Hacking-by-subpoena ruled illegal

SecurityFocus has an interesting story about a legal case that has been having to deal with some interesting cyberlaw issues.

In a civil case, it appears that a litigant sent a subpoena to an ISP ordering for copies of all emails from a defendant's corporate account. The ISP complied (without notifying their customer or getting advice from their own council I might add) and received tonnes of emails that did not relate to the civil case at hand. The result? The defendants sued the litigant for privacy issues, lost, appealed... AND WON!

The problem with this whole thing is the precendence its setting. Throughout this case it seems like they ruled that a subpoena such as this is considered "breaking in", which could be spun to be used via the Computer Crime and Abuse Act and turn this into a criminal manner. Prosecutors love using this act because it's so broad in scope, and is why most hacking cases are based on this.

Personally, I think the ISP should have taken more due diligance in the matter and determined if the information (emails) they were about to release was lawfully allowed. Simply getting a subpoena without checking the scope and merrit is just dumb. Next thing you know hackers are going to start firing off legal-looking subpoenas and getting to read all your mail!

Thank god I digitally encrypt all my sensitive emails with either X.509 certs or via gpg with ascii armour, and host my own mail server. Hope you are doing the same.