South Carolina decides that webmail isn't protected by privacy laws

Your email is private, electronically stored media, right? Wrong, at least according to the South Carolina Supreme Court.

In a unanimous decision, the Justices of the South Carolina Supreme Court ruled that email stored by a webmail service like Outlook.com or Gmail is not  'electronically stored' for 'purposes of backup protection.' That means that it doesn't conform to the Stored Communications Act of 1986 (which is obviously the first standard all matters related to digital privacy should be judged by...) and aren't protected by any of its privacy considerations.

Setting aside the sheer ridiculousness of deciding a case involving modern email based on laws that were written when the Apple II was still on the market, this means that it'll be a lot harder to defend your right to private email, at least according to South Carolina.

It doesn't necessarily mean that it's now okay to hack into someone's email (one of the Justices suggests that the outcome might have been different if the email account in question had been connected to a client like Outlook), but it does mean that the protections bestowed upon email by the powers that be are far more ambiguously defined, and that you might well be able to read someone's emails without getting into trouble.

This case is just another example of how outdated laws often are when it comes to technology, especially when it involves privacy. The fact that it takes the Supreme Court of a state to figure out how laws that are very clear in their original language even apply to the modern world is a huge red flag, and yet no one seems too eager to try and bring them up to date. Kind of makes you wonder if 'they' aren't looking for excuses to take advantage of the breakneck pace today's tech is moving at.

Source: South Carolina Supreme Court (PDF) | Via Ars Technica 
Court Gavel Image by Shutterstock

Report a problem with article
Previous Story

Nokia completes Vertu sale - but will Vertu go Android?

Next Story

Russian Orthodox Christians declare Apple logo ‘anti-Christian', replace it with cross

10 Comments

Commenting is disabled on this article.

As a general rule of thumb, always assume that the data you store in the cloud can be viewed by the cloud host and the government.

Chugworth said,
As a general rule of thumb, always assume that the data you store in the cloud can be viewed by the cloud host and the government.

This.

GS:mac

What happens when i use Redcube with an IMAP service? Is it IMAP or webmail? What if i host it on an internal network? What if i occasionally access that network from the outside? In which of these cases does Carolina's rulling apply, if i were a Carolinian?

Good thing data services hosted across state boundaries are inherently a matter of interstate commerce and subject to federal jurisdiction, rendering a ruling like this effectively meaningless.

xpxp2002 said,
Good thing data services hosted across state boundaries are inherently a matter of interstate commerce and subject to federal jurisdiction, rendering a ruling like this effectively meaningless.

Because obviously the Federal Courts are always way more just, especially when it comes to technology.

Phouchg said,
Ridiculous? Very. Expected? Totally.
If it isn't stored on a medium that belongs to you, it isn't your data.

There is a lot of data of yours stored all places that is still protected. Medical records... Bank Information... no?

puma1 said,

There is a lot of data of yours stored all places that is still protected. Medical records... Bank Information... no?

Personal data about me, but not mine. Medical records, employment history, income data, even my passport (where it's explicitly written so, too) belongs to the government. I trust my government (or do I? or just don't really have a choice?) to protect them. It is not unheard of that such trust is misplaced.

Bank information and various other access credentials and agreements belong to the institution in question.

In short - data always belongs to the body which provides the service. It's the weird way of thinking of mine, I agree, but pretty much every privacy policy does shun all the responsibility. What remains is business logic - you don't want to screw people too much if you want to stay in that business.