I actually think there is a reasonable expectation to privacy, and that most people, from senators to elementary school teachers, believe that email is technically secure, meaning that "normal people" could not read their email even if they wanted to, at least not without resorting to "hacking" or "spying".
In fact, one might say that email is more secure than normal mail, because normal mail doesn't have a password and is default delivered to a publicly accessible mailbox. If a neighbor wishes to invade your privacy via your email, how do they do so? Probably by entering your password somehow. If that person wants to steal your physical mail, how do they do so? By walking up to your mailbox when nobody is looking.
Also, email at least has a very plausible chance of being encrypted; even if you don't know what that means, your workplace may be doing it for you. But companies, including financial or accountancy firms, don't encrypt physical email to their customers.
I think most reasonable people have the belief that email is safer than mail, and in 2015 I think they might be right.
At least under the 4th amendment, expectation of privacy must be objectively reasonable, not subjective. I.e. If everyone is misinformed about how email is sent around in plain text, and expect privacy out of ignorance, then that belief can be objectively unreasonable even if it's widely held.
Where did you get that information? From Wikipedia? Could you put the paragraph + link here so I can find it? I ask only because I looked it up myself and couldn't find that reasonable expectation to privacy solely hinges on the actual objective reality of the situation; instead there are also subjective considerations.
And even the definition of "objective" in "expectation to privacy" is what general society holds to be true -- it doesn't speak to demonstrating reality of privacy.
But then the 4h means nothing! Any communication that can technically be eavesdropped is "onbjectively" not private. So where is there a legal expectation of privacy?
It's completely based on precedent (i.e. court rulings). According to Wikipedia [http://en.wikipedia.org/wiki/Expectation_of_privacy] one appeals court has ruled that there is a reasonable expectation of privacy for e-mail, but that is something that the Supreme Court can overrule or not depending on what the Justices' personal take on the situation is.
Many people believe that the world is flat. Doesn't mean that it is.
There has never, ever been any expectation set that internet email is private. There have been many examples in the broader media that show how one might compromise email. Also, you have no way to assess the quality of the email service provider, network provider, or client environment.
Postal mail is more secure for 99% of the public for several reasons, including:
- A paper envelope is tamper-evident. My dad used to correspond with radio operators in the Warsaw Pact... envelope tampering was trivial for me to detect as a 5-year old.
- Stolen mail is stolen. You don't get the message. Detecting a pattern of missing mail is pretty easy.
- If you're not a police organization, tracking postal mail metadata is risky. Bystanders will notice somebody rifling through a mailbox every day. There really isn't a way to surveil outbound letters.
- It's a serious felony to tamper with mail. Linking physical mail theft to a perpetrator is pretty straightforward. Also, Postal Inspectors take mail integrity very seriously, sometimes too seriously. With electronic crimes, you probably have a 1/100 chance of finding a cop who understands your complaint AND has the means to do anything about it.
- It's much easier to implement physical security practices/procedures that keep secrets transmitted by mail secret than via digital means.
> There has never, ever been any expectation set that internet email is private.
When I send an email to somebody, I do expect that no human other than the recipient will read it, and that automated processes do not attempt to divulge meaning from its contents past that required for advertising (and that data is used for no reason other than advertising).
I expect that it might be read by the police with a warrant, as with anything else. I also expect that any post I send might be read by the police with a warrant - resealing an envelope is actually easy, and worst case scenario, they could simply use another envelope and copy the addresses and stamps, and I'd be none the wiser.
The technical ability to read my email has little/nothing to do with my expectation of privacy. Technically, someone could read all my mail with ease (it gets delivered to my apartment's hallway where anybody could pick it up), but I still expect that people will not do that. They could also read RF emissions from my apartment to figure out what I'm typing just now, and IIRC that's a violation of privacy.
I get it, it's 2015 and paper mail feels old hat. So waving away and dismissing concerns about the vulnerability of email feels like the right thing.
Do you affirmatively know that every email that you've ever sent isn't an account managed by a third party (like an employer) whom the recipient has ceded (or shares) control of their mailbox to?
Any employer can trivially read email, and many do so routinely. Most people allow for the sharing of devices in the household... So the spouse and kids can probably access the computer pretty trivially. That's two trivial examples that doesn't involve spy stuff or conspiracy theory.
You cannot access postal mail without a warrant or physically stealing the mail. Once received, you can physically destroy or secure it.
> Do you affirmatively know that every email that you've ever sent isn't an account managed by a third party (like an employer) whom the recipient has ceded (or shares) control of their mailbox to?
They could also send my post to them off to a processor for whatever reason. When I give my personal details to my ISP, they could sell them to advertisers. I expect that they will not, and feel violated when they do.
> Any employer can trivially read email, and many do so routinely.
If I'm sending an email to a UK employee, they in fact cannot legally do so in the general case - doubly so if it's a personal email.
> So waving away and dismissing concerns about the vulnerability of email feels like the right thing.
No, but there's a point to be made that just because something is possible and easy does not mean it should be legal or even right, nor that people should expect it to happen. If it were something I really wanted kept secret, I'd encrypt it - but most things I email are, while not things I would necessarily want public, not life-destroyingly secret either.
I don't expect or want to be tracked everywhere I go in public either, but I don't wear a mask to ensure I can't be. On the other hand, perhaps I might want to do so in some circumstances because the stakes are higher.
There has never, ever been any expectation set that internet email is private
Most normal people believe, intuitively, that email is private. You need to enter a username and password to send it, and you need to do the same at the other end to read it. Prima facie private, like physical mail.
Sure, you may believe the corporation providing your email service could look at your text, but a delivery company could do the same thing to your physical mail; it's just harder (but not impossible) to read physical mail without evidence of tampering.
WRT legal definitions, everything is a bit woolier. Case law sets precedent, and precedent can be based on circumstances in the past that were different than today. People using email used to be more technical, more aware of how insecure the whole thing actually is without a lot of effort. And service providers have a vested interest in disclaiming legal liability for breach of privacy; they'd much rather the public believe things are private, but not have any legal expectation of privacy. That way, they get to have their cake and eat it.
But here's the thing. We're talking about a legal viewpoint called a "reasonable expectation". And unfortunately, if we did live in a time where many people believed in the flat earth theory, then yeah, they would be a reasonable person.
There will be a time when future generations laugh at our current popular scientific misconceptions, but until then, that counts as reasonable belief. We just don't have the benefit of retrospection to know which things are crazy ahead of time.
Also, I do believe that email should be private, but that is a separate discussion.
The original legal question is about wiretapping. Previous posters asserted that people think email is technically secure. My assertion is that someone with passing knowledge of the subject does not believe that to be true.
Only if your expectation is that mailing your thoughts on what amounts to a digital postcard that passes through dozens of hands before it arrives to the destination is private.
What I meant was that most people assume it is secure. I mean only a few % at most has any clue how email works. I suspect most of my colleagues who has been working as developers for decades don't know that email may pass through dozens of hands. Of course if you know how it works you know its not secure, but very few people knows how it works.
In fact, one might say that email is more secure than normal mail, because normal mail doesn't have a password and is default delivered to a publicly accessible mailbox. If a neighbor wishes to invade your privacy via your email, how do they do so? Probably by entering your password somehow. If that person wants to steal your physical mail, how do they do so? By walking up to your mailbox when nobody is looking.
Also, email at least has a very plausible chance of being encrypted; even if you don't know what that means, your workplace may be doing it for you. But companies, including financial or accountancy firms, don't encrypt physical email to their customers.
I think most reasonable people have the belief that email is safer than mail, and in 2015 I think they might be right.