What Does “Natural Male Enhancement” Have to Do With Email Privacy? A Lot.

What's to come?
Aug. 28 2013 8:00 AM

Thanks, Smilin’ Bob

How a court case over “natural male enhancement” pills helped improve email privacy.

(Continued from Page 1)

An early magazine ad for Enzyte claimed that the product had been developed by “Dr. Fredrick Thomkins, a physician with a biology degree from Stanford; and Dr. Michael Moore, a leading urologist from Harvard.” But as Teegarden would later admit on the witness stand in the federal case against the company, “Those two doctors did not exist.”

The 96 percent satisfaction rate too was illusory. After receiving an email from Warshak, Teegarden simply created a spreadsheet of 500 people drawn from the Enzyte customer database, then marked 480 of them as either “satisfied” or “very satisfied.” Voilà—instant customer survey.

Berkeley’s approach to marketing its products was perhaps best summed up by a February 2005 email from Warshak that explained the secrets of his advertising success. “GET 3–4 BOTTLES OF WINE​...​THEN SIT AROUND AND MAKE SHIT UP!!” he wrote. “THAT’S WHAT I DO​...​BUT WRITE IT ALL DOWN OR YOU’LL FORGET IT THE NEXT DAY.”

Advertisement

Warshak argued that his company was simply the victim of its own success, overwhelmed with orders and run by people with no real experience in business at this scale. Berkeley’s “operational deficiencies,” as Warshak’s lawyers called them, were simply “a byproduct of unsophisticated business practices in Berkeley’s formative years and Berkeley’s virtually unprecedented growth, rather than the result of criminal fraud.” As evidence, they noted that the company had finally abandoned its undisclosed auto-ship program after several years and had installed an automated system to record all calls with customers. It even set up a compliance department, which at one point had nearly fifty employees, to ensure that customer interactions were aboveboard.

As for the government’s negative spin on Berkeley’s business practices—well, this was merely normal corporate behavior, went the defense argument. “Negotiating with customers to try to save sales, implementing strategies to recover credit card transactions that were declined, and continuously revising corporate policies regarding refund and guarantee programs—all of which the government sought to criminalize—are standard American business practices,” wrote Warshak’s lawyers.

They didn’t convince either a jury or a set of appeals court judges. (As Judge Boggs eventually wrote of the company, “A reasonable juror could easily conclude that Berkeley’s sales operation was, for the entire duration of its existence, little more than a colossal fraud.”) After a six-week federal trial in early 2008, Warshak was sentenced to 25 years in prison, and he had to surrender $459 million in proceeds from the sale of Berkeley products and another $44 million for money laundering. His mother, Harriet, got two years in jail. Berkeley eventually entered bankruptcy.

The case had been made partly on the back of Warshak’s private emails, even though he had taken numerous precautions to secure these. Somehow the feds got their hands on those messages even before they obtained a search warrant. How had it happened? The answer to that question made the Enzyte case a pivotal piece of Internet law—and revealed how investigators had learned to lean on another key pressure point in the Internet ecosystem: third-party servers.

***

Warshak’s emails had helped to secure the 112-count indictment against him from an Ohio grand jury in 2006. But when the government finally turned over its evidence against Warshak in the run-up to his 2008 trial, his lawyers noticed something strange: The government had grabbed 27,000 of Warshak’s emails even before executing a 2005 search warrant on Berkeley’s corporate headquarters.

This didn’t seem possible. Warshak’s email provider, NuVox, deleted his messages from its servers after Warshak’s computer grabbed a copy of them. To get access to the messages, the feds should have had to infiltrate Warshak’s computer or wiretap Warshak’s Internet connection to look for email on the wire. But there had been no software subterfuge and no Internet wiretap. Instead, government lawyers had sent NuVox a letter on Oct. 25, 2004, demanding that the company “preserve” copies of Warshak’s future emails. The company complied without notifying Warshak, maintaining a private cache of all his messages rather than deleting them when his computer downloaded copies. The feds then returned twice in 2005 with court orders—but not with the much-harder-to-get warrants—to collect the emails that had been “preserved” for them.

Warshak’s lawyers were furious. The Stored Communications Act covers situations like this one in which user data is held by a third-party service like NuVox or Google or Yahoo and is stored on that company’s servers, and it makes that data fairly simple to get. Full warrants are often not required, in part because such surveillance is “retrospective”; the government gets access only to messages already stored on the server by a suspect. Even the name of the act makes this distinction clear—it was meant to cover “stored” material.

“Prospective” surveillance is generally covered by a different law, the Wiretap Act, and by the much more stringent requirement to obtain a “probable cause” warrant first. Orin Kerr, a leading Internet privacy scholar, notes that “prospective surveillance tends to raise difficult questions of how the communications should be filtered down to the evidence the government seeks” and that “retrospective surveillance usually presents a less severe filtering challenge.”

In Warshak’s case, the government had used a retrospective process to gain access to prospective messages. The SCA does allow the government to issue “preservation” requests, but these apply only to existing records that might be at risk of deletion; they do not apply to future messages. The Department of Justice’s own surveillance manual made this clear even at the time, reminding agents that preservation requests “have no prospective effect. ​... ​[Preservation] letters can order a provider to preserve records that have already been created, but cannot order providers to preserve records not yet made.”

The fundamental issue went deeper than the improper preservation request, however, and struck at the heart of the SCA. If the government had to get warrants to open a suspect’s postal mail or to search his home, why didn’t the government need a warrant to seize email stored on a third-party server? Wasn’t this an “unreasonable search and seizure” under the Fourth Amendment?

Warshak appealed his 2008 conviction to the 6th Circuit Court of Appeals, saying that “the issue of whether the government’s secret ex parte [one-sided] acquisition of private emails without the consent of either the sender or recipient, without a showing of probable cause, without a warrant, and without limits on the scope of the privacy invasion authorized is one of grave importance in an age where email communications have largely replaced letters as the universal means of written communication and have made substantial inroads on the use of the telephone.”

The Electronic Frontier Foundation, the organization co-founded by John Perry Barlow, weighed in on Warshak’s side during the appeal. “Put simply,” it wrote, “the government misused the SCA to conduct a ‘back door wiretap’ of Warshak’s e-mails and bypass the Wiretap Act’s strict requirements, including its requirement of probable cause.”

A three-judge panel of 6th Circuit appellate judges took up the question in a lengthy opinion handed down on Dec. 14, 2010. To address the Fourth Amendment issue, the judges first had to decide if taking the emails from NuVox constituted a “search” at all—with “search” in this case defined as the government infringing upon “an expectation of privacy” that “society is prepared to consider reasonable.”

The first part of the definition proved simple to answer. Warshak clearly expected his messages to remain private. As the judges wrote, “Given the often sensitive and sometimes damning substance of his emails, we think it highly unlikely that Warshak expected them to be made public, for people seldom unfurl their dirty laundry in plain view.”

Did society concur that this expectation was reasonable? That depended on how literally the judges interpreted the Fourth Amendment—and whether they sided more with a famous bootlegger or a famous gambler.

***

The Fourth Amendment to the U.S. Constitution wasn’t written with email in mind. It protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” and says that this security “shall not be violated, and no Warrants shall issue, but upon probable cause.” Read literally, this applies much more obviously to tangible items than to electrical signals on a wire.

In 1928, former President William Howard Taft confronted this issue as a Supreme Court justice. The court had taken the case of famous Seattle bootlegger Roy Olmstead, a onetime police lieutenant who set up a thriving trade in alcohol during Prohibition. Olmstead operated quite openly in Seattle, eventually becoming one of the area’s largest employers. He had an office downtown complete with six telephone lines to take orders for booze.

Prohibition agents wiretapped these lines without a warrant and used the taps in their case against Olmstead and his crew. Police eventually arrested 90 people, including Olmstead and his wife—who were accused of doing $2 million in prohibited sales per year.

The government obtained convictions, but the case was appealed to the 9th Circuit in San Francisco and then to the Supreme Court in Washington, D.C., Olmstead’s key contention was that his Fourth Amendment rights had been violated by the warrantless wiretaps. The government argued, however, that its phone taps had occurred outside Olmstead’s office building; therefore, it had not “searched” his person, property, or possessions. No warrant was needed.

Taft wrote the majority decision in the case, one woodenly literal in its interpretation. “The reasonable view is that one who installs in his house a telephone instrument with connecting wires intends to project his voice to those quite outside, and that the wires beyond his house and messages while passing over them are not within the protection of the Fourth Amendment,” he wrote. “There was no searching. There was no seizure. The evidence was secured by the use of the sense of hearing and that only. There was no entry of the houses or offices of the defendants.”

But as the telephone became ubiquitous, the Olmstead ruling became more difficult to defend. U.S. law had protected the security and privacy of the postal service since the republic’s early days, but the police were now free to listen to anyone, anywhere, so long as they resorted to an outside-the-home phone tap. Could it really be the case that the privacy of a conversation depended solely on the medium used to hold it?

This was untenable, and in 1967 the Olmstead decision collapsed as another Supreme Court articulated a wildly different privacy standard. The justices were this time dealing with small-time gambler Charles Katz, who had been arrested in Los Angeles after another warrantless wiretap. Katz routinely left his home and walked down to a group of three public pay phones, where he placed a series of calls at the same time each day. FBI agents investigating Katz for interstate gambling placed microphones on the outside of two phone booths; the phone company put an “out of order” sign on the third. A recording device on top of the booths captured Katz’s conversation, which consisted of cryptic phrases like “give me Duquesne minus 7 for a nickel!” No warrant had even been sought.

  Slate Plus
Slate Picks
Dec. 19 2014 4:15 PM What Happened at Slate This Week? Staff writer Lily Hay Newman shares what stories intrigued her at the magazine this week.