[Infowarrior] - E-Mail Hacking Case Could Redefine Online Privacy

Richard Forno rforno at infowarrior.org
Wed Aug 6 13:08:59 UTC 2008 

E-Mail Hacking Case Could Redefine Online Privacy

By Ellen Nakashima
Washington Post Staff Writer
Wednesday, August 6, 2008; D01

http://www.washingtonpost.com/wp-dyn/content/article/2008/08/05/AR2008080503421_pf.html

A federal appeals court in California is reviewing a lower court's  
definition of "interception" in the digital age, in a case that some  
legal experts say could weaken consumer privacy protections online.

The case, Bunnell v. Motion Picture Association of America, involves a  
hacker who in 2005 broke into a file-sharing company's server and  
obtained copies of company e-mails as they were being transmitted. He  
then e-mailed 34 pages of the documents to an MPAA executive, who paid  
the hacker $15,000 for the job, according to court documents.

The issue boils down to the judicial definition of an intercept in the  
electronic age, in which packets of data move from server to server,  
alighting for milliseconds before speeding onward. The ruling applies  
only to the 9th District, which includes California and other Western  
states, but could influence other courts around the country.

In August 2007, Judge Florence-Marie Cooper, in the Central District  
of California, ruled that the alleged hacker, Rob Anderson, had not  
intercepted the e-mails in violation of the 1968 Wiretap Act because  
they were technically in storage, if only for a few instants, instead  
of in transmission.

"Anderson did not stop or seize any of the messages that were  
forwarded to him," Cooper said in her decision, which was appealed by  
Valence Media, a company incorporated in the Caribbean island of Nevis  
but whose officers live in California. "Anderson's actions did not  
halt the transmission of the messages to their intended recipients. As  
such, under well-settled case law, as well as a reading of the statute  
and the ordinary meaning of the word 'intercept,' Anderson's  
acquisitions of the e-mails did not violate the Wiretap Act."

Anderson was a former business associate of an officer for Valence  
Media, which developed TorrentSpy, a search engine that helped users  
find "torrents," or special data files on the Internet that can be  
used to help download free audio, software, video and text. According  
to court documents, Anderson configured the "copy and forward"  
function of Valence Media's server so that he could receive copies of  
company e-mail in his Google mail account. He then forwarded a subset  
to an MPAA executive.

The documents sent to the MPAA included financial statements and  
spreadsheets, according to court papers. "The information was obtained  
in a legal manner from a confidential informant who we believe  
obtained the information legally," MPAA spokeswoman Elizabeth Kaltman  
said.

Valence Media alleged that the MPAA wanted those documents to gain an  
advantage in a copyright infringement lawsuit against the company and  
its officers.

"The case is alarming because its implications will reach far beyond a  
single civil case," wrote Kevin Bankston, a senior attorney for the  
Electronic Frontier Foundation in a friend-of-the-court brief filed  
Friday. If upheld, the foundation argued, "law enforcement officers  
could engage in the contemporaneous acquisition of e-mails just as  
Anderson did, without having to comply with the Wiretap Act's  
requirements." Those requirements are strict, including a warrant  
based on probable cause as well as high-level government approvals and  
proof alternatives would not work.

Cooper's ruling also has implications for non-government access to e- 
mail, wrote Bankston and University of Colorado law professor Paul Ohm  
in EFF's brief. "Without the threat of liability under the Wiretap  
Act," they wrote, "Internet service providers could intercept and use  
the private communications of their customers, with no concern about  
liability" under the Stored Communications Act, which grants blanket  
immunity to communications service providers where they authorize the  
access.

Individuals could monitor others' e-mail for criminal or corporate  
espionage "without running afoul of the Wiretap Act," they wrote.

"It could really gut the wiretapping laws," said Orin S. Kerr, a  
George Washington University law professor and expert on surveillance  
law. "The government could go to your Internet service provider and  
say, 'Copy all of your e-mail, but make the copy a millisecond after  
the email arrives,' and it would not be a wiretap."

In August, 2007, Valence Media shut down TorrentSpy access to the  
United States due in part to concern that U.S. law was not  
sufficiently protective of people's privacy, according to its  
attorney, Ira Rothken.

The Electronic Privacy Information Center also filed a friend-of-the- 
court brief Friday, arguing that Congress intended to cover the sort  
of e-mail acquisition Anderson engaged in.

More information about the Infowarrior mailing list