Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: Internet

10 Jul 2012

Three more ill-advised lawsuits against mail providers Internet

Press reports say that three recently filed lawsuits claim that Google and Yahoo are illegally spying on the incoming mail of their webmail users. Two of the suits, Diamond vs. Google and Sutton et al. vs. Yahoo, are filed in Marin county court, the third, Penkava vs. Yahoo is in Federal court in San Jose.

I only have copies of the Penkava case, since the county court documents aren't online, but according to press reports all three make the same argument that the defendants are spying illegally on incoming mail, under the California Invasion of Privacy Act (CIPA.) So let's see how persuasive Penkava's arguments are.

Penkava, who does not have a Yahoo account, claims that Yahoo is wiretapping or eavesdropping on mail he sends to Yahoo users. The evidence is that they choose ads to CIPA is a law about wiretapping, and I can't see any connection at all to anything that a web mail provider does beyond wishful thinking.

So I'm wondering how Yahoo (and presumably Google in similar cases) will make the suit go away. Possibilities include:

1. This law is clearly about telephone and telegraph wiretapping. Yahoo is not a telephone company, and e-mail messages are neither phone calls nor telegrams.

II.a. Sec 631(a) limits its applicability to unauthorized connections to "any telegraph or telephone wire, line, cable, or instrument". Yahoo Mail doesn't use any of those.

II.b. Yahoo Mail's connection to whatever wires it does use is authorized, since it is providing mail service for its customers.

II.c) Sec 632 refers to "any electronic amplifying or recording device." Yahoo doesn't use them, either.

C) The law excludes "any public utility engaged in the business of providing communications services and facilities..." To the extent relevant to this law, Yahoo Mail is acting in the role of a public utility.

iv) A Federal law called the Electronic Communication Privacy Act does regulate e-mail privacy, so even if CIPA applied to e-mail it would be preemmpted. Under the ECPA, Yahoo and Google's actions are legal since recipients can permit their providers to "divulge the contents" of their mail.

It would certainly be nice if the US had meaningful privacy laws like Canada and most European countries do, but it doesn't other than in a few narrow areas like HIPAA for health care information. Attempting to twist wiretap laws to do something they don't just wastes the court's time and is likely to create case law that is hostile to any real privacy cases that arise.

I'm trying to get copies of the two Marin County cases, and will report back if they say anything interesting.

posted at: 11:26 :: permanent link to this entry :: 2 comments
posted at: 11:26 :: permanent link to this entry :: 2 comments

comments...        (Jump to the end to add your own comment)

Incongruity abounds
You are the president of an organizations that claims as its mission "defending the interests [of] all users in the areas of privacy and abuse in all its forms on the Internet," and yet your dismissive and derisive response to an effort to find a legal basis for e-mail privacy seems oddly incongruous with that.

"[P]rivacy ... in all its forms on the Internet" would seem to include the privacy of people who send e-mails to people with Google and Yahoo e-mail addresses, and yet you seem actively hostile to the very idea that those corporations' scanning of that incoming e-mail might be a violation of the SENDER'S privacy.

Neither of us is an attorney, but I don't think that the RECIPIENT of an e-mail (or other forms of electronic communications) has the authority to unilaterally waive the privacy rights (or expectations thereof) of the SENDER, nor is the sender given any notice of or opportunity to avoid the scanning of the contents of their e-mail — i.e., an auto-reply from Google and Yahoo saying something to the effect of, "By e-mailing this address at [Google/Yahoo], you waive your right to keeping its contents private. By clicking below to send your message, you acknowledge that you have received this notice and agree to waive your privacy" or words to that effect. Thus, this is a violation of privacy occurring *after* the fact, and without warning.

(And simply claiming that everyone knows that Google and Yahoo read their subscribers e-mails is not sufficient, as a sizable percentage of people who send e-mails to Google and Yahoo subscribers don't know that, and that knowledge does not constitute a waiver of privacy rights — any more than knowing that some cops conduct searches without warrants means that you grant them the right to do so. The issue is the legality of the conduct, not the degree to which the people who are harmed by it are aware of its probability.)

Moreover, your legal analysis of the technology involved seems shallow and rather hopeful, rather than objective and well-reasoned. Yes, Yahoo is not a telephone company like AT&T or Verizon, but it does use telephone (and cable) companies' infrastructure to receive the SENDERS' e-mails it is scanning. To that extent, it is not unreasonable for the plaintiffs in these cases to suggest that it might be violating statutes that govern the use of telephone and cable lines and services.

Conversely, your contradictory claim that Yahoo is a "public utility" seems based on a very broad (and inaccurate) understanding of the meaning of that term, while also undermining your previous argument that it is not a phone (or, more aptly, communications) company. Every company that provides a service to the public is not a public utility.

Finally, you state that "It would certainly be nice if the U.S. had meaningful privacy laws like Canada and most European countries do", but go on to then say that "Attempting to twist wiretap laws to do something they don't just wastes the court's time and is likely to create case law that is hostile to any real privacy cases that arise."

It's not clear how trying to adjudicate privacy claims that involve the use of telephone and cable lines by citing laws that govern telephone lines (and other communication cables) is a waste of the court's time — that seems to be what the courts are there for. Moreover, you don't provide any explanation for your claim that any case law that emerges from such litigation would be "hostile to any real privacy cases that arise".

How and why would preventing e-mail service providers from scanning non-subscribers' e-mail be "hostile" to privacy and privacy law?

(by CounterCorp 08 Oct 2012 22:44)

Hostile case law
A famous case that backfired is Gordon vs. Virtumundo, in which a guy in Seattle tried to stretch CAN SPAM to cover mail that it clearly was never intended to cover. His case lead to a 9th circuit decision that now makes it impossible for anyone in the western US to file a CAN SPAM suit, no matter how much actual merit it may have.

(by John L 08 Oct 2012 23:05)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

Email: you@wherever (required, for confirmation)
Title: (optional)
Show my Email address
Save my Name and Email for next time


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing
209 days ago

A keen grasp of the obvious
New Hope for the Dead
52 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.