The 2012 Spring edition of the ABA publication The SciTech Lawyer includes an article titled Evolving Technology and Privacy Law: Can the Fourth Amendment Catch Up? by Samuel Mark Borowski, Aaron Midler and Pervin Taleyarkhan. They make a point that I’ve emphasized in the past – users’ expectations of email privacy, and laws and rules intended to protect email privacy (especially the 1986 Electronic Communications Privacy Act), have not kept up with changes in how people use email.
The article’s authors say:
In 1986, email was not the be-everywhere-at-once system it is today. There were few options for an email user to store messages online, or “in the cloud.” Instead, most systems required the user to download messages to a home computer and view them there. The ECPA took account for this standard behavior and focused only on protecting those emails for the first six months over which they were stored. But for emails that have been in “electronic storage” for longer than six months, the ECPA, through the Stored Communications Act, provides relatively little protection. Law enforcement agents need only subpoena these emails from a service provider, with no need for judicial oversight (as opposed to emails stored for fewer than six months, which are protected by a warrant requirement).
Twenty-five years ago, this limited protection for emails “in the cloud” was not problematic. Because most email resided on an individual user’s home machine, the Fourth Amendment provided strong protection for these communications; the government cannot simply enter a home and rifle through its contents without probable cause. The ECPA, insofar as it played any role at all in protecting an email user’s privacy, played only a minor one to ensure the email was protected until download was most likely to have occurred.
Today, email services have migrated to the web, and the minor role the ECPA once played has morphed into a major one, making its limitations apparent. With today’s free web access email, users never need to download a single message to their home computer anymore; it can all be stored “in the cloud.” And with gigabytes of storage space available, users of these accounts need never throw anything away, turning their in-boxes into digital filing cabinets. Consequently, there is a disconnect between the ECPA, which treats emails older than six months as having little privacy value, and modern users, who see their in-box as an extension of their home.
In other words, since the original passage of the ECPA, society’s expectations of privacy have changed, as has the technology we use every day. Technology has made our lives more mobile, and to enhance our mobility, we are increasingly relying on third-party service providers for email, communications services, and, in the context of social media, the ability to reach our far-flung family, friends, and business associates. But as the ECPA has failed to take notice of these changing societal behaviors, our privacy jurisprudence under the Fourth Amendment is beginning to shift in ways that could have profound implications for electronic communications, and by extension, social media.
See the full article here.
The authors characterize the law as failing to keep up with email users’ evolving expectations of privacy. One might just as easily conclude that email users’ expectations of privacy are unreasonable where the law does not clearly protect that privacy and the user has taken no steps to protect the confidentiality of their email.
How email is stored and delivered has evolved over the decades – and the tools available to protect the confidentiality of email have similarly evolved and matured. Modern email encryption technology seamlessly integrates with email services like Microsoft Exchange, Office 365 and Google Docs so that encryption and decryption is automatic and the process is completely transparent to the end users. There is really no excuse for not encrypting your email. It’s not reasonable to expect email to be private if you don’t encrypt it.