent out to more and more subscribers, the subsequent expectation of privacy incrementally diminishes. This loss of an expectation of privacy, however, only goes to these specific pieces of mail for which privacy interests were lessened and ultimately abandoned."
4) Finally, emails that are *stored after reading* on a server lose the expectation of privacy. The analogy the courts used was that of a paper letter. A sealed letter delivered to a recipient carries an expectation of privacy. Once the recipient has opened the letter, the expectation of privacy depends on what he or she does with it -- it is the responsibility of the recipient, not the sender. If the recipient puts the letter in a safe, it retains the expectation. If the recipient leaves it sitting on the table and walks away, it loses the expectation of privacy. In the eyes of the court, saving an email on a server constitutes putting it on the desk and walking away. Similarly, abandoned emails lose the expectation, just as abandoned letters do. Thus, email that is stored on a server eventually loses its expectation of privacy even if not read.
In addition, there are differences in *who* can read emails. For instance, while the government may be limited in some instances, a private company can read any communications made by any employee on a company machine, at least if there is notification somewhere.
The effect of warnings, banners, and statements of privacy are variable, depending on the relationship of the sender and recipient. Generally, the banners are effective in removing rather than providing an expectation of privacy. They seem to be meaningless in a practical manner with it comes to multiple recipient emails sent outside a closed organization.
In my profession as a forensic pathologist, I am frequently called to court. Occasionally I, and some of my colleagues, have been surprised to find that emails we sent to mailinglists of various sorts pop up as exhibits when people attempt to challenge our testimony. The admission of these has never been successfully challenged on the basis of expectation of privacy in any of the cases I'm aware of.
Any person who expects that their emails to a mailinglist are private is, at least in the US, doomed to disappointment. If you don't want your emails published generally, don't send them to a mailinglist.
billo
More information about the users
mailing list