You are here:

Seizure and confiscation of emails on the provider’s mail server not unconstitutional

Press Release No. 79/2009 of 15 July 2009

Order of 16 June 2009
2 BvR 902/06

The Second Senate of the Federal Constitutional Court rejected a constitutional complaint against the seizure and confiscation of emails saved on the provider's mail server as unfounded. Although these measures interfere with the constitutionally guaranteed secrecy of telecommunications as enshrined in Article 10.1 of the Basic Law (Grundgesetz - GG), the general provisions governing criminal procedure under §§ 94 et seq. of the Code of Criminal Procedure (Strafprozessordnung - StPO) justify that interference with the secrecy of telecommunications if the principle of proportionality and objective requirements regarding the corresponding form of the criminal proceedings have been met.

The constitutional complaint was based on the following facts:

In the course of preliminary investigations against third parties on charges of fraud and breach of trust, the Local Court (Amtsgericht) ordered that the complainant's apartment be searched in order to locate documents and data carriers, in particular text files and emails which were to be used as evidence. The complainant had set up his email program so that his emails were not transferred to his personal computer after they had been opened, as is standard practice, but that they would thereafter remain saved in an access-protected part of his provider's mail server. The emails could only be read online on the complainant's PC, i.e. after an internet connection had been established. The complainant pointed that out to the persons carrying out the investigations whilst his apartment was being searched. However, he protested against his emails being accessed because the search warrant did not permit that.

The Local Court thereupon ordered that the data on the complainant's email account be confiscated from his provider. The complainant was aware of this order, which the public prosecution office had applied for by telephone from his apartment and which had been transmitted there by the Local Court. That same day approximately 2,500 of the complainant's emails which had been saved on the mail server in the period between January 2004 and March 2006 were copied onto a data carrier by the provider and handed over to the investigating authorities. The complaint against that method of procedure was unsuccessful. In response to the complainant's application for a temporary injunction, the Third Chamber of the Second Senate of the Federal Constitutional Court ordered, by way of a temporary injunction, that the Local Court seal the individually listed data carriers, printouts and documents and take them into safe keeping.

The Second Senate of the Federal Constitutional Court then the constitutional complaint as unfounded and found that the contested decisions met the constitutional requirements for the associated interference with Article 10.1 GG, and that therefore the complainant's fundamental rights had not been violated on account of the emails having been seized from his provider's server.

In essence, the decision is based on the following considerations:

The access-protected content of communication on an email account to which the user only has access via an internet connection is protected by the secrecy of telecommunications (Article 10.1 GG). The account holder has no technical means of preventing the provider from passing the emails on to third parties. This lack of control for technical reasons justifies the special need for protection by means of the secrecy of telecommunications, which aims to counteract those threats to confidentiality which result from the use of a means of communication which is easier for the state to access than direct communication between physically present individuals. That applies regardless of whether an email is saved temporarily or permanently on the provider's mail server. The fact that no dynamic telecommunications process takes place in the period in which the emails "lie dormant" on the provider's mail server poses no obstacle to the protection under Article 10.1 GG being afforded. Article 10.1 GG does not apply the purely technical definition of telecommunication used in the Telecommunications Act (Telekommunikationsgesetz), but rather takes as its point of reference the holder of fundamental rights and his or her need for protection on account of third parties intervening in the communication process. The specific threat situation and the objective of guaranteeing freedom under Article 10.1 GG continue to exist even if the emails remain saved on the provider's server after being read. The seizure and confiscation of emails saved on the provider's mail server interfere with the area of protection of the secrecy of telecommunications. The saving of emails on the provider's mail server, an area over which the user has no control, does not mean that the user thereby agrees to third parties having access to these data.

The provisions governing criminal procedure under §§ 94 et seq. StPO in principle permit the seizure and confiscation of emails which are saved on a provider's mail server. They thus meet the constitutional requirements to be made regarding the legal authorisation to interfere with the secrecy of telecommunications. In particular, they therefore comply with the principle of definiteness and clarity of legal provisions.

§§ 94 et seq. StPO are also proportional in respect of the seizure and confiscation of emails saved on a provider's mail server. Effective criminal prosecution, crime suppression and the public's interest in as complete an investigation of the truth as possible in the course of the criminal proceedings are legitimate objectives which can justify restricting the secrecy of telecommunications. Proportionality can be observed without the need to limit access to emails saved on the provider's server to investigations which at least refer to criminal offences of substantial significance and without the need to specify that the suspicion of an offence goes beyond the initial suspicion.

This particular instance of interference on the basis of §§ 94 et seq. StPO was also proportional. Account must already be taken of the protection of the secrecy of telecommunications when issuing the search warrant, insofar as the concrete circumstances allow that without the purpose of the investigations being jeopardised, by the inclusion of specifications which restrict the evidence to what is necessary. Where a large number of electronically stored emails are to be accessed, those constitutional principles must be guaranteed which the Senate developed in a decision regarding the searching and confiscation of an extensive electronic data stock (see Decisions of the Federal Constitutional Court (Entscheidungen des Bundesverfassungsgerichts - BVerfGE, 113, 29 (52 et seq.)). The securing of excessive data which are of no importance for the proceedings is to be avoided wherever possible.

It will not always be possible to carefully read and sort emails according to their relevance for the proceedings at the place of access. Where the circumstances of the respective criminal charges and the - also technical - possibilities of data gathering do not allow them to be properly sorted straightaway, the temporary seizure of large parts or even of all the emails must be considered, followed by an examination in accordance with § 110 StPO in order to determine the emails' potential relevance and usability as evidence. Where it is not possible for the criminal prosecution authorities under reasonable conditions whilst examining said emails either to categorise those emails which are of relevance in the proceedings or to delete or return those emails which are not of relevance in the proceedings, the principle of proportionality does not pose an obstacle to the entire data stock being confiscated. However, it must be considered on a case-by-case basis whether extensive data access complies with the prohibition of excessiveness.

Where there are factual indications that access to stored telecommunications covers content which belongs to the core area of private life, such access must not occur. It must be ensured that content of a highly personal nature is not saved and utilised, but is immediately deleted in those cases in which it has, by way of exception, been collated.

The effective protection of substantive fundamental rights also requires that the form of the proceedings be appropriate. Where emails are seized from an inbox on a provider's mail server, the email account holders must always first be informed by the criminal prosecution authorities so that they can at least exercise their rights whilst their emails are being examined. Where emails saved on a provider's mail server are, by way of exception, seized without the knowledge of the email account holder, he or she is to be informed of that fact as early as the effective fulfilment of the purpose of the investigations permits. § 35 StPO and § 98.2 sentence 6 StPO meet these requirements.

The examination of papers pursuant to § 110 StPO is intended to prevent excessive and permanent data acquisition. It may be necessary, in order to observe proportionality, to involve the holder of the account from which emails have been seized whilst their relevance for the proceedings is being investigated. The decision as to whether his or her participation in the investigation of the seized emails is necessary is to be taken on a case-by-case basis, taking account of effective criminal prosecution on the one hand and the intensity of the data access on the other.

Where emails are saved and analysed by the investigating authorities, it may be necessary to inform the affected persons of the data acquisition in order to enable them to prevent their fundamental rights possibly being compromised. This requirement is met by means of the special provisions governing criminal procedure regarding information under § 147, § 385.3, § 397.1 sentence 2 StPO in conjunction with § 385.3, § 406e and § 475 StPO, as well as, in the case of persons not involved in the proceedings, § 491 StPO. The delimited purpose of the data acquisition in principle necessitates the return or deletion of all those emails which were copied but which were not required to achieve the intended objective. § 489.2 StPO contains corresponding protective measures.