Bruce E. Boyden has an article in Cardozo Law Review (Vol. 34, No. 2). Here’s the abstract:
In recent years, it has become feasible for computers to rapidly scan the contents of large amounts of communications traffic to identify certain characteristics of those messages: that they are spam, contain malware, discuss various products or services, are written in a particular dialect, contain copyright-infringing files, or discuss symptoms of particular diseases. There are a wide variety of potential uses for this technology, such as research, filtering, or advertising. But the legal status of automated processing, if it is done without advance consent, is unclear. Where it results in the disclosure of the contents of a message to others, that clearly violates the federal law governing communications privacy, the Electronic Communications Privacy Act (ECPA). But what if no record of the contents of the communication is ever made? Does it violate communications privacy simply to have a computer scan emails?
I argue that automated processing that leaves no record of the contents of a communication does not violate the ECPA, because it does not “intercept” that communication within the meaning of the Act. The history, purpose, and judicial interpretation of the ECPA all support this reading: interception requires at least the potential for human awareness of the contents. Furthermore, this is not simply an accident of drafting or an omission due to the limited foresight of legislators. Under most theories of privacy, automated processing does not harm privacy. Automated processing may in some cases lead to harm, but those harms are not, in fact, privacy harms, and should be analyzed instead under other legal regimes better adapted to dealing with such issues.
(Bruce E. Boyden must be a good friend of John Yoo.)
The point of automatic processing is to flag certain emails, based on the words they contain, for further human processing.
The harm it does is that it suppresses free speech. We can easily guess what words might flag our communications and therefore we will avoid using them. If that isn’t an impediment to free speech, I don’t know what is. Furthermore, the right to speak freely with close associates is fundamental to our privacy.
If we can’t have a reasonable expectation of privacy in our emails, the great American Experiment is pretty much over.
I tend to agree with you, but that wouldn’t take away from his point that automated processing might not violate ECPA. I’d prefer to assume he’s correct and try to get Congress to update ECPA in a way that would make it something that requires a court order.
But what if no record of the contents of the communication is ever made? Does it violate communications privacy simply to have a computer scan emails?
I’d say No, Most of us prefer computers to scan our emails on a regular basis for the purpose of checking for SPAM for example, so long as no records are kept of the content of the email or even the headers preferably.
Now if said computer system is actually deleting these emails because they contain copyrighted files or just anything the government doesn’t like and is mandatory to use, then that most certainly crosses a line and needs to be stopped.