Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
Privacy advocates and the U.S. Department of Justice (DoJ) will get their day in court, again, to appeal a federal ruling that allows Internet service providers to store and copy their customers' e-mails.
This time, seven federal judges from the U.S. Court of Appeals for the First Circuit in Boston will determine whether Bradford Councilman, former vice president of bookseller and e-mail provider Interloc, Inc. (now Alibris), violated the federal Wiretap Act when he copied inbound e-mails from Amazon.com to gain a competitive advantage.
Before the judges hear oral arguments on Dec. 8, they've requested both sides answer two questions:
- Whether the conduct at issue in this case could have been additionally, or alternatively, prosecuted under the Stored Communications Act; and
- Whether the rule of lenity precludes prosecution in this case.
The Wiretap Act specifically prohibits the interception and storage of wireline communications (telephones), but in the case of electronic transmissions, it only mentions the interception, not storage, of information. Since the act does not implicitly prohibit the storage of electronic messages -- which many e-mail servers do, if only for a very brief amount of time -- defense lawyers argue Councilman did not break the law.
The rule of lenity states that a "grievous ambiguity or uncertainty," goes in favor of the accused, according to the Supreme Court in Staples v. U.S. in 1994, while the Stored Communications Act prohibits people from intentionally accessing and obtaining information without authorization.
Kevin Bankston, an attorney from the Electronic Frontier Foundation (EFF), one of four privacy advocate organizations who filed a brief in support of the DoJ's petition for a re-hearing, said that while the rule of lenity was key to the defense's win, it doesn't apply in Councilman's case.
"We don't think the rule of lenity is particularly relevant in this case because we don't think the law is vague here," he said. "We have argued, and the DoJ has persistently argued, that the Wiretap Act as amended by the Electronic Communications Privacy Act definitely governs the behavior at issue here and definitely prohibited what Councilman did, which was intercept people's e-mails in transit before they received them, without their consent or knowledge."
He points to the law enforcement requirement applicable to federal agencies like the DoJ, which requires a wiretapping order before agents are able to go through an individual's e-mail. Congress intended the stringent wiretapping requirements to apply to both telephones and later electronic transmission through the Wiretap Act amendments in the ECPA.
"If you follow the Councilman panel's decision, though, that [ruling] throws out a decade of law enforcement practice out the window," he said. "Yet no court dealing with electronic interception ever questioned whether or not they needed to get a wiretap order to do that kind of thing. But under the Councilman panel, it would seem that it's not covered by the Wiretap Act but the Stored Communication Act, which places much fewer limits on government access."
The effects of the case are sure to be felt for years. While e-mail
providers like Yahoo
stated at the time of the original ruling that their privacy policies
prohibit monitoring customer traffic, it's a common enough practice within