From Wired

It was a little court case, but its impact on e-mail users could be huge.
Last week a federal appeals court in Massachusetts ruled that an e-mail provider did not break the law when he copied and read e-mail messages sent to customers through his server.

Upholding a lower-court decision that the provider did not violate the Wiretap Act, the 1st U.S. Circuit Court of Appeals set a precedent for e-mail service providers to legally read e-mail that passes through a network.

The court ruled (PDF) that because the provider copied and read the mail after it was in the company's computer system, the provider did not intercept the mail in transit and, therefore, did not violate the Wiretap Act.

It's a decision that could have far-reaching effects on the privacy of digital communications, including stored voicemail messages.

In 1998, Bradford C. Councilman was the vice president of Interloc, a company selling rare and out-of-print books that offered book-dealer customers e-mail accounts through its website. Unknown to those customers, Councilman had engineers write and install code on the company network that would copy any e-mail sent to customers from Amazon.com, a competitor in the rare-books field.

Although Councilman did not prevent customers from receiving their e-mail, he read thousands of copied messages to discover what books customers were seeking and gain a commercial advantage over Amazon. Interloc was later bought by Alibris, which was unaware that Councilman had installed the code on the system.

Councilman wasn't caught because customers complained about his actions; a tip about another, unrelated issue led authorities to discover what he had done.

But just what had Councilman done that was so bad?

Everyone knows that e-mail is an insecure form of communication. Like a postcard, unencrypted correspondence sent over the Internet is open to snooping by anyone.

Additionally, companies have the right to read their employees' e-mail, since the companies own the computer systems through which the correspondence passes, and employees send the mail on company time. And ISPs scan e-mail for viruses and spam all the time, before delivering the mail to the provider's customers.

But there is an expectation that service providers will access communications only with permission from customers, or when they need to do so to maintain their network. In fact, the Wiretap Act states that a provider shall not "intercept, disclose, or use" communication passing through its network "except for mechanical or service quality control checks."

In April, Google launched an e-mail program called Gmail that gives customers 1 GB of e-mail storage in exchange for letting Google's computers scan the content of incoming e-mails to seed them with related text ads. Gmail customers agree to let a computer read their e-mail.

In contrast, Councilman personally read customers' messages to undermine his competitors' business. He did so without customers' permission and with the knowledge that if his customers found out, his company would likely lose their business.

And yet the court found him innocent of violating the specific law under which authorities charged him.

The court ruled that because the mail was already on Councilman's computer network when he accessed it, he didn't intercept it in transit and therefore was not guilty under the Wiretap Act. The court said the mail was in storage at that point and, therefore, was governed under the Stored Communications Act.

Full Story