A Triumph of Privacy Over Unwarranted Police Prying

My Gmail inbox has over 151,000 messages in it. I am an electronic pack rat afraid that I might delete just the email I may some day want to read or re-read. But there's a drawback to my correspondence collection: Many government agencies believe that they can demand to peek, without my knowledge, at any of my emails stored on Google's servers before October 27, 2012. Archaic provisions in the Electronic Communications Privacy Act of 1986 (ECPA) treat all emails still lingering on third-party servers after 180 days as "abandoned" property available for the police to snoop more or less at will.

On Thursday, the Senate Judiciary Committee voted to send the ECPA Amendment Act, introduced by Committee Chair Patrick Leahy (D-Vt.), on for consideration by the full Senate. The new law, if adopted by Congress, would finally extend Fourth Amendment protections against unreasonable search and seizure to all emails and other electronic documents stored on third-party electronic devices. Earlier this week, a letter from a broad coalition of activist organizations, think tanks, and businesses—including Americans for Tax Reform, the American Civil Liberties Union, Amazon, Google, Facebook, and Yahoo—urged that the ECPA Amendments Act be voted out of committee.

Back before the Internet, when mastodons and saber-toothed tigers roamed the landscape, people often communicated by sending actual physical pieces of paper (called "mail") via the United States Postal Service. But by 1986, perhaps 0.5 percent of Americans had used a newfangled technology to send one another electronic messages (later called "e-mail") via computers attached to telephone lines. The courts had established clear Fourth Amendment limits on police prying into private letters and documents and on listening in on private telephone conversations, and civil libertarians were anxious to extend similar protection to the new electronic communications. And so Congress enacted ECPA, which extended to electronic messages many of the restrictions placed on old-fashioned telephone wire taps, including the requirement for a warrant to intercept messages in real-time.

So far, so good. But in trying to set limits on snooping, Congress analogized email to old-fashioned mail. The postal service had only temporary custody of private letters, since recipients were expected to pick up their mail at the post office or from their mailboxes. With early e-mail services, similarly, users would download messages to their own computers and then service providers would erase them from their servers. (AOL once limited me to a mailbox that could hold just 150 messages.) Now, it is long-established principle that the police must obtain a search warrant based on probable cause before opening and inspecting letters in a desk drawer at your home. On the other hand, if you throw a letter into the trash and set your garbage bags out on the curb, the Supreme Court has more recently ruled that you no longer have a reasonable expectation of privacy with regard to that letter. At that point you've essentially abandoned your property, so anyone, cops included, may look at it.

In an insightful 2008 Boston University Law Review article, the attorney Achal Oza examines the testimony from ECPA's congressional hearings. He concludes that "the drafters of the ECPA believed an e-mail service provider only stored e-mails temporarily on their servers, and therefore, if an e-mail user were to leave an e-mail communication on such a server for over six months, the user had abandoned it to the service provider." There's another odd feature of the law—the fact an email doesn't qualify for Fourth Amendment protection if a subscriber opens it and leaves it on the email service's server. The strained analogy here is that just as police may legally read a letter left open on a desk, so too can they read an opened email.

Oza illustrates ECPA's inconsistencies by imagining three people—Alice, Bob, and Charlie—each receiving emails from Tommy Trafficker. The police suspect that Tommy has sent messages relevant to the sale of illegal drugs. Alice, Bob, and Tommy all use Microsoft Outlook to access their university email accounts, while Charlie uses Gmail. Alice, using the post office protocol feature on Outlook, downloads her messages to her personal computer, whereas Bob instead reads his email using Outlook's Internet message access protocol feature, which means his messages are stored on the university's servers. And Charlie's mail is stored on Google's servers as part of the company's Web-based email service.

Under the ECPA, if the police want to read Tommy's email to Alice, they must observe the search and seizure protections of the Fourth Amendment and obtain a search warrant based on probable cause to do so. On the other hand, the cops can compel the university and Google to disclose Tommy's emails to Bob and Charlie by serving them with administrative subpoenas. To issue such subpoenas, the police must merely have "specific and articulable facts showing that there are reasonable grounds to believe" the messages are relevant to a criminal investigation. 

Is this constitutional? The courts haven't arrived at a consistent answer. In Warshak v. United States, Steven Warshak, the owner of an Ohio nutraceutical company, was investigated for fraud. The district attorney served a subpoena on his internet service provider (ISP) demanding access to all of his emails that more than 180 days old and forbidding the ISP to disclose that they had been handed over to the feds. In 2007, the U.S. Court of Appeals for the Sixth Circuit ruled that this was not permissible, explaining that "individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP." After several courts adopted the reasoning in the Sixth Circuit's decision, the Justice Department appealed it to the full Circuit Court, which then overturned its original decision on the grounds that "Warshak's constitutional claim is not ripe for judicial resolution." This judicial confusion left ECPA's constitutionality up in the air.

Hence Sen. Leahy's ECPA Amendment Act. Its success thus far is a rare instance of privacy interests trumping the police's ambition to pry into citizens' affairs. Here's hoping both houses of Congress pass it as quickly as possible.