[ISN] E-Mail Snooping Ruled Permissible

Denning, Dorothy USA dedennin at nps.edu
Thu Jul 8 11:45:46 EDT 2004


I was perhaps not clear.  I was responding to your statement about the government not needing a warrant, which you deleted in your response to my message.  This is what you said: 

"There [sic] reasoning is that they were capturing(copying) data stored in RAM and because of this it does not convey a violation of the wiretap laws.  Well if that's the case then the government does not need a warrant then to "capture" any ones email and programs like "Carnivore" come to mind.", 

I was merely trying to say that even if the ruling is upheld, the government still has some legal hurdles to get your e-mail.  To compel disclosure, they need a search warrant.  Now it is easier to get a search warrant than a wiretap warrant, but it offers some legal protection. 

Also, I don't follow your reference to Carnivore.  Carnivore is just software and a separate issue from what warrants are needed to use it. 

I personally think this ruling was unfortunate, but I haven't studied it enough to tell if the problem is with the wiretap law itself (which could be resolved through amendment) or just the court's interpretation of it (in which case the ruling could be overturned by a higher court).

Dorothy


-----Original Message-----
From: isn-bounces at attrition.org [mailto:isn-bounces at attrition.org]On
Behalf Of InfoSec News
Sent: Thursday, July 08, 2004 3:52 AM
To: isn at attrition.org
Subject: RE: [ISN] E-Mail Snooping Ruled Permissible 


Forwarded from: Cory D <coryd at euler.com>

You seem to be missing the point.

By their ruling they state that because the MDA (procmail) was storing
the message for process, this is what justified as electronic storage,
thus they did not intercept any wire communication between the points
of communication, therefore they did not violate the wiretap law.  
What bothers me is that the MDA is still in process of delivering the
message to the recipient, sense the delivery is not complete, the
message should still be consider in transit.  By this definition the
wiretap act was violated, because; the message did not reach its
intended recipient for the e-mail was still in-transit.

As for the government this ruling opens a hole up for them, they can
use their "Carnivore" program to gather messages before it goes to a
MDA the "electronic storage" argument has no merit and thus no warrant
is need per Title 18, Sec. 2703(a).

Title 18, Sec. 2703(a) is also typical for places storing the
messages, sense the argument could be stated that the message are
temporary no warrant is needed because the burden of electronic
storage again is not met.

My rant is done for now, but hopefully I widen some eyes, for the
complexity of this issues should not be complex, but simple, when
electronic communication is stated at one point and directed towards
another it should be consider still in transit until delivered to the
recipient.

Cory Durand

-----Original Message-----
From: isn-bounces at attrition.org [mailto:isn-bounces at attrition.org]On Behalf
Of Denning, Dorothy USA
Sent: Tuesday, July 06, 2004 6:48 PM
To: isn at c4i.org; isn at attrition.org
Subject: RE: [ISN] E-Mail Snooping Ruled Permissible

The ruling doesn't give the government blanket access because they are
still constrained by the statutes that protect stored wire and
electronic communications.

To compel disclosure of unretrieved communications that have been in
storage 180 days or less, the government needs a search warrant [Title
18, Sec. 2703(a)].  However, a non-public provider (e.g., private
company) can voluntarily disclose such e-mail {Sec 2702(a)(1)]; a
public provider generally cannot, but there are exceptions [(Sec
2702(b)].

Dorothy Denning

-----Original Message-----
From: isn-bounces at attrition.org [mailto:isn-bounces at attrition.org]On
Behalf Of Cory D
Sent: Friday, July 02, 2004 9:33 AM
To: isn at attrition.org
Subject: RE: [ISN] E-Mail Snooping Ruled Permissible


-- You seem to be mis-inform on common wiretap laws.
-- As for your sigh of relief, it bothers me.  When reading the case, the
individual(s) rights were violated.

---     The Wiretap Act "Provider Exception" 18 U.S.C ? 2511(2)(a)(i)
(i) It shall not be unlawful under this chapter for an operator of a
switchboard, or on officer, employee, or agent of a provider of wire or
electronic communication service, whose facilities are used in the
transmission of a wire or electronic communication, to intercept, disclose,
or use that communication in the normal course of his employment while
engaged in any activity which is a necessary incident to the rendition of
his service or to the protection of the rights or property of the provider
of that service, except that a provider of wire communication service to the
public shall not utilize service observing or random monitoring except for
mechanical or service quality control checks...

Sense he used the information for profit and gain; it seems to me that it
did violate the wiretap law.  As you can also see this informs you can use
IDS equipment to protect yourself from unwanted trespassers.



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html


More information about the ISN mailing list