Telecommunications Policy

A Triumph of Privacy Over Unwarranted Police Prying

Bill extending Fourth Amendment to all electronic documents goes to the Senate for a vote.

|

My Gmail inbox has over 151,000 messages in it. I am an electronic pack rat afraid that I might delete just the email I may some day want to read or re-read. But there's a drawback to my correspondence collection: Many government agencies believe that they can demand to peek, without my knowledge, at any of my emails stored on Google's servers before October 27, 2012. Archaic provisions in the Electronic Communications Privacy Act of 1986 (ECPA) treat all emails still lingering on third-party servers after 180 days as "abandoned" property available for the police to snoop more or less at will.

On Thursday, the Senate Judiciary Committee voted to send the ECPA Amendment Act, introduced by Committee Chair Patrick Leahy (D-Vt.), on for consideration by the full Senate. The new law, if adopted by Congress, would finally extend Fourth Amendment protections against unreasonable search and seizure to all emails and other electronic documents stored on third-party electronic devices. Earlier this week, a letter from a broad coalition of activist organizations, think tanks, and businesses—including Americans for Tax Reform, the American Civil Liberties Union, Amazon, Google, Facebook, and Yahoo—urged that the ECPA Amendments Act be voted out of committee.

Back before the Internet, when mastodons and saber-toothed tigers roamed the landscape, people often communicated by sending actual physical pieces of paper (called "mail") via the United States Postal Service. But by 1986, perhaps 0.5 percent of Americans had used a newfangled technology to send one another electronic messages (later called "e-mail") via computers attached to telephone lines. The courts had established clear Fourth Amendment limits on police prying into private letters and documents and on listening in on private telephone conversations, and civil libertarians were anxious to extend similar protection to the new electronic communications. And so Congress enacted ECPA, which extended to electronic messages many of the restrictions placed on old-fashioned telephone wire taps, including the requirement for a warrant to intercept messages in real-time.

So far, so good. But in trying to set limits on snooping, Congress analogized email to old-fashioned mail. The postal service had only temporary custody of private letters, since recipients were expected to pick up their mail at the post office or from their mailboxes. With early e-mail services, similarly, users would download messages to their own computers and then service providers would erase them from their servers. (AOL once limited me to a mailbox that could hold just 150 messages.) Now, it is long-established principle that the police must obtain a search warrant based on probable cause before opening and inspecting letters in a desk drawer at your home. On the other hand, if you throw a letter into the trash and set your garbage bags out on the curb, the Supreme Court has more recently ruled that you no longer have a reasonable expectation of privacy with regard to that letter. At that point you've essentially abandoned your property, so anyone, cops included, may look at it.

In an insightful 2008 Boston University Law Review article, the attorney Achal Oza examines the testimony from ECPA's congressional hearings. He concludes that "the drafters of the ECPA believed an e-mail service provider only stored e-mails temporarily on their servers, and therefore, if an e-mail user were to leave an e-mail communication on such a server for over six months, the user had abandoned it to the service provider." There's another odd feature of the law—the fact an email doesn't qualify for Fourth Amendment protection if a subscriber opens it and leaves it on the email service's server. The strained analogy here is that just as police may legally read a letter left open on a desk, so too can they read an opened email.

Oza illustrates ECPA's inconsistencies by imagining three people—Alice, Bob, and Charlie—each receiving emails from Tommy Trafficker. The police suspect that Tommy has sent messages relevant to the sale of illegal drugs. Alice, Bob, and Tommy all use Microsoft Outlook to access their university email accounts, while Charlie uses Gmail. Alice, using the post office protocol feature on Outlook, downloads her messages to her personal computer, whereas Bob instead reads his email using Outlook's Internet message access protocol feature, which means his messages are stored on the university's servers. And Charlie's mail is stored on Google's servers as part of the company's Web-based email service.

Under the ECPA, if the police want to read Tommy's email to Alice, they must observe the search and seizure protections of the Fourth Amendment and obtain a search warrant based on probable cause to do so. On the other hand, the cops can compel the university and Google to disclose Tommy's emails to Bob and Charlie by serving them with administrative subpoenas. To issue such subpoenas, the police must merely have "specific and articulable facts showing that there are reasonable grounds to believe" the messages are relevant to a criminal investigation. 

Is this constitutional? The courts haven't arrived at a consistent answer. In Warshak v. United States, Steven Warshak, the owner of an Ohio nutraceutical company, was investigated for fraud. The district attorney served a subpoena on his internet service provider (ISP) demanding access to all of his emails that more than 180 days old and forbidding the ISP to disclose that they had been handed over to the feds. In 2007, the U.S. Court of Appeals for the Sixth Circuit ruled that this was not permissible, explaining that "individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP." After several courts adopted the reasoning in the Sixth Circuit's decision, the Justice Department appealed it to the full Circuit Court, which then overturned its original decision on the grounds that "Warshak's constitutional claim is not ripe for judicial resolution." This judicial confusion left ECPA's constitutionality up in the air.

Hence Sen. Leahy's ECPA Amendment Act. Its success thus far is a rare instance of privacy interests trumping the police's ambition to pry into citizens' affairs. Here's hoping both houses of Congress pass it as quickly as possible.

NEXT: MT Governor Allows Abortion Restrictions To Clear Way for Legal Challenge

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. …”Its success thus far is a rare instance of privacy interests trumping the police’s ambition to pry into citizens’ affairs.”…

    I’ll hold the applause until it gets passed.

  2. my buddy’s mom makes $62 an hour on the internet. She has been out of a job for seven months but last month her paycheck was $19446 just working on the internet for a few hours. Read more on this site http://www.wow92.com

  3. guess my shit can be searched after it hits the sewers because I “abandoned” it.

    1. But they can crawl up your ass to retrieve anything that’s been there more than 180 days…

  4. Paper tiger

    Great Ideals, but reading the bill closer the government has many ways to circumvent.

  5. While this is a step in the right direction, it is not close to perfect. I use gmail, and God and Google only know how many emails I have stored on their servers. I just don’t have anything there I care about the gov reading. But if you do care, then a small amount of research can show you how to encrypt all your communications, for little or no cost. Then it requires a subpoena to force you to provide your emails/files

  6. Anyone who doesn’t have his email client set to automatically delete received mail from the server is a fool.

    1. Charlie. although Jacob`s rep0rt is amazing… on sunday I bought a top of the range Buick sincee geting a check for $9503 thiss month and-just over, 10/k lass month. without a doubt it is the nicest job Ive ever done. I began this seven months/ago and practically straight away startad earning more than $77, per-hr. I use this web-site wow65.com
      (Go to site and open “Home” for details)

  7. Ok it is a small victory if it passes…I say if it passes because according to govtrack.us (http://www.govtrack.us/congress/bills/113/s607) the bill has passed the initial committee stage now it must be voted on by both the house and the senate granted that it does the president can still veto it so only the first step of 4 has it survived…..also I refer to this bill as a small victory…..there are very large loopholes if you read it you will see that yes they do have to obtain a warrant before they can read your emails and this does make it more difficult for your emails to be obtained by Government Departments……there 3 loopholes that ultimately defeat the bills own purpose…..first loophole is that any government department can gain access to your account info it is not limited to law enforcement the only difference is the initial notification duration law enforcement is given 6 months where other departments like the IRS only has 3 months before they have to notify you…….the second loophole is that if there is a fear that notifying you about having obtained your emails will cause you to do something drastic such as hurt someone or act in a way that will simply slowdown or damage the investigation, which is a since would require no evidence the investigators would only have to clam suspicion that you might knowing provide evidence that you are innocent before charges could be brought against you…

  8. …they can ask for an extension for another 6 months and there is no limit to how many extensions they can get therefore leaving the door open for complete access to all your emails and account information forever and never have to tell you once an initial warrant is issued…..the 3rd disturbing loophole is that if they do screw up and fail to notify you before expiration of the 6 month limit it becomes the responsibility of your provider (example…Google (gmail)) to remind the investigating agency to notify you….However your provider cannot notify you themselves and will still be required to provide your account to the investigating agency…..the only thing that changes at that point if the 6 month limit is exceeded without a proper extention I doubt it would be very hard for a lawyer to have all information gathered after the 6 month limit to be not permitted during criminal proceedings………so it appears to me is that Patrick Leahy(D) is only giving the appearance of protecting you and your emails to gain popularity before the 2014 elections but only making a small improvement by requiring a warrant which we all know is very easily obtained by any government agency

  9. I just came across another article here on reason.com about the CISPA DOA which you can also read for yourself https://reason.com/blog/2013/04…..te-for-now I then went once again to govtrack.us and looked the CISPA DOA bill up to compare http://www.govtrack.us/congress/bills/113/hr624 ……this has not only made it out of committee has been voted on my the house and passed and now its on it its on the senate floor…..now if you read the CISPA DOA bill it effectively establishes a new government entity inside the department of homeland security who’s only job is to read cyber information that they gather from every cyber account made available to U.S. Citizens without a warrant…..They get away with this because every time you click the “I Have Read Agree to the Terms and Conditions” box, required to successfully set up an online account of any kind, you are agreeing to and giving the site you are giving you personal information to permission to share that information with the government…

  10. …this means if passed that pesky little Terms and Conditions box will most likely be a thing of the past because you don’t have to give permission for cyber companies to follow the law they will just share the information and it will be your responsibility to just know that it is going to be shared…..now something else you should know about the department of homeland security’s soon to be newest department overseeing all this cyber information is that they are regulated by the department of homeland security and is protected by the National Security Act of 1947 and does not have to acquire a warrant if they fear a National Security threat…so even if the Amendment to the ECPA bill which is the topic to the article above, the CISPA DOA bill which is closer to becoming law will override it in the name of National Security and your information will be readily available to a Government Organization that is self regulated self policed and immune to any kind of checks and balances

  11. Jordyn. you think Todd`s artlclee is great… on wednesday I got a great Alfa Romeo after having earned $9779 this-last/month and just over ten-k last munth. this is really the best job I have ever done. I began this 7-months ago and pretty much straight away began to bring home at least $85… per-hr. I follow the details here,, and go to home tab for more detail— http://googlejobs.org.qr.net/kiYJ

  12. what Jamie explained I cant believe that any one can get paid $7446 in one month on the internet. have you read this site link
    go to this site home tab for more detail http://WWW.BIG76.COM

  13. merhaba degerli tubidy ?ark? indir kullan?n?c?lar?; ge?tigimiz g?nlerde sizlere tubidy sitesini tanitmi?tik bu yaz?m?z da sizlere tubidy mp3 indirme i?lemini anlatacagiz. son g?nlerde bircok tubidy sitesini g?rmemiz kacinilmaz bazilari am?torce bazilari da ne kadar profesy?nelce olsada indirme i?lemi i?in sitelerini duyurup malesef indirme i?lemi yapamiyoruz tubidy m?zik indirme sitesi

Please to post comments

Comments are closed.