Thanks for this, this has clarified things for me. I think property rights do play a significant role here. To read physical mail, my postie must tamper with my property, whereas to read my e-mail, my ISP need only access their own server, and no part of their server is my property. By claiming a right to privacy here, I'm claiming a right to control what my ISP does with their own property. Arguably, if I want something to remain private, I shouldn't upload it unencrypted onto someone else's property.

I think you ought to ask yourself why you expect your unencrypted e-mail to be more comparable in security to a letter than to a postcard, and whether this expectation is justified. Perhaps it is simply because it is called 'e-mail' and displayed with a mail logo, rather than being called 'e-postcards' and displayed with a postcard logo? It seems to me that, in reality, unencrypted e-mail is far more like a postcard than it is like a letter.

Thinking about the rule that we have a right to privacy when we can have a reasonable expectation of privacy, it occurs to me that this is a bit circular. Looking for less circular yardsticks, I can think of:

• How much effort was put into privacy measures?
• How much effort would be required to bypass those privacy measures?
• Would bypassing those privacy measures involve a breach of property rights?

For physical mail, the answers would be:

• Some
• Some
• Yes

For e-mail, the answers would be:

• None
• None
• No

Equating the security of physical mail with that of unencrypted e-mail is not just plain wrong, it's downright insulting to physical mail.

oh no! physical mail might feel insulted!

there's probably a case that it isn't 'circular' so much as 'based on common law'. Still, it's vague and there probably is still scope for a richer definition.

if your letterbox is on the street, and everyone with google streetview can see it, but the only people who can see the outside of your inbox are you, a company you specifically pay to look after it, and arguably the sender, then I could argue that email should be *more* private than snail mail. (ignore for a second email or snail mail in transit, since we're talking about 'tampering with your letterbox')

Or would you argue that a household which employs a butler has no expectation of privacy in their home? It's not like they hide everything from their butler, rather, like an isp, a part of the butler's role (which they are paid for) is a certain amount of discretion. (ditto doctors and lawyers, only in those cases it's more explicit)

A postcard delivered by mail which means it must, at some stage, be handled by a human - the postman. An email is only seen by a human before arriving at the target computer when someone deliberately intercepts it. I expect my postcard to be able to be read by the postman and any sorting staff en route - although they are not allowed to reveal what they have read. I do not expect anyone to intercept my emails.

However, I should also be able to leave my car unlocked and expect it to be there when I return. I do not because of the prevalence of dishonest people. But if it is stolen the thief is not innocent of the crime of theft just as someone who reads my emails is not innocent of breaching my right to privacy.

Fine then, be like that, but don't expect me to stick up for you if physical mail insults your security. I mean, yeah, that didn't make sense literally, but there was a point there. Imagine 4 separate cases of people found guilty of reading someone else's mail. One read someone's postcard, one reads someone's unencrypted e-mail, one read someone's physical mail, and one read someone's encrypted e-mail. If we actually really literally mean that all forms of communication should be considered equal under law regardless of the form of the communication, even if some forms of communication are inherently more secure than others, then these 4 people should be given the same sentences. Do you really believe that?

It might well be common law, I'm not sure, but I think it's kind of circular too (it could be both). We start with the question "Did X have a right to privacy in this case?", then we apply the principle "There is a right to privacy if there is a reasonable expectation of privacy.", so the question becomes "Did X have a reasonable expectation of privacy in this case?" When is it reasonable to have an expectation of privacy? At least by one interpretation of 'a reasonable expectation' I think we would say it is reasonable to expect privacy if and only if you have a right to it, and we're back where we started, so I'm not sure the principle really helps.

Google Street View isn't updated in real time though, and even if it was it would still only show the outside of your letterbox.

I think this argument applies equally to ISPs and the postal service.

Okay, fair enough, unencrypted e-mail is more secure than a postcard in one sense. OTOH ECHELON would have been more difficult to do with postcards, so it's 6 of one and half a dozen of the other.

There's a difference, though, between saying "X is wrong and Y is wrong." and saying "X is morally equivalent to Y." I think if someone breaks into your car then it's likely to be considered 'premeditated', whereas if you leave your car unlocked it may be considered 'a crime of opportunity'. I think the latter may be considered a less serious crime, and I would certainly feel less sympathetic.

There may have been a point, but it didn't make sense. The point has been explained in other ways though, so we can move on.

I think an expectation of privacy is not so much about expectation of a legal right of privacy, but more an expectation that something will be private regardless of whether it is legally protected.

The reason you expect a conversation in your own home is private is not because it would be illegal to listen to it, but because you reasonably assume that no one would bother anyway. If said conversation is loud enough that the neigbours can hear it through no effort of their own, then you don't expect your conversation to be private, even if it were illegal for the neighbour to actually listen. Expectation does not depend on right, so there is no circularity.

I'll re-phrase that more literally. "anyone who is allowed in public" can see your letterbox, and with most letterboxes, anyone who sees it can fairly easily gain access to the contents. having a letterbox is like leaving your car unlocked, 24/7. (expanding that to say everyone with streetview probably wasn't helpful)

But this supports my position. I don't expect my unencrypted e-mail to be private, I expect it to be filtered by ECHELON. Therefore if I really care about privacy, I will not use unencrypted e-mail, and if I do use unencrypted e-mail, this demonstrates that I'm not concerned about privacy.

Okay, I see. I still think my physical mail is more secure than my unencrypted e-mail though, because if someone were to look in my mailbox, they would risk being seen by me or one of my neighbours.

If we are considering legislating for privacy, I want legislation that doesn't involve invading privacy, or depend on hoping there will be a whistle blower, a will to prosecute, and sufficient evidence to do so. That is, I want legislation that depends only on externally visible evidence.

I think perhaps it could be worthwhile legislating to require ISPs and PC manufacturers to support certain useful security measures, e.g. DNSSEC. IMHO a way to do this might be to put a tax on uncompliant computers/connections which is just enough to give a slight commercial advantage to compliant ones.

Something else might be disallowing companies from requiring disclosure of information they don't need before they offer a service (I think there might be an increasing trend for companies to do this). Not sure how practical this is though. It might be difficult to define what information companies need, and such legislation would probably require international cooperation to be very effective.

The bottom line for me is that providing people with the means to protect their own privacy, such as with encryption, would, IMHO, be the only effective way to ensure that people's privacy will actually be protected in practice. Declaring unencrypted e-mail to be private by law will not actually make unencrypted e-mail private. Putting governments in charge of protecting people's privacy is pointless, because the demonstrated lack of respect that governments have for people's privacy is a considerable part of the problem in the first place. IMHO declaring unencrypted e-mail to be private by law would essentially be the privacy equivalent of security theatre--providing the feeling of improved privacy while doing little or nothing to actually improve privacy.

For anything that I genuinely wish to be private, given the choice between having privacy in practice such as with encryption, or privacy in theory under law, I would choose the former without hesitation, because I consider it to be by far the better option. Would anyone else honestly choose otherwise?

Here's what I've collated for provisional options (I haven't put in letters yet, since they could all change if the options change). Thoughts?

Limiting government surveillance:

• [X] No policy
• [X] A referendum or 75% majority should be required to extend government surveillance powers under law
• [X] The government should refrain from using new technology for surveillance, at least until the issue has been subject to genuine democratic consideration
• [W] No confidence in the vote (if you use this option, you must place it first)

Promoting communication privacy with law:

• [X] No policy
• [X] Privacy of communication should be given more weight under law, but relative to the inherent security of the medium
• [X] All forms of communication should be considered equally private under law, regardless of the inherent security of the medium
• [W] No confidence in the vote (if you use this option, you must place it first)

Promoting communication privacy with technology:

• [X] No policy
• [X] Privacy measures such as encryption should be encouraged
• [X] Privacy measures such as encryption should be required in consumer products and services (requires 75% majority)
• [W] No confidence in the vote (if you use this option, you must place it first)

Addressing power imbalance:

• [X] No policy
• [X] When providing services, companies should not require disclosure of more information than is necessary for providing the service (requires 75% majority)
• [W] No confidence in the vote (if you use this option, you must place it first)