Privacy of emails

By coincidence, the theme of the previous blog post (expectations of privacy in correspondence, electronic or otherwise) also crops up in an article by Simon Jenkins in the Guardian today. Jenkins’ piece is actually about media ethics, but it’s prompted by the renewed media feeding frenzy over a now slightly dusty scandal… revelations that the News Of The World had been hacking into the voicemails of people who they thought might thus provide juicy material for the presses.

At one point, Jenkins notes, the Crown Prosecution Service (i.e. the agency responsible for prosecuting alleged criminals on behalf of the state) advised the police that it was “illegal to hack into a message before, but not after, a recipient had heard it”… much as the 11th US Circuit Court ruled in Rehberg v Hodges.

As the number of forms of electronic communication continues to grow, and governments’ appetite for retention, interception and retrieval of those communications grows correspondingly, let’s just pick that concept apart and see why it’s so absurd – because absurd it surely is.

The idea of an expectation of confidentiality in communications probably has its origins in the establishment of monopolised state postal services. Before that point, you had to have a good reason to trust anyone to whom you gave a letter to deliver to someone else… though in practice those with something particularly sensitive to say also put their trust in means such as encryption and tamper-evident technology. The advent of a universal postal service meant that people had to feel that they could entrust their letters to – essentially – a complete stranger and still be confident that the letter would arrive intact.

There was, then, a clear expectation that a universal postal service should demonstrate great integrity in the handling of the correspondence put into its care – and sure enough, most such services are protected by specific laws to deal with ‘interference with the mails’. In other words, and not to overburden the word “confidence”, a letter from Sandra to Reece is entrusted to Pat as an intermediary. The contents of the letter are intended to be confidential between Sandra and Reece. Pat has no legitimate expectation of reading the letter for himself, because Sandra’s clear intent and expectation is that she is communicating only with Reece.

Now, what happens once Reece receives and opens the letter? Does that act somehow revise Sandra’s intention in sending it – so that, onceit is opened, she intends it to be read by people other than Reece? I don’t see why we should make that assumption. But just for the sake of it, let’s imagine that what Reece finds when he opens the envelope is another envelope: this one has written on it “Confidential: for Reece only”. So in this instance Sandra has made her intention and expectations explicit.

Reece opens the second envelope and finds inside a message which says “Dear Reece, I don’t want you to tell anyone else this, but I have discovered that I have a fatal disease, and probably only months to live”. Again, I don’t see anything in the act of Reece opening the inner envelope which revises Sandra’s intention and expectations in writing to him and him alone. She even says, in the contents, that she wants Reece to keep this information to himself… and that seems to me to be a legitimate expectation.

Of course, merely by disclosing the fact of her illness to Reece, Sandra is making it possible for Reece to disclose it to someone else – but I think there’s a clear difference between making that disclosure possible, and expecting or intending it to take place.

That is why I think it’s so perverse to rule that the act of opening a letter changes the sender’s legitimate expectation of the confidentiality of the contents. It’s also why I wonder whether initiatives like the Privicons plug-in – while doubtless well-intentioned – might have preverse consequences. After all, if there’s a button you can click which says “don’t share this email”, won’t that be taken to imply that – if the email has no such icon attached – you don’t mind it being shared? All in all, I think I’d be happier if we start with no “this email is sent in confidence” button – because I think the fundamental assumption should be that emails are confidential unless it’s explicitly stated otherwise.

It’s possible that that assumption is broken; but if so, that argues in favour of mending it, not discarding it.

With that in mind, I wish you a happy Data Privacy Day for tomorrow, Jan 28th.. I encourage you to spend it considering what digital footprints you leave in the course of the day, and to what extent they involve any consent and control on your part.