Should Law Enforcement Be Required To Obtain Warrants When Snooping Through Email?

    November 24, 2012

Senator Patrick Leahy was one of the good guys back in September. He was proposing a rewrite to the 26-year-old Electronic Communications Privacy Act that would require the feds to obtain a warrant to read your email. The Justice Department didn’t like that requirement and complained. It looks like it worked as the bill is just a shadow of its former self.

CNET’s Declan McCullagh reports that Leahy has rewritten his rewrite of the ECPA that would allow law enforcement to obtain full access to your Internet accounts without a warrant. All they would need is a simple subpoena and they could access everything about your digital life with you being none the wiser.

Should law enforcement be allowed to access your private email with just a subpoena? Let us know in the comments.

So, what would the bill let authorities do exactly? CNET has a great breakdown of all the new powers:

  • Grants warrantless access to Americans’ electronic correspondence to over 22 federal agencies. Only a subpoena is required, not a search warrant signed by a judge based on probable cause.
  • Permits state and local law enforcement to warrantlessly access Americans’ correspondence stored on systems not offered “to the public,” including university networks.
  • Authorizes any law enforcement agency to access accounts without a warrant — or subsequent court review — if they claim “emergency” situations exist.
  • Says providers “shall notify” law enforcement in advance of any plans to tell their customers that they’ve been the target of a warrant, order, or subpoena.
  • Delays notification of customers whose accounts have been accessed from 3 days to “10 business days.” This notification can be postponed by up to 360 days.
  • The above is already bad enough, but which departments would be able to access your information without a warrant? It’s not just the traditional authorities as the bill states that the Federal Reserve, the Federal Trade Commission, the Federal Maritime Commission, the Postal Regulatory Commission, the National Labor Relations Board, and the Mine Enforcement Safety and Health Review Commission would have nothing stopping them from gaining access to your personal information.

    Would you be okay with multiple federal agencies having access to your private communications? Let us know in the comments.

    As expected, the proposed bill has already generated a lot of controversy once CNET broke the story. What’s interesting, however, is that Leahy is now claiming that the proposed rewrite was just one draft among many. Leahy’s spokesperson David Carle told Forbes writer Kashmir Hill that the CNET report was wrong, and a Senate Judiciary aide sent the following statement to the publication:

    “Senator Leahy does not support broad carve outs for warrantless searches of email content. “He remains committed to upholding privacy laws and updating the outdated Electronic Privacy Communications Act.”

    McCullagh took to Twitter to defend his work, and said that Senate Judiciary aides were telling him on Tuesday that Leahy’s privacy infringing rewrite of ECPA was the one being considered for a vote next week. He attributes Leahy’s change in tune to the already sizable public outcry that has emerged following the piece.

    At this point, it’s hard to tell exactly how different ECPA will look from the original incarnation. Leahy could very well introduce a bill similar to his original rewrite that would make law enforcement seek warrants to obtain access to your email. He could introduce a bill that would seriously infringe upon America citizens’ privacy. It’s too early to tell right now, and the mixed signals being sent by Leahy aren’t helping.

    Leahy’s proposed rewrite will be hitting the Senate next week, but California Rep. Zoe Lofgren is looking to introduce her own ECPA rewrite to the House. It’s called the ECPA 2.0 Act of 2012, and it looks to be a massive overhaul of the ECPA that takes privacy more seriously than Leahy’s original rewrite did. Here’s the main components of Lofgren’s bill:

  • The government should obtain a warrant before compelling a service provider to disclose an
    individual’s private online communications.
  • The government should obtain a warrant before it can track the location of an individual’s
    wireless communication device.
  • Before it can install a pen register or trap and trace device to capture real time transactional
    data about when and with whom an individual communicates using digital services (such as
    email or mobile phone calls), the government should demonstrate to a court that such data is
    relevant to a criminal investigation.
  • The government should not use an administrative subpoena to compel service providers to
    disclose transactional data about multiple unidentified users of digital services (such as a bulk
    request for the names and addresses of everyone that visited a particular website during a
    specified time frame). The government may compel this information through a warrant or court order, but subpoenas should specify the individuals about whom the government seeks information.
  • Not only does Lofgren’s bill require law enforcement to obtain warrants, but it outright prohibits the use of subpoenas to gain access to the account information of multiple users. It protects the privacy of individuals, but it also keeps law enforcement and government accountable for its actions. The rumored rewrite of Leahy’s bill that would only require a subpoena removes all accountability from law enforcement, and would only encourage agencies to act with reckless abandon.

    It’s sad to say, but Lofgren’s bill will probably never see the light of day. The Justice Department and other law enforcement agencies came out in full strength against Leahy’s original rewrite of the ECPA. They claim that requiring warrants would only hurt their ability to catch the bad men doing unspecified bad things.

    The law enforcement lobbying groups will keep any significant reform to privacy bills buried until both sides can come to some kind of compromise. It’s important that law enforcement is able to do their job without any kind of unnecessary impediments, but the privacy of American citizens does not need to be compromised in the process.

    The warrant has worked for over 200 years, and I have no reason to doubt its effectiveness in the digital age. Law enforcement agencies obviously don’t agree which will require some creative thinking on the part of law enforcement, lawmakers and regular citizens (maybe even Reddit) to create a bill that satisfies the needs of all parties in this age of digital communications.

    Do you think the warrant is effective in the digital age? Or do you think law enforcement should have new powers on the Internet? Let us know in the comments.