Blog: Email Scanning by Gmail and Other ISPs: Should We Lose Our Privacy Rights When We Send Emails?

by Jasmine McKinney, Associate Staff

In late September, a federal judge allowed a lawsuit against Google to move forward, when ruling that Google may indeed be violating wiretap law when it scans the e-mails of users not using a Gmail account.[1]  Google utilizes automatic scanning of all e-mail that comes through its servers to work its spam filter, build user profiles, and target advertisements.[2]  The main concern is that when one reads Google’s privacy policy, there is no mention of the fact that the content of e-mails — either between Gmail users or Gmail users and users of other email service providers — are being collected.  This suit against Google has made it possible for similar lawsuits to surface against other e-mail service providers.  In early October, a class action arose claiming that Yahoo violates the Wiretap Act as well as other California laws that forbid intercepting private communications.[3]

The Electronic Communications Privacy Act serves to regulate the collection of content through wire and electronic communications.[4]  This Act was an extension to what is commonly called the “Wiretap Statute” and forbids the “intentional interception, use, or disclosure of wire and electronic communications unless a statutory exception applies.”[5]  There were two primary exceptions under the Wiretap Statute.  The provider exception grants providers the right to intercept and monitor communications in an effort to combat theft or fraud.  Additionally, there is also the exception that when information is readily accessible to public any person is permitted to intercept that electronic communication.  In 2005, the Second Circuit interpreted another exception to the Wiretap Act when it ruled in Hall v. Earthlink Network, Inc. that Earthlink’s continued reception of emails sent to plaintiff Hall’s account did not constitute an “interception” under the Wiretap Act because it was part of Earthlink’s “ordinary course of business.” [6]

Lawsuits such as the ones against Yahoo and Google have raised the question of whether e-mail users should have a reasonable expectation of privacy concerning the messages they send via a third party service providers.  The third party doctrine that was articulated in Smith v. Maryland where the Supreme Court held that once a person involves a third party in communication any legally enforceable privacy rights are lost.[7]  This is precisely the argument that e-mail service providers have attempted to make.  Regardless of which provider an individual chooses to use for their own personal e-mail, once a message is sent to a user who uses some other provider, one’s right to privacy is lost.  However, the question remains whether this doctrine should apply to email service providers like Google and Yahoo.

Aside from an expectation of privacy, there are a number of concerns raised by the use of automatic e-mail scanning.  For example, does Google use automatic scanning solely for the purposes it states or should users be concerned about something more?  Further, should users be concerned with whether the information that is scanned from the e-mails they send is stored by email service providers?  Overall, where should the line be drawn?  The fact remains that we live in a highly technology driven world.  If individuals cannot expect their communications via the Internet to be private, by what means can that expectation be met? Perhaps as this recent litigation continues to unfold, a clear answer will be given as to whether email scanning by service providers is indeed permissible under the Wiretap Act.