Wednesday, March 13, 2013

Protecting email from warrantless government searches

Bully for Texas state Rep. Jon Stickland for filing a crackerjack electronic privacy bill on the last day of bill filing last week.

Do you use Gmail or another cloud-based email service? If so, did you know that all of your archived emails older than 180 days may legally be accessed by the government without a warrant? Most people are unaware of that weird glitch in federal law, which stems from the 1986 Electronic Communications Privacy Act (ECPA). Even fewer people are aware that Texas' search warrant statute incorporates that federal standard by reference in Article 18.21, Sec. 4 of the Code of Criminal Procedure.

At the time the federal ECPA statute passed, personal computers may have had 64K of memory. With computers possessing so little storage, it was unfathomable to imagine that email, to the extent it even existed in its present form, would ever be saved longer than 180 days because hard drives of the era couldn't store that much information. Today, of course, computers have several times that much memory in RAM and with cloud-based email services proliferating, millions of people have correspondence older than 180 days stored on a third-party server, which means law enforcement can access it without a warrant.

The federal Sixth Circuit Court of Appeals in US v. Warshak (2010) ruled the ECPA was unconstitutional and required a warrant but that decision only applies to federal searches in Kentucky, Tennessee, Ohio and Michigan. (The Justice Department did not appeal the decision, perhaps out of fear the Supreme Court might extend the requirement nationwide.)  Then in January of this year, Google announced that it would begin asking for warrants when law enforcement requests older emails based on the Sixth Circuit precedent and the brouhaha over the FBI's investigation of former CIA chief David Petraeus' email. One hopes other cloud-based email providers will follow suit, but not all of them have Google's deep pockets and thus the ability to go toe-to-toe with the feds in court. Prior to that decision, 68% of law enforcement requests to Google for subscriber information involved only subpoenas with no warrant or judicial oversight.

On its face, Texas law appears to have slightly stronger standards for searches of old emails by state and local law enforcement than the feds, but that's really an illusion. Texas' statute says law enforcement can access emails older than 180 days either with a warrant, if they don't want to notify the subscriber, or with only a subpoena if the subscriber is notified (not that notice would do you any good if you wanted to oppose the request). But then the statute includes an exception you could drive a truck through: Law enforcement may get the information with only a subpoena "as otherwise permitted by applicable federal law," i.e., the ECPA statute the Sixth Circuit held was unconstitutional.

Rep. Stickland's HB 3164 (see the text) would delete all the caveats and exceptions in Texas' statute - including the phony, outdated distinction between more recent emails and those older than 180 days - and leave the law declaring, simply, that "An authorized peace officer may require a provider of electronic communications service to disclose the contents of a wire communication or an electronic communication  in electronic storage by obtaining a warrant."

That's exactly the right standard. The Fourth Amendment declares that, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." What are emails but our modern "papers"? That they're not printed on dead trees does not mitigate the fact that most Americans believe they have a reasonable expectation of privacy as it pertains to their private communications.

Really good bill - many thanks and kudos to Rep. Stickland for carrying it.


Anonymous said...

No doubt this is targeted at domestic terrorism, which is liberally construed as traffic violations nowadays. I am deeply curious as to the silly impetus behind this bill. No doubt it will involve saving the children or transnational gangs as DPS likes to portray.

Gritsforbreakfast said...

I hope you meant the "silly impetus" behind anyone opposing it.

The first complaint I heard from law enforcement was indeed about "saving the children." Naturally. Police use old emails in child porn investigations, was the complaint, or in cases involving online solicitation of a child. But if cops have reason to suspect someone of possession of child porn or online solicitation, they should get a warrant. And if they don't have individual suspicion, they shouldn't be rifling through random people's old emails looking for illicit content.

Anonymous said...

Ironically, I read in the news recently that Facebook's privacy policy is too strict.

Facebook has made it a policy to block people from a deceased relative's Facebook account.

Schools shouldn't be rifling through students' notebooks or phones for that, either.