> “I am writing regarding your emails from yesterday, which contained an embedded image that was not contained in any of your previous emails,” Parlatore wrote. “At the risk of sounding paranoid, this image is not an attachment, but rather a link to an unsecured server which, if downloaded, can be used to track emails, including forwards. I would hope that you aren’t looking to track emails of defense counsel, so I wanted to make sure there wasn’t a security breach on your end. Given the leaks in this case, I am sure you can understand.”
The government is rightfully held to a higher standard when it comes to information collection. Particularly when it comes to collection of information from defense attorneys on an active case.
The tracking pixel doesn't provide any material information, it just tells you that a certain computer downloaded the image at a certain time.
It doesn't tell you WHO downloaded the image (but you could deduce that if you had other information, such as who was using the computer at the time it was downloaded) and it doesn't tell you WHY that image was downloaded (was it because an email was opened? Or was it because the email was scanned for viruses?).
Email addresses are considered Personally-Identifiable Information even in the United States (and certainly in the EU too).
Deduction of who downloaded the image is obscene and a violation of that person's privacy.
Any correlation of email address information with any other information at all could be considered a violation of that person's privacy: the IP address and user-agent information alone is sufficient enough to point in the direction of a malicious attack. And there are people who have some serious safety concerns: people who've been abused by significant others and are prone to being victim to stalking or hacking is just one example.
Do you know of any anything more recent on that? It cites the German privacy working group which has no direct influence on the actual laws, and predates GDPR/DSGVO (local German version).
The working group expressed an opinion considering the draft of the GDPR ("In its current prevailing form, we expect email tracking to be categorically prohibited under the GDPR without express user consent.").
I'm not aware of any major change in article 7 since that moment, so I'm fairly confident that opinion is still relevant. If you're asking if it's been tested/challenged in court or in a DP measure, I don't know.
> “I am writing regarding your emails from yesterday, which contained an embedded image that was not contained in any of your previous emails,” Parlatore wrote. “At the risk of sounding paranoid, this image is not an attachment, but rather a link to an unsecured server which, if downloaded, can be used to track emails, including forwards. I would hope that you aren’t looking to track emails of defense counsel, so I wanted to make sure there wasn’t a security breach on your end. Given the leaks in this case, I am sure you can understand.”