Yesterday, the Fourth Circuit Court of Appeals ruled that opening an email message does not strip the message of privacy protections imposed by Congress in the 1986 Electronic Communications Privacy Act (ECPA). In reaching its decision in Hately v. Watts, the Court repeatedly quoted a brief that the Center for Democracy & Technology (CDT) filed and the Electronic Frontier Foundation and the Open Technology Institute joined.
“This is an important victory for privacy. A contrary ruling would have meant that spam emails nobody opens are better protected from government access than sensitive, personal messages you open and save,” said Greg Nojeim, Director of the CDT Freedom, Security and Technology Project.
The case involved a civil dispute in which one party accessed another’s previously-opened emails, which were stored by a web-based email service. The snooping party claimed that because the messages had already been opened, they were no longer protected by ECPA. The Department of Justice has made similar claims in criminal cases, based on an errant reading of convoluted language in ECPA.
“The court cut through the haze, accounted for the intent of Congress to protect privacy, and reached the right decision,” Nojeim added.
The Court found that, unless opened email retained ECPA protection, users’ web-hosted emails accessed without the appropriate safeguards would not result in liability under ECPA. Accessing and benefiting from the use of those communications would carry minimal consequences.
The Email Privacy Act, passed by the House of Representatives twice in the last Congress, would clarify the law to remove any question about whether opening an email causes it to lose ECPA protection.