Email Privacy Myths

While you can expect a legal right to privacy in regards to your snail mail, email privacy is another thing altogether.

Email privacy myths are among the most persistent of the Information Age. They tend to linger, even as more people come to realize that, given the insecurity of the World Wide Web and other forms of electronic information exchange, very little of our personal information is truly confidential anymore.

We Americans expect that our postal mail will remain absolutely private, because that’s a right guaranteed by the Constitution. We tend to extend that assumption to electronic mail, too; but the fact is, you just can’t have the same expectation of privacy with email as you do with “snail” mail. In this article, we’ll explain why.

Prying Eyes

Because of its nature, email is fundamentally different than snail mail. One of the most common email privacy myths, for example, is that when you send someone an email, it goes straight from your computer to the recipient’s. That’s utterly false. Email goes through several hosts, at least, before it reaches the recipient.

Worse, email is like a postcard, in that it’s so public that anyone with access to it (such as the administrators of the host servers it traverses) can read it at anytime. Sure, it’s possible to encrypt it so that no one but you and your recipient can read it, and in fact that’s what a lot of security specialists recommend.

A snail mail equivalent would be rewriting a letter in code before you send it. It would be secure against casual snooping, but annoying to encode and to decode. And even if you encode your electronic messages, don’t assume your email privacy is certain. A determined hacker could probably decode it anyway.

Email on the Job

One place you should never, ever assume your email is private is at work. Given the Electronic Communications Privacy Act (ECPA) of 1986, no one can legally read email sent over a public ISP without a warrant. However, the ECPA offers no protection for email sent over a company’s private email server.

After all, the company owns the system the email is sent over, and can justifiably expect that its employees will stick to work-related issues with their email. But too often people forget that, and assume their email privacy is as secure at work as at home. It isn’t — and some companies actively monitor email use.

Email at Home

While you might expect some level of electronic privacy at home, based on the ECPA, you probably shouldn’t. Recent legal precedents have softened the edge of the ECPA, and in fact the government has begun to take the stance that the Constitutional right to mail privacy doesn’t extend to email at all.

In other words, if they want to, the federal authorities can read your private email for any reason, without getting a warrant. Besides, most ISPs make it clear in their Terms of Service (TOS) that they’ll willingly violate your email privacy if government officials ask them to.

Check your ISP’s TOS, and you’ll probably find you signed away any privacy rights when you signed up. Most major ISPs, including America Online and Yahoo, explicitly state that they have unlimited access to your email and can give it to the authorities without violating the Fourth Amendment to the Constitution.

The Fourth Amendment protects people against unreasonable searches and seizures “in their persons, houses, papers, and effects.” But legally, at least for now, it doesn’t apply to email. What this means is that your email isn’t secure from anyone, and so the concept of email privacy goes right out the window.