There has been a lot of rightfully worried commentary about a recent decision by the US Court of Appeals for the First Circuit that found that intercepting and copying users' emails by an email service provider did not violate US wiretap laws. See: EFF (Online Privacy "Eviscerated" by First Circuit Decision); WIRED (E-Mail Snooping Ruled Permissible); and, Slashdot (Appeals Circuit Ruling: ISPs Can Read E-Mail). As EFF put it:
The defendant in the case is a seller of rare and used books who offered email service to customers. The defendant had configured the mail processing software so that all incoming email sent from Amazon.com, the defendant's competitor, was copied and sent to the defendant's mailbox as well as to the intended recipient's. As the court itself admitted, "it may well be that the protections of the Wiretap Act have been eviscerated as technology advances."Read the 16-page decision (and 37-page dissent): US v. Councilman [PDF] or HTML.
Now I in no way want to de-emphasize the dangers to privacy that this decision represents. If intercepting email is not a violation of the wiretap act, then all sorts of internet privacy goes out the window. If this ruling is not overturned, Congress will have to act to protect all of our privacy.
However, the defendant in this case, Bradford C. Councilman, may not have done himself any favors by winning. The problem is, by convincing the court that the emails intercepted were in "electronic storage," the defendant has pretty much made the case that he is guilty of criminal copyright infringement. Additionally, he would also be liable for huge amounts of civil damages for willful copyright infringement as well. From the decision:
According to the Indictment, on or about January 1998, defendant directed Interloc employees to write computer code to intercept and copy all incoming communications from Amazon.com to subscriber dealers. The Interloc systems administrator wrote a revision to the mail processing code called procmail.rc ("the procmail"), designed to intercept, copy, and store, all incoming messages from Amazon.com before they were delivered to the members' e-mail, and therefore, before the e-mail was read by the intended recipient. Defendant was charged with using the procmail to intercept thousands of messages. Defendant and other Interloc employees routinely read the e-mails sent to its members seeking to gain a commercial advantage.[emphasis added]Hmmmm....According to the statutes on criminal copyright infringement, 17 USC 506:
Any person who infringes a copyright willfully either -The criminal copyright infringement indictment just about writes itself. Copying the emails is a clear infringement of the right of reproduction. Ordering employees to write a program to copy emails seems pretty willful to me. Finally, the infringement was done for purpose of "commercial advantage." Slam dunk. Interestingly, as long as the commercial value of the emails was greater than $2,500 (which is likely) then the criminal penalties for both infringement and wiretapping are equivalent.(1) for purposes of commercial advantage or private financial gain, or
Bonus. The civil penalties for willful infringement are much higher than one can usually get for wiretapping. I mean, heck, up to $150,000 per email copied! All Amazon has to do is sue.
The only problem with this theory, however, is that the statute of limitations for criminal copyright infringement is five years (which means you normally can't prosecute someone five years after the crime occurs). I know that the infringement started in 1998 and Councilman was indicted in 2001. However, these aren't enough facts to know whether or not the statute of limitations will preclude prosecution for criminal copyright infringement.
So, while this decision remains a serious threat to our privacy, if it can be shown that the interceptions were for "commercial advantage" then the Copyright Act comes to the temporary rescue (and perhaps provides even worse penalties).