Congress Can't Count on the Other Branches to Protect Digital Privacy Rights
Massive privacy blind spots.
The 2nd U.S. Circuit Court of Appeals recently shot down the latest effort by the Justice Department to compel Microsoft to hand over the data of a foreigner stored overseas. Amazingly, the government asserted that a U.S. search warrant should carry jurisdiction over the data of an Irish citizen being stored on a server in Ireland simply because it is owned by Microsoft, an American corporation.
Thank goodness the federal appeals court has now rejected the government's attempt to have the case reheard after a lower court ruling in the government's favor—which held Microsoft in contempt for failing to turn over the data—was overturned last July.
The outcome affirms a landmark defense of privacy rights against law enforcement overreach and clearly establishes that the U.S. government does not have jurisdiction over the entire world. It also removes a major threat to the competitiveness of U.S.-based multinational companies, which must operate under the privacy rules of the countries in which they operate. Many of those countries unsurprisingly take a dim view of U.S. government efforts to pry into the lives of their citizens. To comply with the U.S. government warrant, Microsoft would have had to violate Ireland's privacy laws.
The decision to reject the government's appeal for a rehearing was decided by a 4-4 split, much closer than it should have been. Justice Department officials pledged to try to take the issue to the Supreme Court.
The new administration could insist that Justice Department lawyers drop the matter. Members of Congress, however, shouldn't count on either the courts or the Trump administration. Instead, they could address the fundamental issue.
The root of the problem is a common one. A law—the Electronic Communications Privacy Act—was enacted in 1986 to address issues raised by the technology at the time, and Congress never bothered to update it despite significant advancements in the decades since. Because of this political shortsightedness, courts are left trying to navigate trade-offs between the needs of law enforcement and digital privacy rights using a law drafted in the era of floppy disks.
This has also resulted in massive privacy blind spots—such as the ECPA's considering emails held by a third party for over 180 days to be abandoned, allowing them to be accessed with a simple subpoena instead of a judge-issued warrant.
Also of concern is that the process for working with foreign governments when investigations cross jurisdictions—through mutual legal assistance treaties, or MLATs—has been seen by officials as too cumbersome to pursue. Excessive bureaucratic red tape, in other words, has encouraged investigators to engage in a troubling power grab.
The previous Congress featured a bill, the International Communications Privacy Act, that sought to resolve both of these issues. It would have updated privacy rules to acknowledge modern technological reality by doing away with such silly provisions as the 180-day rule. It also would have streamlined MLAT procedures to make international cooperation more practical.
Another bill, the Email Privacy Act, was just reintroduced in the current Congress and would also update the ECPA. Regardless of the vehicle Congress decides upon, these issues involving the intersection of privacy rights, modern technology, and the rights of businesses that operate under conflicting international rules must be resolved by legislators instead of left to bureaucrats and the courts to untangle.
COPYRIGHT 2017 CREATORS.COM
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post comments
Veronique de Rugy is the only writer published at Reason that isn’t a totally insufferable fuckwit, and also the only writer published at Reason with a serious background in the areas of policy she comments on. I know these articles don’t draw the tweets and twats like the Buzzfeed SJW outrage mill, but please for the love of fuck give us more stuff like this – serious and thoughtful analysis of real issues – and less of the edgy reddit dorm room philosophising. A little bit of that shit goes a real, real long away. Particularly when it’s being peddled by people old enough to be collecting social security.
– Says the person who wrote: “You should try breathing underwater with lead weights tied to your ankles.”
Might want a grain of salt with that comment.
Why do you hate 2Chilly?
^This. We have few enough actually serious writers left here, so let’s treasure what we’ve got.
And Lenore and Baylen.
A carnie and a self-promoting lawyer.
I MIGHT RESEMBLE ONE OR TWO OF THOSE!!!!
dorm room philosophising
That’s an insult to dorm room philosophizing. At least they have the excuse of being high.
The podcast last night was also a better discussion on the refugee issue than anything else Reason has published, making the dozens of posts on it almost completely irrelevant. Williamson and Welch played the ‘extremes’ of libertarian thought on the subject, Foster played the middle, good arguments were made in general.
” tweets and twats ”
Good ALBUM name….
We can’t count on congress to protect them either.
That my first thought upon reading the headline.
“We’re going to rely on Congress in this matter? We’re so fucked.”
“in this matter”?
🙂
The outcome affirms a landmark defense of privacy rights against law enforcement overreach and clearly establishes that the U.S. government does not have jurisdiction over the entire world.
It’s pretty sad and pathetic that a ruling that the US government doesn’t actually rule the entire planet like it thinks it does is considered a “landmark” ruling. I think of the Kim Dotcom persecution, where the US government insisted that a Kiwi breaking US law in New Zealand was subject to US jurisdiction – and the New Zealand DoJ actually agreed with them and handed over the hard drives and crap the US demanded. It took a New Zealand court to actually tell the US to buzz off and explain what “sovereign” means. And the Feds still argued with them, apparently if you’re breathing the same air the US government breathes that means you’re on my side of the back seat and I get to smack you no matter what Dad said about us kids settling down back there.
This is difficult for me to follow. And it isn’t just this kind of stuff, but any online presence.
You would think that one could set up a server in Uganda or some other such place and have online gambling up the wazoo. Or Backpage.com or any other such stuff. If you could find a jurisdiction that isn’t interested in enforcing drug trafficking laws, you could even set up another silk road, without bothering with the darknet.
Yet somehow we’ve moved into a new world order where sovereignty is more of an abstract concept than something you can actually count on.
If I was running some place like Yemen, instead of making it the world capital of dirt-poor terrorists, I’d make it the free internet capital of the world. Get a bunch of high speed cables and corner the market on everything naughty online.
You’re cheating.
/notes need to read more carefully
trade-offs between the needs of law enforcement and digital privacy rights
And don’t even get me started on the bullshit “balancing” of rights of government vs. rights of citizens. Our Founding Fathers already did that balancing when they wrote “Congress shall make no law….” because they knew damn well if you give them an inch they’ll take a mile. We’re already at least 3/4 of a mile down that road with the “compelling interest” transmogrifying into the “reasonable regulation” backed up by the “deference” (“who are we to judge, we’re just the Supreme Court”) crap. This argument over whether or not the government should compel manufacturers to install back doors into their tech for the convenience of law enforcement is total bullshit – a free citizen is under no obligation whatsoever to assist the state in building his own prison.
Yeah, but that “Congress shall make no law…” stuff was written by a bunch of white guys, like, a hundred years ago.
But wait, where is the connection to Trump raping grandmas or shooting Muslims? I need my Trump connection!!!!!!
I have it on good authority that Trump was responsible for Sloopy’s mom being beat up by cops and arrested on bogus charges. (maybe now Reason might mention it)
Well it figures.
I’ve heard about that, too.
“such as the ECPA’s considering emails held by a third party for over 180 days to be abandoned, allowing them to be accessed with a simple subpoena instead of a judge-issued warrant.”
See I don’t understand the rationale for this at all. Even back in 1986, there was still email (just not commonly used). Did people not have 6 months’ worth of email in their inbox back then? What did they think email was back in 1986? I don’t get it.
There again is that “third-party records” bullshit whereby if you tell somebody a secret it’s presumed you’ve told everybody the secret and therefore you have no reasonable expectation of privacy in the records held by your bank or credit card company or doctor or utility company or phone or ISP. Despite the fact that I’d wager the vast majority of people would say those are private records and that they’re their records, indicating that most people do have an expectation of privacy. Whether or not it’s “reasonable” – well, you lock your door when you leave the house and you come back expecting to have all your stuff right where you left it but you know every day their are people coming home to find a window broken out or a door kicked in and a bunch of their stuff missing, does that mean it’s not reasonable to expect nobody’s going to break into your house and steal your stuff while you’re gone?
And then there’s the Stingray thing where the cops and the Feds are insisting a non-disclosure agreement with the Stingray company over-rides the Constitutional obligation to reveal to a defendant the evidence being used against him and to be able to confront the witnesses and the corollary right to know where and how the cops obtained the evidence. In other words, the cops and the Feds insist they have a reasonable expectation of privacy in their third-party records when they don’t even have a right to privacy at all.
And the idea that transactions that are initiated by a computer in Ireland fall under US jurisdiction because the server the computer may be interacting with is in the US is bullshit, too – if where the transaction takes place is dictated by where the server is than I can sit here in Georgia and gamble on Cayman Island servers you lying cheating fucks. You can’t have it both ways – internet gambling is illegal because the transaction is initiated by a computer on US soil and it doesn’t matter where the server is but Microsoft can’t keep their information private from the US government because it passes through a server on US soil and it doesn’t matter where the initiating computer is? Bullshit.
“This has also resulted in massive privacy blind spots?such as the ECPA’s considering emails held by a third party for over 180 days to be abandoned, allowing them to be accessed with a simple subpoena instead of a judge-issued warrant.”
No one really concerned with privacy would use email; if by happenstance, you get an email you really, really need to keep (more or less) confidential, you download it to your personal storage and delete it from the server. And always use encryption.
(server = storage designed for data mining to serve advertising.)
For the record, any government seeking any information needs a real live search warrant as described in the fourth amendment.
Lawyers, apparently, will argue anything and other lawyers will buy their bullshit. This wasn’t * quite * as bad as “the fed govt wants to search the data on an Irish citizen held on an Irish based server owned by an Irish ISP controlled by Irish privacy law because some of the motherboard design on that server built and assembled in China was done by a dude in Los Angeles, and so there is a U.S. connection” — but close.
RE: Congress Can’t Count on the Other Branches to Protect Digital Privacy Rights
Massive privacy blind spots.
Since when does our government want to protect the little people’s digital rights?
That’s like asking a crocodile to protect his prey’s right to life.
I’ve made $64,000 so far this year working online and I’m a full time student. Im using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. Heres what I do,
============> http://www.moneytime10.com
My last month paycheck was for 11000 dollars… All i did was simple online work from comfort at home for 3-4 hours/day that I got from this agency I discovered over the internet and they paid me for it 95 bucks every hour… This is what I do
=========================== http://www.4dayjobs.com
I’ve made $64,000 so far this year working online and I’m a full time student. Im using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. Heres what I do,
============> http://www.moneytime10.com
My best friend’s ex-wife makes Bucks75/hr on the laptop. She has been unemployed for eight months but last month her income with big fat bonus was over Bucks9000 just working on the laptop for a few hours. Read more on this site…..
+_+_+_+_+_+_+_+_+_+ http://www.cash-review.com