Email Privacy Protection Not Available Under Current US Law.

Share Article

In June 2004, the US Court of Appeals for the First Circuit confirmed that when email packets are stored temporarily on a server, the owner of that server has the right to copy and read the messages because the messages are no longer "in transit." Email Encryption software from PC Guardian Technologies protects enterprise email from malicious snooping and helps companies comply with a confusion of information security regulations.

Protecting email communications may seem like a no brainer. After all, it is illegal in most jurisdictions to eavesdrop on telephone conversations or to open another person's mail.

However, the concept that the protection offered to these forms of private communication has been extended to email was severely harmed in a recent decision by the US Courts.

In June 2004, the US Court of Appeals for the First Circuit confirmed in it decision US vs. Bradford C. Councilman a lower court's decision that email service providers can legally copy and read email messages sent through and temporarily stored on their servers. The court agreed with the defendant's argument that when packets are stored — even temporarily — on a server, the owner of that server has the right to copy and read the messages because the messages are no longer "in transit."

The court's rationale in the Councilman decision is that, under the U.S. Wiretap Act, email is legally protected only when the electrons pushing email through a network are actually moving, but that any moment those electrons stop moving, they are now "at rest" and subject to a different treatment under U.S. law.

In August 2004, bills were introduced in both the U.S. Senate and House of Representatives that would change the law to make viewing temporarily stored email illegal under the U.S. Wiretap Act. However, the Councilman decision may not be the only legal loophole that allows legal email snooping. The U.S. Stored Communications Act also states that "a person or entity providing a wire or electronic communications service" may "intentionally access without authorization" a wire or electronic communication "while it is in electronic storage" in the service provider's system.

As a result of these decisions, laws and regulations, enterprises must take even stronger measures to ensure that email communications are protected against unauthorized access. This issue is becoming increasingly important for all industries. The reasons:

• Defense contractors must ensure electronic communications are protected, based on the requirements of the US Patriot Act and the SAFETY ACT (which created the Department of Homeland Security).

• Health industry participants must ensure secure email transmissions in order to be in compliance with HIPAA (Health Insurance Portability and Accountabilty Act), which goes into effect April 2005.

• Financial services firms must ensure email communications are secure in order to be in compliance with numerous federal and state laws, including the Gramm-Leach-Bliley Act.

• Federal agencies are required to secure confidential communications, especially if they may contain information sensitive to national defense, under the requirements of the Federal Information Management Processing Act and other mandates.

That is why more than 50 firms and government agencies in the US, UK and Canada who are involved with the defense, healthcare and financial services industries use Encryption Plus Email, Encryption Plus Secure Export — or both — to protect email communications among their employees and between employees and vendors.

EP Email and EP Secure Export are enterprise applications, easy to configure and install, and very simple to use.

• EP Email is a plug-in for Microsoft Outlook or Lotus Notes Mail. It does not require the use or installation of a server, does not require digital certificates and does not require intensive user training.

• EP Secure Export allows a user to create encrypted bundles of files, which are compressed for easy emailing using any email client.

Both use strong, government-compliant (FIPS 140-2) cryptograhy to protect data, both work on the Windows 2000/XP operating system and both allow users who do not have EP Email or EP Secure Export installed to decrypt messages sent to them (using a password).

For more information about Encryption Plus Email or Encryption Plus Secure Export — as well as other client-based encryption software solutions — please contact PC Guardian Technologies Inc. at 800-288-8126 or email

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Steven Lerner-Wright