This is still a work in progress...
There has been a lot of news lately in response to the decision of United States v. Councilman, presented by the First Circuit Appeals court June 29, 2004. Surprisingly, there have been very few people who have voiced their opinion in favor of this ruling--this in spite of the fact that most technically inclined people tend to advocate 'technical solutions' instead of 'legislative solutions' whenever new laws arise that affect the Information Technology field.
One of the most criticised portions of the ruling was the sipulation permitted by the government, mentioned at the top of page 3 and reproduced below.
The parties stipulated to the following facts relevant to the transfer of electronic messages by the Interloc systems. An e- mail message, which is composed using an e-mail program, is transferred from one computer to another on its way to its final destination, the addressee. Building on the principle of store and forward, the message is handed to a Message Transfer Agent ("MTA") which stores the message locally. The message is routed through the network from one MTA to another until it reaches the recipient's mail server, which accepts it and stores it in a location accessible to the recipient. Once the e-mail is accessible to the recipient, final delivery has been completed. The final delivery process places the message into storage in a message store area. Often, a separate Mail Delivery Agent ("MDA") will be required to retrieve the e-mail from the MTA in order to make final delivery.
[ In this case, the Mail Transfer Agent (MTA) is sendmail and Mail Delivery Agent (MDA) is procmail, which I mention only in hopes that those who are aware of the programs might form a more solid image of the situation. ]
People have argued that 'final delivery' is not made until the user retrieves the message using a Mail User Agent (MUA). The case as it was presented attempted to prosecute under the Wiretap Act. Because of this, the court was right in considering only the duration of the SMTP session (the communication chain from submission to the first mail server through the final mail server)--or even just the communication between any two nodes on in the chain.
The Wiretap Act is primarily concerned with the interception of communications (a message) in transit. In a phone system, a call can go through several systems but at no point is it stored until it reaches the intended recipient (a person) or the system designated by the recipient to receive it.
Electronic mail does not necessarily work the same way. A user submits a message to a Mail Submission Agent (MSA) which then talks to a Mail Transfer Agent (MTA) which may either speak to another MTA (which may speak to another MTA and so on) or it speaks to a Mail Delivery Agent (MDA). Conservatively, the message is only in transit until it reaches the final MTA which will hand it to a MDA (sometimes the same process as the MTA). The case deals with events that happened after this final transmission, and therefore the act does not apply.
Furthermore, the more liberal definition of being in-transit allows system administers to effectively fix jammed message queues by diagnosing problems in the system as messages are accepted, written to disk, and then intended to be sent to the next MTA. Unlike in a telephone network, these messages may reside in non-volatile memory on a system for extended periods of time (often more than a day in cases of delivery difficulty). Moreover, there are several systems that are generally accepted as best practice to run on either side of an SMTP transaction; both spam filters and virus scanners perform an action not unlike what was described in this case. Likewise, Google's e-mail service reads all incoming e-mail when it is displayed and displays advertisements based on the e-mail contents.
H.R. something-something ...
There is no need for a legislative solution to a technical problem. PGP (along with S/MIME) are standard methods and are well supported in most major mail clients. They not only prevent others from reading your e-mail, but allow recipients to ensure the sender has not been forged.
--