Tech at Night: Email technology behind the ECPA and IRS issues

Tech at Night

Email technology has changed over the years, and some people hope you don’t understand why, and how that matters for the issues of the day. So tonight I’m going to discuss how the technologies have changed, and why that influences the debates over both the Electronic Communications Privacy Act (ECPA) and the IRS missing emails scandal.

Back in the old days, email was basically an end-to-end technology. Servers between the sender and recipient were just handing the email off, and not storing them for any meaningful amount of time. The email would rapidly get from the sender into the recipient’s personal mail box. In the early days of the commercial Internet, that meant a “POP” mailbox, which would then be downloaded and cleared, landing on the user’s home computer.

This is why the ECPA was written as it was. It was assumed that users would store their data under their own control, and anything that was on a third party server was transient data en route from end to end. It wasn’t a meaningful privacy breach for a third party server to be looked into, if there even was an expectation of privacy (I don’t think there should be), so no warrant was needed.

This design of email flow worked as long as people had a single computer they used, and as long as nobody else cared about those emails. The former assumption was broken as technology advanced, adding laptops and phones into the mix. The latter was broken in corporate environments, where record keeping was important, and business leaders could face civil or even criminal penalties for allowing records to be destroyed.

So, two things happened. First, server-side email management technologies were created. Blackberry has one with the Enterprise Server, Microsoft has one with Exchange Server, and the rest of the Internet has the open IMAP standard. Once the emails were kept on that server side, then they could be archived as part of a Data Retention Plan, ensuring the records were kept whether the user lost them, deleted them from his personal mailbox, or whatever.

Data retention has been a requirement for years. It is a solved problem. It is simply not credible that IRS, an agency that itself imposes data retention requirements on the general public, would not have a data retention plan, with offsite backups and a generalized disaster recovery framework. Somebody is lying when it comes to Lois Lerner’s “missing emails,” and if this were going on in the private sector, somebody would be at risk of prison.

This also explains the hubbub about ECPA. A bunch of people these days are choosing to store their important, confidential emails on a long term basis on third party servers, such as Google’s. And well, they want to demand an expectation of privacy in that third party data retention. So they want to rewrite the law to impose a special warrant requirement on this data. Is that wise? I’m not so sure. I think we need to have a frank debate on whether people should be able to store data willy nilly, unencrypted on somebody else’s server, and have an expectation of privacy for that data.

So even as the US Government is claiming to have ‘lost data’ with respect to emails, and also had a huge inside job with Edward Snowden, watch as Democrats are surely going to use AT&T’s data breach as a pretext for big government.

I continue to oppose comprehensive Communications Act reform for the same reason I oppose all comprehensive bills: they end up helping lobbyists and hurting the general public, as we end up having to pass them to find out what’s in them. That said, Media Freedom and Tech Freedom both want the right thing done with this reform.

People will sell their privacy and cybersecurity for one dollar.

Which is why stuff like Silent Circle’s products will only be used by terrorists, criminals, and cranks.

The US Government is selling almost 30,000 bitcoins taken from criminals.

Marco Rubio is right when he points out we have a spectrum crunch ahead.

I’m surprised we may yet get Democrats to sign off on extending the Internet access tax moratorium.

FCC continues to discourage investment by doing the bidding of the extreme left re: Netflix paying to invest in faster Internet that it needs. If FCC barks at anyone who invests, then it will become the biggest obstacle to faster Internet in America.

Shocker: The fundamental insecurity of Bitcoin that they said would never ever happen, has become possible in practice.

Get Alerts