who’s You’ve Got your Mail

Email.

Simple, ordinary, convenient. As of late, the word controversial can also be used to describe this staple of office and personal communication. Given the ubiquitous nature of email in our daily lives, a deeper examination into the issues surrounding privacy and email seems increasingly warranted. Let’s take a look.

Is my email really private?

Your email may not necessarily be your own. Although it may appear that the act of typing a message and clicking send guarantees a safe arrival to the intended recipient, emails can be accessed or otherwise manipulated with in a series of ways. Unlike a physical letter, which can only be in one mailbox or post office at a given time, copies of a particular email are stored in multiple locations and often, multiple devices. Whether the sender’s computer or the ISP’s server, a particular email can simultaneously be at different places along the communication pipeline before ever reaching the intended recipient.

Similarly, careful inspection of an envelope can often reveal if the seal has been broken or if the letter inside has been tampered with in some way. Unauthorized access to a particular email, however, is hard to pinpoint and can be even more difficult to prevent. Combine the potential for multiple points of access with near limitless amounts of modern storage capabilities and our communications may be anything but confidential.

email-blog-post

So my emails may be vulnerable. How does the law protect me?

The Fourth Amendment protects your emails from any unlawful snooping by the U.S. government. Courts have repeatedly found that individuals have a “reasonable expectation of privacy” in the content of their emails. For private actions, several criminal and civil statutes may be applicable in cases of third party-unauthorized email access, including the: Computer Fraud and Abuse Act (CFAA) 18 U.S.C. § 1030, Federal Stored Communications Act (SCA) 18.U.S.C. § 2701 et seq., and the Electronic Communications Privacy Act (ECPA) 18 U.S.C. § 2510. State laws, including the Uniform Trade Secrets Act (UTSA), may also apply, depending on the particular facts of the case. Although they may individually impose different requirements on exactly how or when relevant information was unlawfully accessed, these statutes boil down to two essential parts. A user must: 1) access the computer; and 2) the access must be without permission. Federal statues may also require a damage element.

In an effort to bolster existing online communications law, the U.S. Congress introduced the Email Privacy Act in February 2015. The Act would require authorities to obtain search warrants to access emails and other communications in cloud storage over 180 days old. Currently, the ECPA mandates that authorities may obtain this data from an ISP through an “administrative subpoena”, which does not require judicial confirmation. As of October 2016, the Act is awaiting Senate approval. If passed, the Act would represent a big leap in aligning outdated privacy communication provisions with current trends in cloud-based data storage.

How can I protect my emails?

Whether a multinational corporation or a disgruntled ex-coworker, email privacy issues can have enormous consequences for those involved. To better protect your privacy in the world of email, consider these best practices (available on most major email platforms):

  • Understand your Email Provider’s ToS (Terms of Service). Included in the TOS are details about how your provider secures your data, if at all. Server-side encryption? Protection against brute-force attacks? Or does your provider automatically scan your private messages to send you targeted advertisements?
  • (End-to-End) Encryption. Allows only you and your intended recipient to read your message. To all others, the message is scrambled and incomprehensible.
  • 2-Factor Authentication. Requires you to enter a unique code, sent to your mobile phone, when accessing email. Even if your password is compromised, your email may still be safe.
  • Client Portals. Send and receive attachments through a portal (i.e. Dropbox) reduces the chance that someone may access your private information through regular email.

To best understand your specific email privacy concerns, it is advisable to consult with a privacy attorney.

(Originally published October 10, 2016 at Foundry Law Group Blog)

Leave a Reply

Your email address will not be published.