Friday, October 12, 2007

Envelopes and encryption

As I’ve mentioned, last June the U.S. Court of Appeals for the Sixth Circuit held, in United States v. Warshak, that Americans have a reasonable expectation of privacy in the contents of emails they have stored on an ISP’s servers.

(If the Warshak link doesn’t work, you can find it by going to and searching for it in the opinions section either by name or by opinion # 07a0225p.06).

The Warshak opinion means that law enforcement can no longer use a court order, which issues without a showing of probable cause, to obtain the contents of emails someone has left stored with their ISP. They must, instead, obtain a search warrant, which does require them to show probable cause to believe that the emails contain or constitute evidence of a crime.

The opinion was, as is usual, issued by a panel of three of the Sixth Circuit judges; my understanding is that the federal government, which was the losing party in the case, is asking the entire Sixth Circuit to rehear this case en banc, i.e., to have all the judges on the Sixth Circuit sit as a panel and re-decide the case. If the Sixth Circuit does that, then the en banc panel can either agree with the three judges who said we have a Fourth Amendment expectation of privacy in our email, or disagree, and reject their conclusion. If the Sixth Circuit rehears the case en banc and agrees that we do have a reasonable expectation of privacy in stored emails, then I’d say there’s a good chance the case will go to the Supreme Court, because the effect of such a decision is to invalidate a federal statute law enforcement officers routinely use to obtain access to stored emails.

I don’t want to talk about the Warshak opinion, though. I want to talk about the larger issue – the question of whether we can reasonably expect the contents of our emails to be, and to remain, private. To do that, I need to review the standard courts apply when this issue comes up.

In 1877, the U.S. Supreme Court held, in Ex parte Jackson, that Americans have a Fourth Amendment expectation of privacy in the contents of sealed letters and packages they send through the U.S. mails (which was the default mail/delivery service at the time). The Jackson Court said “letters and sealed packages . . . in the mail are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles.” The Court also held that anything we send that is not sealed – such as a postcard – is not encompassed by this rule because we have taken no steps to protect the privacy of its contents.

The Warshak court cited the Jackson decision, as well as the Supreme Court’s 1979 decision in Smith v. Maryland. In Smith, the Court said we do not have a Fourth Amendment expectation of privacy in the phone numbers we call, even from our homes, because by dialing those numbers we voluntarily convey that information to the phone company and, in so doing, surrender any privacy interest in it. I think the Smith decision was, and is, wrong, but that’s irrelevant.

In Warshak the government essentially argued that we have no Fourth Amendment expectation of privacy in emails we leave stored with an ISP because the ISP staff can read those emails, since we have not “sealed” them. Prosecutors often analogize email to a postcard: we send our emails through a system in which they are “visible” to other people without doing anything to shield their contents, to make them unreadable. The premise then is that the emails are like the phone numbers in Smith: We voluntarily share them, in the clear, with an entity whose staff can decipher the information they contain.

The Warshak court rejected that, essentially finding that we have an expectation of privacy if and when our ISP’s terms of service state that its staff either will not read our emails or will do so only under certain circumstances. That conclusion makes a certain amount of sense, but it really doesn’t resolve the Jackson-Smith problem, i.e., that the contents of stored emails CAN be read by ISP staff.

What I find interesting is that this controversy really does not need to arise. If we encrypted our emails, we would be “sealing” them, just as we seal the letters and other correspondence we send through the mails. If we “sealed” our emails, the Jackson rule would apply, even though we are sending emails via private carriers rather than through the U.S. mails. The Jackson Court’s point went not to the vehicle by which a message is being transmitted but to the steps taken to shield the contents of the message from the eyes of those involved in its transmission.

So why don’t we encrypt our emails? We were talking about this in my cyberspace law class yesterday, and one student pointed out that the general public doesn’t encrypt their emails because the process is too complex and/or too esoteric for them to use easily. I think she’s absolutely right. I think we are in a situation analogous to the situation letter writers were in until the mid-nineteenth century.

The adhesive envelope, which we assume has always been around, was not introduced until the mid-1800s. See Robert Ellis Smith, Ben Franklin's Web Site 56 (Providence RI: Privacy Journal 2000). Until then, people didn’t use envelopes; instead, they wrote their letters on a sheet of paper, which they folded and sealed with sealing wax, which was notoriously unreliable. See id. Letter writers knew the wax would probably fail, the letters would come unsealed and postal employees would probably read them. See id. Many, including Thomas Jefferson, wrote their letters in code – encrypted them -- to avoid this. See id. at 43. The adhesive envelope eliminated the need to encrypt letters because it was reliable AND easy to use. The Jackson Court’s holding was implicitly based on the impact adhesive envelopes had on securing the contents of written correspondence from prying eyes.

When it comes to email, our situation is, and is not, analogous to that of pre-adhesive envelope letter writers. Our situation is analogous because we have no simple way to “seal” our emails. Since we consequently do not “seal” our emails, it is, as a practical matter, difficult to argue that the contents of those emails are private. They really are postcards; their contents CAN (may not actually be, but CAN be) read by the staff of the entity involved in their transmission. Since they can be read by anyone who comes in contact with them, it is not, as a matter of common sense, reasonable for us to claim that their contents are private.

On the other hand, our situation differs from that of a pre-adhesive envelope letter writer in an important respect: We have tools available that will allow us to “seal” the contents of our emails. We do not use those tools because, as I said earlier, using them involves a lot more effort and expertise than simply sealing an adhesive envelope. I also think we don’t use these tools because most people, at least in this country, don’t realize that their emails are postcards, rather than letters. That is, I think most people in the U.S., anyway, don’t realize that the contents of their emails are not private.

All of this can, and probably will, change. Two things can transform the default status of email from that of postcard to that of sealed letter: One is for people to realize that they must “seal” their emails for them to be private. The other is the introduction of simpler, more intuitive encryption tools. I think the transformation will require the interaction of both factors: People will have to become receptive to the idea of encrypting emails, and the process of encrypting them will have to become at least a little more user-friendly.

If people begin to understand the utility of encrypting their emails, they will look for easy ways to do that. One way is, as I said, for developers to introduce new, user-friendly encryption tools. Another possibility is for ISPs to offer “one-click encryption” (if, in fact, that is a possibility), i.e., a system that automatically encrypts emails sent via that and compatible ISPs. I don’t know if this kind of one-click encryption is technically possible, and even if it is, I can see implementation problems. If I’m using a one-click encryption ISP, I assume I either can’t email people who don’t use my ISP or another, compatible one-click encryption ISP or if I can email them, I lose my encryption. But I assume the same kinds of problems will arise if and when our culture moves to one in which we seek to encrypt emails.

Encryption definitely is, and will probably continue to be, more challenging than an envelope.


-dsr- said...

An envelope is really a cultural expectation of privacy -- a notification that some affirmative action must be taken in order to view the contents, an action which is unambiguous in intent.

An electronic equivalent, then, might be a simple Caesar cipher (so-called because, according to Suetonius, Julius Caesar used it) which shifts every letter a fixed number of places.

The most widely used Caesar cipher is also called ROT-13, and is customarily used in Usenet news groups to hide the content of messages which are on-topic but contain information that not everyone wishes to see. The canonical examples are plot points in recently released movies, and potentially offensive jokes. It only takes a few lines of code to implement a Caesar cipher.

So, we can implement envelope-effective protection by adopting legislation that any enciphered or encrypted message automatically receives the same protection as a sealed letter, and using a Caesar cipher for our routine messages, and arrange for something more effective but harder to implement for those who want that.

Susan Brenner said...

Good points.

As to envelopes as cultural expectation of privacy: The Katz standard (from Katz v. U.S.) which the Supreme Court uses to decide if we have a Fourth Amendment expectation of privacy incorporates the concept of cultural expectations. Under Katz, I have a Fourth Amendment expectation of privacy if (i) I think something (my email) is private and (ii) society agrees. We pick up the cultural expectation in the second prong.

As to the Caesar cipher, it should work . . . I don't see any magic to the particular form encryption takes, as long as we "seal" the envelope for our email.

Thanks for the observations.