Want to Search My Email? Court Says You Need a Warrant
Back in the day (way, way back) the Founding Fathers recognized a great need that Americans still face today: the need to protect citizen’s privacy rights. In the Constitution, the Fourth Amendment guarantees that, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…”
I recently learned that when creating this Amendment, the drafters placed very, very special importance on one word: “papers”. That’s right, more than anything else, they loved their documents. After all, they chose to specifically include the word papers, even though they also mention the word “effects” (personal belongings, as in, “My effects, please“).
But what about today? What if the documents are not in paper form? What if they aren’t in your house? What if they aren’t even near your house or on your person? Is a warrant required in those situations?
If you haven’t guessed by now, I’m talking about our rights to e-mail privacy. Recently, a landmark court decision has finally shed some light on the ongoing debate as to whether the government needs a warrant in order to search and seize e-mails stored by an internet service provider. In U.S. v. Warshak, the Sixth Circuit Court of Appeals held that private emails are protected from warrantless searches. (For a full view of the opinion, click here).
As we all know, the government must first obtain a warrant to search items wherein a person has a “reasonable expectation of privacy”. In the Warshak case, the court basically concluded that the expectation of privacy is overwhelmingly great with respect to emails. They even went so far as to state that it would “defy common sense” not to apply Fourth Amendment protections to email messages.
Personally I am very pleased with the ruling. After all, papers are papers, regardless of whether they’re actually on paper or not (I’m sure the FF’s would agree on that). What surprises me however, is that this is just now being firmly addressed in court. What? You mean our e-mails haven’t been protected from search and seizure this whole time? And email has been around since as early as 1965! Looks like another case of the courts-struggling-to-keep-up-with-technology theme that makes its appearance so often here.
Prior to the Warshak ruling, e-mail privacy rules were murky at best. Courts tended to rely on the language provided by electronic communications legislation, often neglecting to enforce constitutional standards. For example, the Stored Communications Act states that the government must obtain a search warrant for unopened emails that have been in storage for not more than 180 days. As you might expect, the Act leaves it unclear as to what happens to opened e-mails, as well as messages stored longer than 180 days.
The lack of solid guidelines for email search warrant requirements has led to a pattern of questionable discovery practices by the government. What typically happens is that the government makes overbroad requests for copious amounts of email data, knowing that the court might easily rule either for or against the person’s privacy interests. The case might then be dropped as soon as it appears that the privacy interests would prevail. In addition to invasions of privacy, such practices have constituted a poor use of judicial resources.
The degree to which courts favor an individual’s email privacy has depended largely on the context in which the email is used. For example, in corporate settings like that involved in a previous Yahoo! warrantless email search case, courts are likely to favor corporate interests over personal email privacy. On the other hand, in a school setting, courts tend to enforce stricter Fourth Amendment standards for school administrators trying to view student’s emails. This lack of uniformity has further confounded the email privacy issue.
The Warshak case signals a much needed reform in the area of email privacy laws. To me, reform in this setting does not so much mean that new laws have to be passed. Instead, I’d favor a return to the consistent application of good ol’ Fourth Amendment constitutional principles, much like what happened in U.S. v. Warshak.
And it’s not only the basic warrant requirement and privacy expectation standards I’m talking about either. There should also be a push to make sure that warrants are more specific in describing which emails are to be seized. The Fourth Amendment also states that “warrants shall not be issued” unless they are “particularly describing the place to be searched and the persons or things to be seized”. This means no more overbroad discovery requests asking for tons of unnecessary emails in hopes of finding scraps of evidence.
Personally, in this era I can think of no more personal, private arena of life than our beloved electronic messages. Whether it is email, instant or text messages, we absolutely cherish our paperless trail of communications. And so to me, this recent ruling is very good news indeed, although it’s just a tad bit overdue. Maybe Gmail will start requiring a username, password, and…warrant number please?
Comments
Jay:
I recently defended against claims of trade secret misappropriation, unfair competition, etc. arising out of the individuals’ resignations and start up of a new competing business. Seeking injunctive relief, the proof of wrongdoing came in the form of defendants’ private e-mails attached to the moving papers. The e-mails had been stored on third party servers. Based upon that conduct, I filed a counterclaim for violation of various federal statutes under the Wiretap Act. I believe it changed the dynamics of the lawsuit.
Although I found no precisely fitting California case, a New York case exactly on point held in my favor. Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F.Supp.2d 548 (2008).
I now advise my employer clients about this expensive potential trap.
Hi DebraLewis:
Right, in an employment setting the issue of e-mail privacy becomes even more sensitive. In employment cases it appears that a key factor is whether the e-mails are stored on a third party server or on a work computer/employer server. Clearly, delivered e-mails held in storage by a third party server are protected to a certain extent by the Stored Communications Act. On the other hand, the expectation of privacy might be diminished if it is stored on a work computer or in an employer’s server.
The Pure Power Boot Camp case you mentioned has made it clear that the expectation of privacy in emails still exists even if it is a personal e-mail account used during work hours. However, this area is gray and can indeed be a potential trap. Employers and employees can help avoid confusion by keeping work and personal e-mails clearly separate, preferably through completely different log-in accounts. Thanks for your input and the case cite!
What are the ramifications, if any, of this ruling in private litigation situations which don’t have the protections afforded in criminal trials?
Hi Eleanor,
It appears that the protections only apply to criminal cases and not civil claims. It is my understanding that e-mail privacy in a civil situation would largely depend on what is dictated in the company’s individual employee policies. See also:
http://www.compliancebuilding.com/2010/12/20/email-warrants-and-corporate-email/
Thanks!