Does the U.S. government read your email? It’s a simple question, but apparently there’s no simple answer. And the Justice Department and the Internal Revenue Service are reluctant to say anything on the topic.
In March, the American Civil Liberties Union caused a nationwide stir when the advocacy group released the results of its year-long investigation into law enforcement use of cellphone tracking data. After issuing hundreds of Freedom of Information Act requests, the ACLU learned that many local police departments around the country routinely pay mobile phone network operators a small fee to get detailed records of historic cell phone location information. The data tell cops not just where a suspect might have been at a given moment, but also create the possibility of retracing someone’s whereabouts for months. In most cases, law enforcement obtains the data without applying for a search warrant; generally, subpoenas are issued instead, which require law enforcement to meet a lower legal standard.
ACLU lawyer Catherine Crump, who ran the cellphone location data investigation, is at it again. This time, she has filed similar Freedom of Information Act requests with several federal agencies, asking about their policies and legal processes for reading Internet users’ emails.
“It’s high time we know what’s going on,” Crump told msnbc.com. “It’s been clear since the 1870s that the government needs a warrant to read postal mail. There’s no good reason email should be treated differently.”
There are hints that it is being treated differently, however. In a landmark 2010 case, United States v. Warshak, government investigators acknowledged that they read 27,000 emails without obtaining a search warrant, violating both the suspect’s privacy and the privacy of everyone who communicated with the suspect, according to Crump.
Evidence obtained during that email search was thrown out on appeal by the 6th U.S. Circuit Court of Appeals, but that ruling applies only to four U.S. states.
The case opened a window into what Crump fears is a widespread practice.
In the aftermath of the Warshak case, the Internal Revenue Service told its investigators that they should not try to obtain emails without a court order, but in doing so it hinted that other warrantless email searches had been conducted in the past.
For now, hints are all we have. Crump’s Freedom of Information Act requests — filed in February with the FBI, the IRS, the Justice Department’s Office of Legal Counsel and other agencies — were largely ignored, she says. So on June 14, she filed a lawsuit in the Southern District of New York in an attempt to force the agencies to comply.
“Four months have passed and I haven’t gotten a single document,” she said. “The American people have a right to know.”
The federal agencies have until July 19 to reply to the lawsuit. The FBI is not included in the lawsuit because it replied recently denying Crump’s request, saying it was too broad. The ACLU is appealing that determination through a different legal procedure.
Justice Department spokesman Charles Miller directed all questions about the matter to the agency’s New York office. A spokeswoman for that office, Ellen Davis, said she couldn’t discuss it.
“We do not comment on ongoing litigation,” Davis said in an email.
Julianne Breitbeil, a spokeswoman for the IRS, said federal privacy laws prevent the agency from discussing the lawsuit.
The Justice Department and the Obama administration had a chance to settle the issue in April 2011, during a Senate hearing on the Electronic Communications Privacy Act. Instead, officials with both the Commerce and Justice departments failed to provide any clarity. Instead, a Justice Department official argued against extending Fourth Amendment protections — specifically strict warrant requirements — to email, saying that doing so would hinder investigations.
“Congress should consider carefully the adverse impact on criminal as well as national security investigations if a probable-cause warrant were the only means to obtain such stored communications,” James Baker, associate deputy attorney general, testified at the hearing.
Crump interpreted the testimony as indicating that warrantless email searches by federal agents are routine.
“It was disappointing when the Obama administration refused to commit one way or the other to obtaining a warrant,” she said. “It leads me to suspect the federal government isn’t getting warrants.”
The 1986 Electronic Communications Privacy Act and its subsection, the Stored Communications Act, provides some guidelines for law enforcement review of email, but those are badly out of date now. They declare that federal authorities don’t need a warrant for data that’s stored externally (as opposed to locally, on a person’s hard drive) if it’s more than 6 months old. Given the ubiquity of services like Web-based Gmail, the 180-day distinction and the local vs. network storage issues are both now largely meaningless, and that’s essentially what the 6th Circuit Court found.
The discussion of requirements for email searches is more relevant than ever, given the explosion of social networks and their semi-private conversation tools and the coming of age of cloud services, where corporations are encouraged to keep all data in shared spaces that would fall under the Stored Communications Act. Concerned that such privacy issues would slow adoption of cloud services, a coalition of cloud-friendly companies calling itself “Digital Due Process,” has argued for updates to the Electronic Communication Act that would require higher legal standards for digital evidence gathering.
A critical element of the email issue is a debate about whether the Fourth Amendment requires the government to get warrant based on probable cause in order to read a suspect’s email. To get a warrant, the government must appear before a judge, and convincingly argue that inspection a suspect’s email will probably turn up evidence of a crime.
“The warrant and probable cause requirement safeguard Americans’ privacy in two important ways. Having to go to a judge means there is someone involved whose job it is to look out for the target’s rights. And having to demonstrate probable cause will reduce the chances that innocent people have their communications read,” Crump said.
The distinction is also important as the U.S. government plunges headlong into new high-tech surveillance technologies, such as its massive new million-square-foot “Utah Data Center,” under construction in rural Utah for the National Security Agency. The facility is designed to help protect cyberspace, NSA official have said. But Wired Magazine published a cover story earlier this year arguing that the facility will be capable of monitoring every email and text message sent around the world — including messages to and from U.S. citizens. It is scheduled to come online in 2013.
The NSA denies that the facility will be used to spy on Americans, but it’s hardly far-fetched to surmise it will have such capabilities.
Explosion of such technological capabilities is why clarifying digital Fourth Amendment rights is so critical, Crump said.
“No data is more personal than email correspondence,” she said. “Email is deeply personal and private. It is an unfiltered view of our thoughts and a catalog of our relationships stretching back for years. Government agents should not be allowed to troll through all of our most private correspondence without proving to a judge that they have probable cause to believe that a search will turn up evidence of a crime.”