The 9th Circuit is hearing a Wiretap Act case that could have broad implications for online privacy. The MPAA hired a hacker who intercepted TorrentSpy employees’ confidential emails as the data was resting in storage on a server for a fraction of a second. The question is whether the data were in transmission or technically in storage. This issue involves how the internet functions – where data hop from server to server, but only stay for milliseconds – and the 1968 Wiretap Act seems pretty inadequate for the job.
The district court held that since the data were in storage, the Wiretap Act was not violated. As EFF, EPIC, and Orin Kerr have noted, this ruling could have disastrous implications for government spying. If the state does not need to obtain a warrant, Kerr warns, “The government could go to your Internet service provider and say, ‘Copy all of your e-mail, but make the copy a millisecond after the email arrives,’ and it would not be a wiretap.
Giving the government the ability to spy on anyone’s electronic communications without following the Wiretap Act would certainly not be a welcome change. But there’s another wrinkle to the case. EFF’s brief warns of ISP, not government, action. “Internet service providers could intercept and use the private communications of their customers, with no concern about liability,” writes EFF.
This is, it seems to me, a whole separate question from government snooping. What if I sign a contract with my ISP that allows it to look through all the data I send it? Would that be wiretapping? How explicit does the agreement have to be? We’ve already seen an example of the broadening of the Wiretap Act, when it was used to prosecute Tor researchers.
The government should be held to the strictest standard of privacy. One’s online communications should be as protected from government searches as a letter I have stored in my house. But voluntary contracts between private individuals are another matter. I should be able to make whatever agreements about my data I want.
The 1968 Wiretap Act appears ill-suited to address important privacy matters such as this in the online age.