July 01, 2004

Court Rules: No E-Mail Privacy at ISPs!

Greetings. It is impossible to overstate the potential significance of this federal appeals court action, as per this Washington Post story. The full text of the decision makes for depressing reading.

If generally upheld, it means that user e-mail stored at ISPs, even temporarily (Gmail, Hotmail, POP, IMAP, SMTP, etc.) is vulnerable to monitoring or other abuses, including use for competitive or even prurient purposes without notification to the persons whose e-mails are involved.

With many ISPs forcing more users (especially typical dynamic-IP customers) to route all mail through ISP servers (e.g., via blocking of port 25), the implications are staggering.

Though ISPs may claim privacy policies that prohibit such snooping, policies are subject to change, and the legal barriers for access to the mail by outside entities is also much lower in such cases.

While my hunch is that reaction to this ruling will be such that it will not stand, the underlying facts should be very clear. The most reliable and trustworthy path to secure e-mail is via direct, end-to-end, encrypted connections that are not forced to route through ISP mail servers. Such systems are one of the goals of the "Tripoli" project as proposed by PFIR. This court decision will also now be a topic at a legal issues panel at our "Internet Meltdown" conference late in July here in Los Angeles.

This is one of the worst and most dangerous court decisions ever to appear relating to the Internet.

--Lauren--

Posted by Lauren at July 1, 2004 10:27 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein