Alibris Charged w/Intercepting Email

Event Summary

Prosecutors in Boston's US District Court charged Internet bookseller Alibris, with 10 counts of intercepting electronic communications and access device fraud. Communications sent to book dealers from Amazon.com were intercepted by Alibris by their wholly owned ISP, Valinet. Similar to President Clinton's "I didn't inhale" rhetoric, Emeryville, California based Alibris claims that it didn't read any of the email messages or passwords that it unlawfully intercepted from on-line rival Amazon.com. CEO Martin Manley, former Assistant Secretary of Labor in the Clinton administration, who was appointed by Secretary of Labor Robert Reich in January 1994 in part to "improve business results" has admitted to the wrong-doing, and claims that today Alibris is a different company. The interception took place when current Alibris Chairman and founder, Dr. Richard M. Weatherford, operated a company under their prior name Interloc. Dr. Weatherford holds a Ph.D. from UCLA.

The western Massachusetts area is an intellectual book epicenter due in part to the presence of five institutions of higher learning: Smith College, Mt. Holyoke, Amherst, Hampshire College, and University of Massachusetts. Many book dealers used Valinet as an ISP. Incoming Valinet email intended for local bookdealers was filtered for source Amazon.com and was captured in log files under direction from the original Alibris/Interloc management team.

Market Impact

The case was heard before Judge Michael A. Ponsor in the U.S. District Court in Springfield, Massachusetts. A maximum fine of $250,000 for each count means that Alibris could have ended up paying $2.5million in penalties.

Earlier this year, Forbes described Alibris' growth as "stunning." Corporations and individuals need to be held accountable for breaches of privacy and some of them are learning the hard way. When administering and managing messaging on behalf of a paying customer, it is not always clear where to draw the line as far as access goes. ISPs and ASPs need to be very specific in their service level descriptions about what they consider management, and what they consider access.

User Recommendations

Intercepting email under the guise of "management" is not acceptable. This case is extremely important and will set a precedent for future cases involving email interception. If the service level description does not define the management reasons for accessing and moving email files, then legally any access that has not been previously agreed upon by the owner is data theft.