A bill that will require law enforcement to obtain a warrant before accessing private online communications such as e-mail or social networking interactions is expected to be introduced in the Senate today.
According to the American Civil Liberties Union, this legislation is a “key piece of efforts to reform the Electronic Communications Privacy Act,” which was first passed in 1986. Even if you know nothing about the privacy act, you can probably figure out that legislation that passed in 1986 relating to online privacy is due for an update.
Back then, e-mail wasn’t nearly as important or prevalent as it is today. So, when the privacy act was written, Congress initially decided to handle e-mail (and other yet-to-be-defined types of communication, such as instant messaging chats, social networking interactions, and uploaded cloud files) as business records, which can be obtained by law enforcement with a simple administrative subpoena.
The ACLU says that, back in 1986, lawmakers assumed e-mail would be “largely transient” and wouldn’t be held for long periods of time. Therefore, the Electronic Communications Privacy Act is structured so that online communications older than 180 days is treated as “discarded” and thus not very private.
So, combine this thought — that looking at an e-mail that’s more than 180 days old is like looking at a letter that somebody abandoned on the side of the road — with the idea that e-mail messages are just business records, and it’s no wonder that the feds can nab the content of e-mail messages with a subpoena.
By the way, this is why cloud services’ terms of service always include a mention about how, if subpoenaed, the provider will give up your personal information to the government. Last year, Dropbox was heavily criticized for altering its TOS to make this portion more prominent, but the cloud storage provider explained that it didn’t really change anything — while the company planned to fight for its users’ privacy, handing over records because of a subpoena is just, well, the law.
The new bill, which will be introduced Senator Patrick Leahy of Vermont, will require that law enforcement get a probable-cause warrant before being able to read the contents of private online communications that are more than 180 days old.
Right now authorities need only “reasonable grounds to believe” that the content of such messages would be useful in their investigation to get a subpoena. However, “probable cause” means they would need to have enough information about the person they’re investigating to warrant a prudent and cautious person’s belief that evidence will be found in such messages.
According to Ars Technica, only the content of e-mails and online communications will be protected under this new bill; other key pieces of information, such as names, e-mail addresses, IP addresses, and transactional data will not require a warrant. The reason for this, according to former government official Marc J. Zwillinger, is because it’s “the type of information prosecutors use to build probable cause that enables them to seek court-ordered access to more sensitive information.”
Why you should care
This bill is important, and its ultimate outcome will affect anyone who uses any type of cloud-based services: Web-based e-mail, cloud storage providers, social networks, online chat applications or any Google products. And I assume that’s, well, all of you.
Right now, cloud providers have to give up your information to the government if they receive a subpoena. And not just your information, such as your full name, phone number, and address, but the actual contents of any private communication that they have on record. So if you happen to have Gmail messages or Facebook chats that are older than 180 days, they’re fair game.
Now, that’s not to say that cloud providers (or tech companies, for that matter) will immediately give up your data. Many companies — Google and Twitter, for example — will fight for their users’ right to privacy and require warrants before they give up information. In piracy lawsuits, many Internet service providers have been known to fight subpoenas by the RIAA.
Still, if this bill passes, the feds will be required to first get a warrant before asking for private information, which is a major step up from a subpoena. In order to get that warrant, they’ll have to be able to demonstrate that they have enough information about your alleged criminal activity to suggest that looking at your private communications will yield real evidence.