IT Law Journal

administrator January 3rd, 2005

Legal Minutiae On E-Mails
by Jaime N. Soriano

Electronic mail (or usually known as ‘e-mail’) is one of the most popular and widely used features of present-day Internet technology. In fact, it is dubbed as the “killer application” of the Internet. Billions of people send and receive e-mail messages everyday. Many studies have shown that the bulk of network traffic in the Internet is e-mail related. This technology has even posed a serious threat to the viability, if not the existence, of postal and facsimile service systems.

It is understandable why e-mail is very popular. It is fast because transmission and exchange of information happens in real time. It is cheaper compared to other forms of communication technology. It can accommodate large streams of data in text and other forms of multi-media, as attachments. It is capable of sending messages and data simultaneously to various recipients. It is user friendly because it does not require special technical skills or knowledge to use e-mail. It can be integrated, or capable of converging, with other communication technology like cellular phones. It is capable of preserving and following the trail of data or information transmitted through the network. And it supports the application of data protection and security tools, like encryption, password, cryptography, electronic signature, and anti-virus software, which would enhance integrity and reliability of communication.

The E-Mail System

E-mail is the system of transmitting computer-based messages over telecommunications technology.

An e-mail can be a simple text message, a hypertext (linked) message, or it could include attachments of documents, spreadsheets, graphics, video, pictures, applications or executable files, or it could be in the form of encrypted message containing classified information.

E-mail users must have an email address consisting of two (2) parts separated by the symbol @: the user or account name and the domain name (the Internet registered name for the entity). Ex: myname@domain.com.

The e-mail system is based on a “client-server model”.

The e-mail client carries the user’s interaction with the server. It can either be: application-based (like Outlook or Eudora) or web-based (like Hotmail or Yahoo). E-mail clients carry other functionalities like an address book and an organized e-mail message display. It also holds the account information of the user, the IP (Internet protocol) address and the e-mail server to which it communicates in sending and receiving electronic messages.

The e-mail server is the host computer with a large storage capacity that operates a combination of processes, lists the users, defines rules and protocols, and sends, receives and stores electronic messages including attachments without frequent user intervention.

An e-mail server has one or more unique TCP/IP (Transmission Control Protocol/Internet Protocol) address that identifies the network address of the machine or the domain represented by 4 block numbers from 0 to 256 separated by dots. TCP/IP uses ports to allocate different jobs for different Internet services like file transfer, browsing or email. The e-mail server conducts e-mail services by running these processes in the same machine: POP3 (Post Office Protocol 3) and SMTP (Simple Mail Transfer Protocol). These processes are linked by an internal mail delivery system that moves the mail between POP3 and SMTP servers.

POP3 servers hold e-mails in a queue and deliver them to the client when requested. SMTP receives outgoing e-mails from clients and sends and receives e-mail from other SMTP servers. In order for clients to collect e-mail from e-mail servers, they also use POP3 servers. Clients must supply a username and password to the server in order to log into their account or POP3 mailbox. The e-mail server will respond with the number of messages waiting and the client can initiate a ‘de-queue’ command to download the queued e-mails. The messages will either be deleted from the e-mail server or marked as read so they are not downloaded again.

IMAP (Internet Message Access Protocol) may be used in lieu of POP3 for accessing e-mail stored on a server. It is a protocol that allows users to perform certain e-mail functions on a remote server rather than on their local computer. The fundamental difference between accessing e-mail via IMAP as opposed to POP3 is that the former does not download the messages and store them locally as POP3 does. All message manipulation, such as opening, closing and deleting, is carried out on the server. This makes backup simpler and security tighter since no emails are actually stored locally on the users’ personal computer.

SMTP is the language that most mail servers use to send messages between each other. When a message is sent, it uses DNS (short for ‘domain name service’) to convert the domain part of an email address (i.e. @domain.com) to the TCP/IP network address of the machine that maintains the domain. It then connects to that IP address using port 25 and communicate the sender’s and recipient’s email addresses and the body of the message. SMTP can only transmit text. Thus, this creates a problem when it comes to sending images, video and other attachments via e-mail. SMTP gets around this problem by using two different methods: Uuencode (Unix-to-Unix encode) and MIME (Multi-Purpose Internet Mail Extension).

Uuencode assumes that the file or attachment contains binary information (1s and 0s). It converts this binary information into text using a simple mathematic equation, similar to encryption. Once UUencode has converted an attachment into text, it can now travel via SMTP. The need for a system to translate the array of constantly changing attachment formats that could not be handled by Uuencode led to the development of MIME. The latter works in a similar way as the Uuencode but creates a header that it wraps around each encoded attachment that permits the encoding of sound and images. The choice between using Uuencode or MIME is normally dictated by the sending email server.

E-mail servers could also be: a local mail server or a web mail server.

A local email server provides a single point where all e-mail traffic can be monitored and controlled to prevent the spread of viruses and other potentially harmful content. Interaction is application-based using an email client.

A web mail server (like Hotmail or Yahoo), on the other hand, has the advantage of accessibility and convenience. It is possible to provide web mail services on a local e-mail server that can be accessed from off-site locations. Web mail does not have the full feature set of an installed client, such as Outlook or Eudora, but users find that it fulfils the basic read, write and reply services they require. Generally, the use of third party web mail is discouraged, unless the service is properly controlled and monitored.

Legal Risk in Sending E-Mails

The following are the possible risks in sending e-mail messages:

• the content of e-mail messages could be the basis for a libel or damage suit. Over an e-mail that criticized her talk show and her persona, television personality and actress Kris Aquino filed a libel suit claiming P80 million in moral damages against GMA Channel 7 executives.¹
  In October 2000, a disgruntled ex-employee who made false accusations against a former employer through a series of e-mails under a false name using a hotmail account has been ordered to pay £26,000 damages and costs estimated at £100,000 in a landmark ruling before the civil courts in UK. Despite the denial of having sent the e-mails, expert evidence traced the e-mails back, via the IP address, to a laptop used to send the emails. The hunt for for the ex-employee included disclosure orders being issued against ISP CompuServe and Microsoft to force them to hand over account information. ²

In another case on September 2001, two London lawyers faced a lawsuit for sex and racial discrimination over an e-mail in which one of them asked for a ‘busty blonde’ as a replacement for their black secretary.³

• sending e-mail attachment of copyrighted work could result in infringement suit and criminal prosecution. Under Section 172.1 of the Intellectual Property Code (Republic Act No. 8293) certain literary and artistic work are protected from the moment of their creation. This protection includes musical composition and computer programs. Reproduction or distribution of these works as attachments in e-mail messages disseminated to the public under circumstances defined in Section 177 of the law may constitute infringement of copyright. Also, Section 33 (b) of the E-Commerce Act of 2000 (Republic Act No. 8792) also penalizes piracy, and unauthorized copying and distribution of protected materials.
• sending spam and unsolicited e-mails could be an unfair business practice. In October 2003, the Santa Clara County Superior Court in California ordered PW Marketing and owners Paul Willis and Claudia Griffin to pay $2 million in civil penalties in an anti-spam lawsuit for violating state laws prohibiting unsolicited commercial e-mail, false advertising and unfair business.⁴ The Philippines has no anti-spam law at the moment.
• an e-mail message is admissible as evidence in law as it has the functional equivalent of a written document and could establish a right or extinguish an obligation in our jurisdiction. With the enactment of the Rules on Electronic Evidence by the Supreme Court,⁵ an e-mail message can be deemed as electronic evidence and is admissible as evidence in courts and quasi-judicial bodies for civil, criminal and administrative cases provided it is competent, relevant and can be authenticated in the manner provided for by the Rules.

Legal Threats in Receiving E-Mails

In receiving e-mails, the users are exposed to a wide array of on-line fraud, cyber crimes or potential harm or damage to the users’ computer systems, like the following:

• Phishing. On 10 January 2004, a Citibank ‘phishing’ e-mail began making the rounds, warning Citibank customers of possible fraud affecting their accounts and urging them to login to check the status. “Phishing” is an e-mail scam designed to defraud customers of their credit card numbers and other personal information that can then be used for identity theft. Typically, the email message employs some kind of scare tactic designed to entice users into visiting a site and divulging their critical financial and personal details. Unsuspecting users of Internet Explorer are duped into believing they are on one website when in fact they are on another. The exploit involves inserting the hex 0×01 between the legitimate site’s address and the actual hosting address. This causes the legitimate website address (www.citibank.com) to appear in the address bar, but the actual site being displayed is that of the criminal, in this case a North Korean website.⁶
• Spam. Spam e-mail is generally defined as the sending or transmission of unsolicited e-mail, usually to many people. A message written for, and mailed to, one individual that is known to the sender is not spam, and a reply to an e-mail is not spam, unless the “reply” repeats endlessly. Spammers intrude e-mail filtering methods by using different email address for each mailing, or the most common, by forwarding his email through an intermediary to conceal the actual origin of the mail. Spam is basically utilized as a marketing tool for business. It proliferates because of the widespread use of e-mails. It virtually costs nothing to send emails and spammers find the lack of adequate e-mail regulations as a good recipe for exploitation.⁷ The Philippines has no specific law against spammers. But Article 19-21 of the Civil Code on human relations may be the basis to claim damages subject to the issue of jurisdiction over the violator.
• Viruses. Almost everyday, e-mail users have to contend with different computer viruses that proliferate in the Internet. A ‘virus’ is a computer program that harms and halts computer systems and memory. It is capable of transmitting itself across the network without the knowledge of the user even bypassing security systems. At the moment, computer viruses are easily acquired through e-mails.
• Nigerian E-Mail Fraud. In this scheme, the user will receive an e-mail message from a stranger purporting to have access to millions of dollars of funds. The bait is the fictional millions of dollars described in the message usually based on verifiable historical facts. The goal of this ‘advance fee fraud’ is to get the victim to come up with money for the “expenses” required to transfer those millions of funds The victim thinks, a few hundred or a few thousand dollars is trivial when $31 million is at stake. Each demand for more money is claimed to be the very last obstacle before the big money is released. Sometimes, the victim is lured to Nigeria, where even worse things happen. E-mail addresses are obtained in the same way that spammers get them. Perpetrators of this fraud are normally ruthless and violent criminals.⁸
• Stealing Personal Data. In The most common type of email fraud include email messages sent to the user for the purpose of stealing personal and financial information. These emails claim to be from legitimate sources the user use and trust and try to entice him to provide different types of personal and confidential information including online ID’s, passwords, Social Security number and bank account numbers. In this jurisdiction, Section 33 (a) of the E-Commerce Act of 2000 (RA 8792) penalizes “hacking” or “cracking” which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system.

Legal Protection in E-Mail Usage

There are various means available to protect e-mail users from risk, legal or otherwise. Some of these measures include:

• Entities must adopt a “content security policy” where employees acknowledged that the web and email system belong to the company and may be monitored.
• Installing enforcement, blocking or filtering tools” to block communications with illegal, malicious or spam messages.
• Adopting the use of “legal disclaimers” in sending e-mail messages.
• Implementating an “acceptable use policy (AUP)” for e-mails
• Choosing a “reliable ISP” (Internet Service Provider) to serve e-mail requirements.
• Preferably, using an “application-based e-mail client”.
• Keeping the “confidentiality of passwords and other vital information”.
• Installing reputable “anti-virus programs” to screen all e-mails messages and “anti-spyware or adware application” when going on-line.
• Installing “firewall” systems (both hardware and software). Firewall is a device that explicitly controls network access to computer network and allows the users to monitor the type of traffic passing in and out of the network and react accordingly.
• Observing the proper “netiquette” (or the etiquette-of-the-Net or the appropriate behavior to follow when communicating online, particularly in e-mail).
• Exercising and observing proper “caution in your language” when sending, or replying to, e-mail.
• Adopting the use of “electronic signature” (any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message)
• Investing in the use “digital ID or signature” or “cryptographic systems” (devices to encrypt messages into a secret code provided by reputable so-called certification authorities)
• Printing and keeping a file of the printed copy of, vital e-mail communication or messages.
• If available, obtaining “liability insurance” policies for Internet and e-mail.

The foregoing measures are by no means exhaustive but their application in computer systems would certainly give ample legal protection to e-mail users from unscrupulous individuals and entities in cyberspace.

Other Legal Points in E-Mail Usage

E-mail users must always remember that there is a way to trace e-mail identity even if anonymous e-mail addresses are used. If users think that they can hide under the cloak of anonymity in the information superhighway, they are mistaken.

Under Section 30 of the E-Commerce Act of 2000 (Republic Act No. 8792) value-added service providers (like ISPs, e-mail servers and certification authorities) are generally exempt from civil and criminal liabilities with respect to electronic messages while acting as a service provider.

Finally, any person who obtained access to any electronic key, electronic data message, or electronic document, book, register, correspondence, information, or other materials are bound by the rules on confidentiality and cannot convey or share the same with any other party under Section 32 of the E-Commerce Act of 2000.

A Final Word

E-mail is a great wonder of present-day information technology. The following article culled from the Internet would verily explain why. Thus:

“Email gave early users – and still gives current users – a form of equality. In a paper published in 1978 by the Institute of Electrical and Electronic Engineers, two of the important figures in the creation of the ARPANET, J C R Licklider and Albert Vezza, explained the popularity of email: ‘One of the advantages of the message systems over letter mail was that, in an ARPANET message, one could write tersely and type imperfectly, even to an older person in a superior position and even to a person one did not know very well, and the recipient took no offence. Among the advantages of the network message services over the telephone were the fact that one could proceed immediately to the point without having to engage in small talk first, that the message services produced a preservable record, and that the sender and receiver did not have to be available at the same time.

Email still presents this equality to users today; it is possible to transcend barriers of race, culture and wealth. Some email users even find it bad netiquette to include more than the basic level of information or content required in each mail. Even so it is important to realise that emails cannot be considered to be private or confidential and are subject to both copyright and libel laws. Emails should never be intimidating, hostile or offensive on the basis of sex, race, colour, religion, national origin, sexual orientation or disability.” ⁹

1. Cruz, Marinel R. “Kris Aquino rejects GMA 7 apology.” Inquirer News Service, 14 July 2004. http://www.inq7.net/ent/2004/jul/15/ent_1-1.htm [↩]
2. Morris, Pete. “Court makes landmark email libel ruling.” VNUnet.com, 13 October 2000. http://www.vnunet.com/news/1112449 [↩]
3. Harrison, Linda “‘Busty blonde’ email lawyers face lawsuit.” The Register, 6 September 2001. http://www.theregister.co.uk/2001/09/06/busty_blonde_email_lawyers_face/ [↩]
4. “Attorney General Lockyer Wins First-Ever State Lawsuit Against Spammer: Court Curbs PW Marketing’s Business Practices and Requires Firm to Pay $2 Million.” Office of the Attorney General, State of Californiam 24 October 2003.http://www.ag.ca.gov/newsalerts/2003/03-130.htm [↩]
5. A.M. No. 01-7-01-SC effective 1 August 2001 [↩]
6. Landesman, Mary. “Citibank phishing email.” About.com, 28 March 2004. http://antivirus.about.com/cs/allabout/a/citiphish.htm [↩]
7. P. Lutus. The Anti-Spam Home Page http://www.arachnoid.com/lutusp/antispam.html [↩]
8. Kestenbaum, Lawrence. “Nigerian Fraud Email Gallery.” http://www.potifos.com/fraud/ [↩]
9. A How Email Works. British Educational Communications and Technology Agency (BECTA), September 2004. http://www.becta.org.uk/subsections/foi/documents/technology_and_education_research/ how_email_works.doc [↩]

• ITLJ 2-1
• Comments(1)