Court rules ISP didn't violate law by capturing, copying e-mails

The Massachusetts case has angered privacy advocates

In an e-mail privacy case that could have broad implications for users, a federal appeals court ruled Tuesday that the operator of a small ISP operations didn't break federal law when he used special code to intercept and copy some of the e-mail messages his company processed for customers.

The ruling from the U.S. Court of Appeals for the First Circuit in Massachusetts affirmed an earlier District Court decision that Bradford C. Councilman had not violated the Electronic Communications Privacy Act or the Wiretap Act through his actions as operator of Interloc Inc., an online service for rare and out-of-print books.

Interloc was acquired in May 1998 by a California company called Alibris. Councilman ran Interloc's Internet service provider operations and its book dealer subscription list.

Government prosecutors alleged that in January 1998, Councilman ordered Interloc employees to write special code to intercept and copy all customer e-mails containing details of book orders with Seattle-based online retailer Amazon.com. The e-mails were intercepted before they were delivered to or read by Interloc's customers.

The government alleged that Councilman sought a competitive advantage in his own rare and used book business by looking at the Amazon.com orders to learn what his customers were buying. That, the government argued, violated the Wiretap Act. It charged Councilman with several criminal counts, including conspiracy to intercept electronic communications and using the contents of illegally obtained electronic communications.

But the District Court ruled in Councilman's favor, arguing that the Wiretap Act doesn't apply to "communications in electronic storage," which it said was the case with the e-mails handled by the Internet service provider.

In the 2-1 decision this week, the Appeals Court agreed and found that the law, written before several advances in technology had occurred, doesn't include precise language that specifically makes the defendant's actions a crime.

"The Wiretap Act's purpose was, and continues to be, to protect the privacy of communications," the court wrote in its majority opinion. "We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than wire and oral communications. Moreover, at this juncture, much of the protection may have been eviscerated by the realities of modern technology.

"We observe, as most courts have, that the language may be out of step with the technological realities of computer crimes," the ruling continued. "However, it is not the province of this court to graft meaning onto the statute where Congress has spoken plainly. We therefore affirm the district court's [decision] that no intercept occurred in this case, and therefore, the Wiretap Act could not be violated."

Several privacy groups have harshly criticized the ruling.

Annalee Newitz, a policy analyst for the San Francisco-based Electronic Frontier Foundation, called the decision "a huge problem, because it opens all kinds of issues about whether [ISPs] can open people's e-mail.

"This is an extremely dangerous decision that has been made, so you can be sure there will be some [other court] challenges," Newitz added. "What we're hoping will happen is that there will be conflicts in other circuits and it would get kicked up to a higher court."

The problem, she said, is that the ruling could affect the privacy of every e-mail user. "This guy used his ability to look at customer e-mail to engage in questionable business practices," she said. "You haven't seen the end of [this case]."

Marc Rotenberg, the executive director of the nonprofit Electronic Privacy Information Center in Washington, said the court wrongly interpreted the 1968 Wiretap Act and later amendments.

"The intention of the 1986 amendments to the Wiretap Act was to provide protections for privacy in mail," Rotenberg said. "What the federal court has done here is to say that ISPs do not have to follow the requirements of the 1986 act. That can't be right."

In a dissenting opinion, Circuit Court Judge Kermit Lipez wrote that his colleagues erred, adding that "the line that we draw in this case will have far-reaching effects on personal privacy and security.

"In short, Councilman's approach to the Wiretap Act would undo decades of practice and precedent regarding the scope of the Wiretap Act and would essentially render the Act irrelevant to the protection of wire and electronic privacy," Lipez wrote. "Since I find it inconceivable that Congress could have intended such a result merely by omitting the term 'electronic storage' from its definition of 'electronic communication,' I respectfully dissent."

"There is no explicit statement from Congress that it intended to exclude communications that are in storage from the definition of 'electronic communication,' and, hence, from, the scope of the Wiretap Act," he wrote. "Councilman, without acknowledging it, looks beyond the face of the statute and makes a non-textual, inferential leap" that is wrong, Lipez said.

"The Wiretap Act explicitly states that 'any person who intentionally intercepts ... [any] electronic communication ... shall be punished,'" Lipez wrote. "Although Councilman claims that his scheme to copy and review incoming e-mails was no different than the monitoring and junk e-mail filtering that employers, schools, and other institutions routinely implement, he fails to note that these entities do so with notice and the consent of their users, and, therefore, that their conduct is not illegal.

"There is nothing vague about the Wiretap Act, and Councilman should not have been surprised that his conduct constituted an illegal interception,'' Lipez wrote.

Copyright © 2004 IDG Communications, Inc.

9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon