Comcast Can Read Your E-mails, But Swears They Aren't

Somewhere on page 4 of Comcast’s Acceptable Use Policy [PDF], the company states that while it’s not obligated to monitor customers’ e-mails, “Comcast and its affiliates, suppliers, and agents have the right to monitor these transmissions.” But, the cable giant tells Ars Technica, they don’t really want to read your messages to your Aunt Lolly in Wisconsin.

When asked by the site if active monitoring of e-mails is something that occurs, they replied:

Comcast told Ars that it almost never monitors user content unless asked to collect information for law enforcement. But it wants the broad grant of authority so that it can do things like look at e-mails which appear to be spam without getting sued. It can also engage in targeted monitoring when users complain about other abusive or hateful users.

On their own FAQ, Comcast lists reasons why they might monitor a customer’s e-mails:
* A user contacts us about threats, and we reasonably believe there may be immediate danger to someone.
* Law enforcement officials present Comcast with a valid subpoena, court order, or search warrant. Comcast receives evidence of proper legal process in connection with a civil legal claim (a subpoena, court order, or injunction).
* We become aware of activities that violate the Acceptable Use Policy and are potentially harmful or illegal. In such a case, where there is no imminent danger, Comcast notifies the Subscriber, and works with the Subscriber to understand and resolve the situation.
* If Comcast receives a claim that a Subscriber is posting or transmitting material that may infringe someone else’s intellectual property, Comcast follows the process established under the Digital Millennium Copyright Act that requires an Internet Service provider to take down such material (generally by requesting that the Subscriber do so), and provides a means for disputing infringement claims.

Comcast explained to Ars Technica that “it simply doesn’t have either the interest or the manpower to engage in any sort of routine surveillance or to listen in on some list of enemies.”

Why Comcast can (but probably won’t) read your e-mails, IMs [ArsTechnica.com]

Comments

Edit Your Comment

  1. FreshPorcupineSalad says:

    Do people actually use their ISP provided email addresses these days? I haven’t used mine since 2004.

    • Shadowfax says:

      Same. And this is one of the reasons. I’ll keep my mail on the server I own, thankya.

    • PTB315 says:

      Does it say specifically anywhere that this is about email accounts provided by Comcast? I don’t see it defined in this post, just the word “email”. I’m not saying I couldn’t have missed it, but I’m not capable of complete focus at this point.

  2. aja175 says:

    umm. any email admin can read your email. Google can, MS can, that creepy guy in IT can.

    • LandruBek says:

      “Can” can mean two things. “Can do it technically” and “can do it legally” are very different. The phone company has the technical ability to listen to your call, but before 2001 they were legally barred from doing so on a large scale.

      The interesting question is whether email should get the privacy of telephone calls. I think it should (since I’m a privacy nut). Thus I think Comcast’s policy is rotten, though they’re not the only rotten player on the intertubes.

  3. Hi_Hello says:

    Every email server has the ability to do this. That doesn’t mean they do it.

    And just because people delete their email, it doesn’t mean the undelete version wasn’t store in a backup somewhere.

  4. Mcshonky says:

    bush said the same thing about warrantless wiretapping………

    and why would cumcast read your email if you complain about stalking.

    shouldn’t their lawyer have told them to direct the complainant to the police or fbi?

  5. zigziggityzoo says:

    Uh – yeah, every server DOES do this. that’s how they do server-side Spam blocking.

  6. therealchriss says:

    Sounds reasonable to me.

  7. Oranges w/ Cheese says:

    The government screens all your emails too, why aren’t we crying foul about that?

  8. dolemite says:

    I’d be worried about “affiliates and suppliers”.

  9. Blueskylaw says:

    It seems that all the “excuses” they gave for reading your e-mail is how it benefits you but now how it would benefit them.

  10. Runner says:

    Yes, ISP’s normally watch e-mails coming in because they have nothing better to do.

    Really, it’s just like someone who works at the bank. They can see what’s going into and out of your account. That p0rn site that you just paid for with your CC, yeah, the teller can see that transaction.

    The number of times I used to have to go in and fix someone’s mailbox on a daily basis because it became corrupted. And yes, during that process you can see every e-mail. You just get to the point you REALLY don’t care.

  11. dreamfish says:
  12. Kanjimari says:

    Swears they DON’T. Can any of the editors here speak English?

  13. Salty Johnson says:

    How in the hell is it appropriate to make a big deal out of it. No matter what email service you use, somebody whom you don’t know has the ability to read your email. They don’t do it, though, because they don’t care. They HAVE to have a provision in their ToS, AUP, or EULA to cover their ass, because ass-covering is exactly what those documents are for… that doesn’t mean people sit down and read your email all the time. Look at any mail service’s legal disclaimers and you will probably find a provision in there just like Comcast’s.

  14. majortom1981 says:

    Any It worker can read your stuff. Heck I can sit here and see everything the people on our public machines read every email and every picture sent on our netowrk. I dont because i need to be trusted BUT I can. Always do things on the computer or cell phone knowing people can read it.

  15. peebozi says:

    If they say the don’t then they don’t.

    What possible profit motive is there to reading people’s emails and determining their age, location, religion, race, likes, dislikes, needs, wants, desires and family size?

    We all know that corporations will break the law to profit $5 if the fine is only $4 and I really don’t see any upside to them knowing the intimate details of every subscriber and their male 13-24 year old demographic children or the buying habits of the head of household 34-49 male earning $100,000-$250,000 annually.

  16. Forbidden says:

    If the e-mail is on their server, they have the technical capacity to read it.

    This is one of the reasons I run my own mail server.

    • Minj says:

      Email isn’t point to point. Any of the servers between sender and your server can read it as well.

      • Forbidden says:

        Well, nothing on the internet is point to point. Every packet goes through many routers. Those packets can be viewed along the way and reconstructed into the e-mail. However, that’s quite a bit different than my e-mail sitting on someone else’s hard drive indefinitely, as is the case when you use someone else’s server. Email transmission is not secure. But there’s a difference between secure transmission and leaving your e-mail lying about for someone to rifle through at their leisure.

        Email does not get stored on “any servers along the way”. That is a myth. In fact, there are only two servers involved. The sender’s client talks to his local server to send out, then the receiving server accepts and stores the message until the recipient client removes it. For outgoing, mail server rarely store the emails. Comcast (and just about every other ISP except Google) doesn’t care about your outgoing e-mail and doesn’t want to pay for the hard drives to store it.

        (I should clarify this a little. Some networks will have multiple mail servers that they process mail through, usually for the purposes of spam filtering. If you look at your e-mail’s received headers, it generally follows the pattern of Sender Client -> Sender Server -> Recip Server -> Recip Client, with sometimes Sender Client -> Sender Server -> Recip Server -> Recip Spam Filter -> Recip Server -> Recip Client. But in virtually every case, you don’t have unaffiliated middlemen involved. It’s the sender’s server/network, then direct to the recipients server/network.)

  17. solipsistnation says:

    Uh, yeah. You’re targeting ComCast here, but this is true of everyone in the WORLD that provides an email service, including Yahoo, Google, your workplace, your school, Hotmail, and so on and so forth. All of them. Every single one.

    Here’s a news flash for internet users: YOUR SYSTEM ADMINISTRATORS CAN READ YOUR EMAIL.

    Here’s another news flash: MOSTLY WE DON’T CARE.

    Seriously, this is news? Of COURSE sysadmins can read your email. They run the servers! They MUST be able to basically read and write every single file on the system (including your email) in order to be able to run the server. That’s what sysadmins do.

    On the other hand, since 99.999% of what goes through mail servers is spam, banal, and/or of interest only to the sender and receiver, we don’t really care. Plus there’s lots of it. We don’t have the time! We’re too busy dealing with system problems and keeping your email flowing to have time to worry about whether you’re sending credit card numbers or naked pictures through your email.

    The only time sysadmins go in and read email should be when there’s a threat to their systems (that is, an Acceptable Use Policy violation) or when they’re legally obliged to do so or by the management of a workplace. (That is, if I’m a sysadmin at a corporation, and my boss says, “I think Bob is sending secrets out to our competition,” I can go check out his email. Obviously this depends on the workplace, but in a private corporation, you have no expectation of email privacy.)

    This was kind of annoying when I worked at an East Coast engineering university, where every two or three years some professor or somebody would realize that (gasp!) the sysadmins can read our email! One year they had us sign a code of conduct that included more or less the same points as the FAQ there.

    If you care about having 100% total privacy of your email, learn to use encryption. Otherwise, get over it– there are people out there with root on your mail server, and they’re not you.

    • LandruBek says:

      You’re exploiting an ambiguity in “can” — of course a sysadmin has the technical ability to read email traffic, but I think legally they and other network operators should be under the same restrictions that the telcos are (or once were) under: no you may not intercept others’ communications without a judicial wiretap. If all were right in the world, the same restrictions would apply to email: it doesn’t matter if you’re a sysadmin, you still couldn’t read others’ emails at will and stay within the law.

      • solipsistnation says:

        Email and telephone conversations aren’t really comparable. One is transient and one is stored. One is closely controlled by the devices on either end (a telephone handset), while the other could contain pretty much anything or be arbitrarily large. The storage brings other problems with it, considering the various issues that could happen with file systems, mail file contents and how the server interprets them, and so on.

        For example, if somebody’s mailbox is corrupt and is causing issues with the server, the admin should not need a legal document to be able to work on that mailbox (which may require looking at it or editing it) and restore service to that single user and potentially other users of the service.

        This doesn’t appear to be the issue here, which is straight-up monitoring of email, but you have to be careful how that kind of restriction is worded. In the case of our Code of Conduct, we made sure we had the ability to enforce AUP violations and perform server maintenance.

        • JJJJust says:

          “Email and telephone conversations aren’t really comparable. One is transient and one is stored. One is closely controlled by the devices on either end (a telephone handset), while the other could contain pretty much anything or be arbitrarily large.”

          I can store, control, and manipulate a phone conversation quite easily with an Asterisk PBX (or any PBX, really) in the middle.

  18. guymandude says:

    How much simpler could this be? Concerned? Problem solved: http://www.gnupg.org/

  19. tundey says:

    Why is this news? Dude, Comcast can check whatever traffic (unencrypted) you send through their network. Just like Google can read your gmail; Microsoft can read your hotmail and Yahoo can read your yahoo mail (provided they still have anyone left working there).

  20. benjitek says:

    Slow news day?

  21. AustinTXProgrammer says:

    Standard verbage. I believe every ISP has a clause to allow them to monitor anything. As a network engineer there are numerous tools I can use to troubleshoot network issues. We don’t want our tools crippled with a bunch of privacy safeguards and expensive certifications. Check out Wireshark for a great FREE tool.