How Private is Your Email?

By

Email is not as private as you think. While most of us know that work email can be monitored by our employers, what we may not know is that providers and “third-parties” who store your data – such as Google, Yahoo and Hotmail and the companies that store their data – can be monitored and legally subpoenaed to relinquish email if you are involved in a legal dispute or investigation.

In fact, with the digital footprint your email leaves in several places, it’s much easier to get a hold of than phone conversations and other messages. For instance, your email might be stored in multiple places: your computer, the Internet Service Provider’s (ISP) server, and the recipient’s computer.

While text messages can be stored by you and the recipient, your service provider typically deletes those messages from its servers within a short time. For example, if you read the terms of use for WhatsApp (a popular multi-platform messaging application), it commits to deleting your messages from its servers once a message is confirmed as sent. It will only store your messages for “up to 30 days” if the intended recipient wasn’t available.

Clearly, email leaves far more of a digital trail, and when you sign up for many of the free email services, the terms of use often include clauses stating that your communication is not private. Notably, companies like Google have been fighting to ensure they can continue to harvest data in email accounts to target ads more effectively to account holders. But allowing Google to sift through your email is a small price to pay for Gmail, right?

We seem to be okay with that tradeoff, but we don’t like it when the government pries into our data. By law, emails have some protection for a limited time period. The Stored Communications Act (SCA) requires investigators to obtain a search warrant for electronic communication that has been stored for 180 days or less. But after 180 days, protected status is lost, and the government can obtain the data using a traditional subpoena. Thus, the protections are narrow: a search warrant and probable cause are necessary to search a person’s home computer, but only a subpoena is required to convince an email provider to hand over the contents of an email account.

It’s a critical difference. A search warrant is issued by a judge and requires a law enforcement official to provide a sworn affidavit citing information that criminal activity is taking place. However, a law enforcement investigator without prior legal approval can issue an administrative subpoena, and grand jury subpoenas are also subject to a lower bar (less than probable cause). In the Texas civil court system, attorneys can issue their own subpoenas subject to certain rules. Subpoenas can be challenged, but the SCA provides service providers legal immunity for complying with subpoenas. Also third parties who store data on its servers often have protection from the SCA. In short, your email is relatively easy to access using the legal process.

Using a private domain (you@yourdomain.com) offers some upgraded protection over Gmail, Hotmail, and similar “public domain” email systems because you have some control over how the information is stored. But even if you go the lengths of operating your own server in order to control communication, you are still not safe from scrutiny.

Democratic presidential frontrunner Hilary Clinton is finding this out the hard way since her private email has been subpoenaed in relation to messages sent while she was U.S. Secretary of State. Instead of using “work” email, she allegedly used her own personal email to conduct official business at times. While it appears that she used a private domain and personal server that she controlled (and delete, apparently), whatever data remains is within the reach of a proper subpoena.

Experts suggest that encrypted email is the only solution for individuals and companies who must ensure the confidentiality of communication. Otherwise, assume that someone else could read your email, sometime, somewhere. Maybe that’s not such a bad thing for decency’s sake.

If you need legal advice, schedule a meeting with Tiwari + Bell PLLC through our website or by calling (210) 417-4167.