Press reports say that three recently filed lawsuits
claim that Google and Yahoo are illegally spying on
the incoming mail of their webmail users. Two
of the suits, Diamond vs. Google and Sutton et al. vs. Yahoo,
are filed in Marin county court, the third, Penkava vs.
Yahoo is in Federal court in San Jose.
I only have copies of the Penkava case, since the county
court documents aren't online, but
according to press reports all three make the same
argument that the defendants are spying illegally on
incoming mail, under the California Invasion of Privacy
Act (CIPA.) So let's see how persuasive Penkava's
arguments are.
Penkava, who does not have a Yahoo account, claims that
Yahoo is wiretapping or eavesdropping on mail he
sends to Yahoo users.
The evidence is that they choose ads to
CIPA is a law about wiretapping, and I can't see any
connection at all to anything that a web mail provider
does beyond wishful thinking.
So I'm wondering how
Yahoo (and presumably Google in similar cases) will
make the suit go away. Possibilities include:
1. This law is clearly about telephone and telegraph wiretapping. Yahoo is not a telephone
company, and e-mail messages are neither phone calls nor telegrams.
II.a. Sec 631(a) limits its applicability to unauthorized connections to "any
telegraph or telephone wire, line, cable, or instrument". Yahoo Mail doesn't use
any of those.
II.b. Yahoo Mail's connection to whatever wires it does use is authorized, since
it is providing mail service for its customers.
II.c) Sec 632 refers to "any electronic amplifying or recording device." Yahoo
doesn't use them, either.
C) The law excludes "any public utility engaged in the business of providing
communications services and facilities..." To the extent relevant to this law,
Yahoo Mail is acting in the role of a public utility.
iv) A Federal law
called the Electronic Communication Privacy Act does regulate e-mail privacy,
so even if CIPA applied to e-mail it would be preemmpted. Under the ECPA,
Yahoo and Google's actions are legal since recipients can permit their
providers to "divulge the contents" of their mail.
It would certainly be nice if the US had meaningful privacy laws like Canada
and most European countries do, but it doesn't other than in a few narrow
areas like HIPAA for health care information. Attempting to twist
wiretap laws to do something they don't just wastes the court's time and
is likely to create case law that is hostile to any real privacy cases
that arise.
I'm trying to get copies of the two Marin County cases, and will report
back if they say anything interesting.
posted at: 11:26 :: permanent link to this entry ::
2 comments
comments... (Jump to the end to add your own comment)
Incongruity abounds
You are the president of an organizations that claims as its mission "defending the interests [of] all users in the areas of privacy and abuse in all its forms on the Internet," and yet your dismissive and derisive response to an effort to find a legal basis for e-mail privacy seems oddly incongruous with that."[P]rivacy ... in all its forms on the Internet" would seem to include the privacy of people who send e-mails to people with Google and Yahoo e-mail addresses, and yet you seem actively hostile to the very idea that those corporations' scanning of that incoming e-mail might be a violation of the SENDER'S privacy.
Neither of us is an attorney, but I don't think that the RECIPIENT of an e-mail (or other forms of electronic communications) has the authority to unilaterally waive the privacy rights (or expectations thereof) of the SENDER, nor is the sender given any notice of or opportunity to avoid the scanning of the contents of their e-mail â i.e., an auto-reply from Google and Yahoo saying something to the effect of, "By e-mailing this address at [Google/Yahoo], you waive your right to keeping its contents private. By clicking below to send your message, you acknowledge that you have received this notice and agree to waive your privacy" or words to that effect. Thus, this is a violation of privacy occurring *after* the fact, and without warning.
(And simply claiming that everyone knows that Google and Yahoo read their subscribers e-mails is not sufficient, as a sizable percentage of people who send e-mails to Google and Yahoo subscribers don't know that, and that knowledge does not constitute a waiver of privacy rights â any more than knowing that some cops conduct searches without warrants means that you grant them the right to do so. The issue is the legality of the conduct, not the degree to which the people who are harmed by it are aware of its probability.)
Moreover, your legal analysis of the technology involved seems shallow and rather hopeful, rather than objective and well-reasoned. Yes, Yahoo is not a telephone company like AT&T or Verizon, but it does use telephone (and cable) companies' infrastructure to receive the SENDERS' e-mails it is scanning. To that extent, it is not unreasonable for the plaintiffs in these cases to suggest that it might be violating statutes that govern the use of telephone and cable lines and services.
Conversely, your contradictory claim that Yahoo is a "public utility" seems based on a very broad (and inaccurate) understanding of the meaning of that term, while also undermining your previous argument that it is not a phone (or, more aptly, communications) company. Every company that provides a service to the public is not a public utility.
Finally, you state that "It would certainly be nice if the U.S. had meaningful privacy laws like Canada and most European countries do", but go on to then say that "Attempting to twist wiretap laws to do something they don't just wastes the court's time and is likely to create case law that is hostile to any real privacy cases that arise."
It's not clear how trying to adjudicate privacy claims that involve the use of telephone and cable lines by citing laws that govern telephone lines (and other communication cables) is a waste of the court's time â that seems to be what the courts are there for. Moreover, you don't provide any explanation for your claim that any case law that emerges from such litigation would be "hostile to any real privacy cases that arise".
How and why would preventing e-mail service providers from scanning non-subscribers' e-mail be "hostile" to privacy and privacy law?
(by CounterCorp
08 Oct 2012 22:44)
Hostile case law
A famous case that backfired is Gordon vs. Virtumundo, in which a guy in Seattle tried to stretch CAN SPAM to cover mail that it clearly was never intended to cover. His case lead to a 9th circuit decision that now makes it impossible for anyone in the western US to file a CAN SPAM suit, no matter how much actual merit it may have.
(by John L
08 Oct 2012 23:05)
Add your comment...
Note: all comments require an email address to send a confirmation
to verify that it was posted by a person and not a spambot.
The comment won't be visible until you click the link in the
confirmation.
Unless you check the box below, which almost nobody does, your email
won't be displayed, and I won't use it for other purposes.
