The IRS Doesn’t Think The Fourth Amendment Applies To Your Email

    April 10, 2013
    Zach Walton
    Comments are off for this post.

The IRS runs a number of tax audits each year, and as such, has to obtain information on private citizens. If the information is in a physical format, the agency must obtain a warrant to access it. If it’s stored online via email or other electronic information, there is no such protection.

In a Freedom of Information Act request, the ACLU obtained a number of IRS documents that explain the agency’s rules in regards to obtaining digital information. Much like other law enforcement agencies, the IRS operates under the ECPA, a decades-old law that allows government agencies to obtain emails without a warrant if said email has been opened or is more than 180 days old.

So far, all of this is old news. What’s the IRS doing that’s so different from any other agency? In the official IRS search warrant handbook from 2009, the agency’s guideline explicitly states that the Fourth Amendment doesn’t apply to online communications. Here’s the relevant portion of the handbook:

“…the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.”

To make matters worse, the IRS Office of Chief Counsel reiterated this line of thinking a year later when they said that the Fourth Amendment does not “protect emails stored on server.” The ACLU points to other documents that imply the IRS is obtaining emails left and right without a warrant all thanks to the ECPA’s outdated definitions.

It’s no surprise to see the IRS taking advantage of the Fourth Amendment loophole in the ECPA. The surprising part is just how frank the agency is about its data collecting methods. It’s also depressing to see that the agency feels that American citizens “do not have a reasonable expectation of privacy” on the Internet.

Of course, all of that should have changed in 2010 with the United States v. Warshak, a Sixth Circuit Appeals Court ruling that found law enforcement had violated a man’s Fourth Amendment rights when they obtained his emails without a search warrant. Unfortunately, the IRS feels that it would only need to consider obtaining a warrant when dealing with cases in the sixth circuit. It’s still open season for warrantless email collection everywhere else.

It’s a little distressing to find that the IRS holds Americans’ Fourth Amendment protections in such low regard, but it’s only foolish at this point to think any government agency actually cares about the Fourth Amendment in regards to online communications. We can only hope that Congress passes one of the many bills it’s proposing this year to reform the ECPA.

  • http://forhisglory.privacyabroad.com Cathy

    I agree it’s getting worse every day. After searching the web, I finally found a way to protect my online privacy via a secure VPN and email based out of Switzerland. The companies have been doing this for over 25 years now. I can finally sleep at night knowing I’m doing all I can to protect my PERSONAL information. If you’re interested check it out: forhisglory.privacyabroad.com

  • Cody

    What do I think? I think the ACLU should leave this to organisations like the EFF or at least don’t raise the alarm until they actually have real proof. They “probably” obtained emails? That’s about as sound as “The Earth is flat” centuries ago: they had no way to determine it for certain and it was proven wrong. That said I’d not be surprised if they would never try (if they have not already). As for the 4th amendment: there was no such thing as e-mail in those days and let’s be realistic – what law really has no loop holes that can be abused? Of course, the fact it is called an amendment (some people seem to forget that) does mean it could be improved upon. I wouldn’t count on the fleas of Congress to do that though (more like making it easier for them).

    While I am most definitely for privacy before “safety” (not having privacy leads to less safety) I am not for scaremongering which this could be classified as (until proven otherwise).

    And Cathy: Do be careful with the assumption that you are completely safe in through a VPN. More likely sure, but not a guarantee. Even if your connection is encrypted and private that does not mean that what is on the remote end is actually encrypted (and keep in mind that physical access is complete access and at least someone there would have physical access).

    As for the IRS downloading and/or reading my email: good luck. That’s the assumption that a) I use webmail (and therefore store my mail on someone else’s server) and b) that I don’t check mail often enough to remove it from the server (plus other things). Not that they’d find anything related to their agency in my email anyway…

    Nothing is 100% safe though and that’s the most important thing to keep in mind.