People concerned about e-mail security got a whole new reason to worry last year with revelations of secret government monitoring. Earlier this month, though, a U.S. Appeals Court told the government where to get off, at least when dealing with people in the Southern District of Ohio.

Security folk have been telling people not to assume that e-mail is secure since about the time that e-mail was invented. The three most common worries are misaddressing, forwarding and storage. It is all too easy to misaddress e-mail, either sending private mail to a mailing list or sending mail to the wrong person (autocomplete of e-mail addresses in e-mail clients has made the latter problem much worse). There is no way to ensure that e-mail you send to a particular person is not forwarded on. (Don't put anything in e-mail about a person that you do not want that person to see.) Finally, e-mail can be stored on laptops and other portable devices, which can get stolen or lost and the stored information compromised.

There generally has not been all that much worry about someone monitoring your e-mail as it flows from you to the recipient. The exception to the lack of monitoring is where e-mail is scanned for malware or, as is the case in some corporations, scanned for bad (in different senses of "bad") words or phrases. Some companies also routinely archive all e-mail. But these types of monitoring and archiving do not generally involve people looking at each message as it goes past.

An area of possible worry has been dishonest employees with access to the e-mail service itself. They could, in theory, look at the messages when they are stored in the user's mailbox. One high-profile case where this happened was the Councilman one (see "The fools gold ring of safety").

Last year, in an investigation of a Steven Warshak, the U.S. government decided that due process was inconvenient and compelled Warshak's ISPs to turn over copies of his e-mail without going through the process of getting a search warrant and told the ISP not to let him know what had happened. The government used a novel interpretation of the 20-year-old Stored Communications Act (SCA).

When Warshak belatedly found out about the government's action, he sued, asking for a preliminary injunction blocking the government from doing the same thing to him again and also blocking the government from using the SCA in the same way to get copies of the e-mail of anyone else in the Southern District of Ohio, where the case was heard. The district court granted an injunction and extended it to all ISPs in regard to residents in that district, not just those ISPs in that district.