Tempted by Hotmail's recent gaping security hole to sneak a peek at your friend's email? Did you actually take a look?
Logic says you'd be in big trouble if you got caught. But logic is not the same as the law ... because there really isn't one.
Also:
Hits Keep On Coming Against MS
Hotmail Fallout: A Mere Trickle
Hotmail Hackers: 'We Did It'
Hotmail Accounts Exposed to All
Want Security? Forget Web Mail
Did MS Dig Its Hotmail Hole?
That's why the breach, discovered Monday morning and left open for nearly half the day before Microsoft finally closed it, probably won't produce a tide of litigation or lead to arrests of email peepers, say lawyers who specialize in Net privacy issues.
Besides, somebody has to complain first, and that hasn't happened, Microsoft officials say. And if there were a complaint, the perpetrator would probably get off relatively easy.
"You can assume the possibility of a small amount of jail sentence or a fine," said Charles Merrill, head of the high-tech practice group at the New Jersey law firm McCarter & English, when asked whether unauthorized email eavesdropping could be a criminal offense.
Still, it's tough to say how much trouble a person could get into for prying into someone else's email files without authorization, lawyers say.
Law enforcement, which levies heavy fines and even prison terms on those who commit snail-mail theft, simply doesn't know what to do when it comes to email thievery.
"You're speculating with old laws that come up in new ways," Merrill said. "We have to have a few case before we can be sure how they're going to be applied."
Technically, break-ins into email accounts could be prosecuted under the same laws that govern eavesdropping on telephone conversations.
The Electronic Privacy Information Act of 1986, most commonly applied to phone wiretaps, also prohibits "unauthorized access" to communications that are either being transferred or stored electronically, and that would encompass email.
But there isn't much precedent for prosecution of email eavesdropping. And it's unlikely that a law enforcement officer would make an arrest unless someone pressed criminal charges.
"You need a complaining party," said Peter Brown, a partner at Brown Raysman Millstein Felder & Steiner, a New York law firm.
Hotmail's security hole could still be the event that triggers a test case, despite the initial lack of complaints. The security lapse – exposed by a group of hackers – opened up more than 40 million email accounts to potential break-ins.
To spur a civil lawsuit, unauthorized email information would have to be used for some evil purpose, like using a pilfered credit card number for a buying spree, or circulating confidential medical information.
Simply reading an embarrassing post probably wouldn't qualify for a criminal offense either, lawyers say, because it would be difficlt to assess damages for that.
In the meantime, an increasing number of Net-savvy types are advising caution for putting confidential information on Web email.
"The person who really has a responsibility to keep information secret would not entrust it to Web-based email," Merrill said.
Related Wired Links:
'A Flaw Worse Than Melissa'
26.Aug.99
Hotel Hotmail
22.Mar.99
Hotmail Bug, Still an Open Book?
21.Sep.98
Another Freemail Security Flaw
31.Aug.98
Microsoft Rights Hotmail
27.Aug.98
Hotmail Open to Script Attacks
24.Aug.98
