Federal Agencies State They Need Access to Americans’ Emails Without a Warrant

by Terresa Monroe-Hamilton | September 17, 2015 3:50 pm

Gee, this isn’t fascist much.[1] The Feds don’t want to have to get a warrant to have access to our emails. Mike Lee and Patrick Leahy, and Reps. Kev­in Yo­der and Jared Pol­is, have put forth bills that would require enforcement agencies to get a warrant to view your private emails instead of just a subpoena. Right now, if your email is housed on a server for more than 180 days, they are open to snooping by the Feds. The six month rule was put in place when people used to delete their emails instead of keeping them in the cloud forever. These bills want to extend that rule and take away a time limit, so the government has to get a criminal search warrant anytime they want to go through someone’s email. That would be constitutional and of course the Feds don’t want to do that. They are crying foul over it. Oh, boo hoo.

[2]

From the National Journal:

A bi­par­tis­an bid to re­form an elec­tron­ic-pri­vacy law has the sup­port of the tech com­munity and the White House, but fed­er­al law en­force­ment of­fi­cials tell Con­gress the changes would hamper civil pro­sec­u­tion.

Civil law en­force­ment agen­cies like the Fed­er­al Trade Com­mis­sion and the Se­cur­it­ies and Ex­change Com­mis­sion would not be able to ob­tain crit­ic­al in­form­a­tion if the law were changed to re­quire crim­in­al war­rants for ac­cess to data stored on cloud ser­vices, ac­cord­ing to wit­nesses from those agen­cies testi­fy­ing in front of the Sen­ate Ju­di­ciary Com­mit­tee Wed­nes­day.

The law en­force­ment of­fi­cials were re­act­ing to bills from Sens. Mike Lee and Patrick Leahy, and Reps. Kev­in Yo­der and Jared Pol­is, that aim to up­date the Elec­tron­ic Com­mu­nic­a­tions Pri­vacy Act, or ECPA.

In its cur­rent form, ECPA pro­tects emails from gov­ern­ment snoop­ing for 180 days. When the law was ini­tially drawn up in 1986, email pro­viders routinely re­moved emails from their serv­ers a month or two after they were de­livered; users would gen­er­ally down­load the mes­sages they in­ten­ded to keep. Whatever re­mains on an email serv­er after 180 days is fair game for gov­ern­ment to ac­cess, with just a sub­poena—not a war­rant.

Today, ubi­quit­ous cloud-based email sys­tems like Gmail, which of­fer giga­bytes of stor­age for free, al­low the av­er­age user to keep his or her mes­sages—and cal­en­dars, con­tacts, notes, and even loc­a­tion data—on a pro­vider’s serv­ers in­def­in­itely.

The ECPA Amend­ments Act would re­quire law en­force­ment to get a war­rant to ac­cess serv­er-hos­ted in­form­a­tion, no mat­ter how old, and would re­quire the gov­ern­ment to no­ti­fy an in­di­vidu­al that his or her in­form­a­tion was ac­cessed with­in 10 days, with cer­tain ex­cep­tions.

But law en­force­ment of­fi­cials ex­pressed op­pos­i­tion to some of the bill’s pro­posed changes, ar­guing that its re­quire­ment for crim­in­al war­rants could leave civil lit­ig­at­ors without ac­cess to im­port­ant elec­tron­ic in­form­a­tion.

“The bill in its cur­rent form poses sig­ni­fic­ant risk to the Amer­ic­an pub­lic by im­ped­ing the abil­ity of the SEC and oth­er civil law en­force­ment agen­cies to in­vest­ig­ate and un­cov­er fin­an­cial fraud and oth­er un­law­ful con­duct,” said An­drew Ceres­ney, dir­ect­or of en­force­ment at the Se­cur­it­ies and Ex­change Com­mis­sion.

Ceres­ney and Daniel Sals­burg—chief coun­sel for tech­no­logy, re­search, and in­vest­ig­a­tion in the FTC’s con­sumer pro­tec­tion branch—said the SEC and FTC are not look­ing for the au­thor­ity to ob­tain data with just a sub­poena, and in­stead pro­posed a sys­tem where they could ob­tain a court or­der for ac­cess to the data. Such a pro­cess would no­ti­fy the in­di­vidu­al be­ing in­vest­ig­ated and give him or her the chance to make a case in front of the judge be­fore an or­der is gran­ted or denied.

But des­pite their op­pos­i­tion to the pro­posed change to ECPA, neither the SEC nor the FTC has ob­tained emails through an ad­min­is­trat­ive sub­poena in the past five years, Ceres­ney and Sals­burg said Wed­nes­day.

Ceres­ney said the de­cision to avoid sub­poen­as was made “in de­fer­ence” to on­go­ing con­ver­sa­tions about ECPA re­form. A 2010 fed­er­al court or­der also bound the gov­ern­ment’s hands by de­clar­ing ECPA un­con­sti­tu­tion­al—a de­cision the ECPA Amend­ments Act in­tends to co­di­fy in­to law—but Ceres­ney said the SEC does not in­ter­pret the court’s de­cision as an im­ped­i­ment to us­ing sub­poen­as to ob­tain data.

The civil law en­force­ment of­fi­cials’ com­ments about ECPA re­form were met with im­me­di­ate back­lash from the tech com­munity, which has come out in strong sup­port of the changes.

“The FTC claims to be a cham­pi­on of con­sumer pri­vacy, yet the agency wants ac­cess to Amer­ic­ans’ data without a war­rant,” said Ber­in Szoka, pres­id­ent of Tech­Free­dom, a tech­no­logy think tank. “The Com­mis­sion’s testi­mony today con­firms long-stand­ing ru­mors that it will only sup­port ECPA re­form if it gets a carve-out from the bill’s war­rant re­quire­ment.

“This is the is­sue that has stalled ECPA re­form for over five years, des­pite over­whelm­ing bi­par­tis­an sup­port,” Szoka ad­ded. “The FTC’s testi­mony is care­fully craf­ted to sound reas­on­able, but the agency is simply help­ing to ob­struct the ma­jor pri­vacy re­form of our gen­er­a­tion.”

Ju­lie Brill, an FTC com­mis­sion­er, re­leased a state­ment Wed­nes­day in­dic­at­ing she dis­agreed with Sals­burg’s testi­mony. “I am con­cerned that a ju­di­cial mech­an­ism for civil law en­force­ment agen­cies to ob­tain con­tent from ECPA pro­viders could en­trench au­thor­ity that has the po­ten­tial to lead to in­va­sions of in­di­vidu­als’ pri­vacy and, un­der some cir­cum­stances, may be un­con­sti­tu­tion­al in prac­tice,” Brill said.

Google and BSA-The Soft­ware Al­li­ance, a prom­in­ent tech as­so­ci­ation, ap­peared in a sep­ar­ate wit­ness pan­el be­fore the com­mit­tee, call­ing for swift change in or­der to im­prove cus­tom­ers’ pri­vacy and al­le­vi­ate busi­ness pres­sures.

“By cre­at­ing in­con­sist­ent pri­vacy pro­tec­tion for users of cloud ser­vices and in­ef­fi­cient and con­fus­ing com­pli­ance hurdles for ser­vice pro­viders, ECPA has cre­ated an un­ne­ces­sary dis­in­cent­ive to move to a more ef­fi­cient, more pro­duct­ive meth­od of com­put­ing,” said Richard Sal­gado, the dir­ect­or of Google’s law en­force­ment and in­form­a­tion se­cur­ity branch.

These laws need to be modernized and the privacy of email users protected from federal agencies and the government. To not do so, it to open the legalistic door to unobstructed tyranny. If Mike Lee is putting forth something, you can bet it is constitutional in nature. Even if this law is passed to protect the constitutional right to privacy of Americans, the SEC has declared it will not recognize it and is putting itself above and outside the law here. Rather than posing sig­ni­fic­ant risk to the Amer­ic­an pub­lic, these bills seek to protect the public and their privacy as it should be. Which is more than you can say about these federal agencies.