DOJ: We don't need warrants for e-mail, Facebook chats
An FBI investigation manual updated last year, obtained
by the ACLU, says it's possible to warrantlessly obtain Americans' e-mail
"without running afoul" of the Fourth Amendment.
by Declan McCullagh
May 8, 2013 7:00 AM PDT
The U.S. Department of Justice and the FBI believe they
don't need a search warrant to review Americans' e-mails, Facebook chats,
Twitter direct messages, and other private files, internal documents reveal.
Government documents obtained by the American Civil
Liberties Union and provided to CNET show a split over electronic privacy
rights within the Obama administration, with Justice Department prosecutors and
investigators privately insisting they're not legally required to obtain search
warrants for e-mail. The IRS, on the other hand, publicly said last month that
it would abandon a controversial policy that claimed it could get warrantless
access to e-mail correspondence.
The U.S. attorney for Manhattan circulated internal
instructions, for instance, saying a subpoena -- a piece of paper signed by a
prosecutor, not a judge -- is sufficient to obtain nearly "all records
from an ISP." And the U.S. attorney in Houston recently obtained the
"contents of stored communications" from an unnamed Internet service
provider without securing a warrant signed by a judge first.
"We really can't have this patchwork system anymore,
where agencies get to decide on an ad hoc basis how privacy-protective they're
going to be," says Nathan Wessler, an ACLU staff attorney specializing in
privacy topics who obtained the documents through open government laws.
"Courts and Congress need to step in."
The Justice Department's disinclination to seek warrants
for private files stored on the servers of companies like Apple, Google, and
Microsoft continued even after a federal appeals court in 2010 ruled that
warrantless access to e-mail violates the Fourth Amendment. A previously
unreleased version of an FBI manual, last updated two-and-a-half years after
the appellate ruling, says field agents "may subpoena" e-mail records
from companies "without running afoul of" the Fourth Amendment.
The department did not respond to queries from CNET
Tuesday. The FBI said in a statement that:
In all investigations, the FBI obtains evidence in
accordance with the laws and Constitution of the United States, and consistent
with Attorney General guidelines. Our field offices work closely with U.S.
Attorney's Office to adhere to the legal requirements of their particular
districts as set forth in case law or court decisions/precedent.
Not all U.S. attorneys have attempted to obtain
Americans' stored e-mail correspondence without a warrant. The ACLU persuaded a
judge to ask whether warrantless e-mail access has taken place in six of the 93
U.S. Attorneys' offices -- including the northern California office that's
prosecuted an outsize share of Internet cases. The answer, according to
assistant U.S. attorney Christopher Hardwood, was "no."
Still, the position taken by other officials -- including
the authors of the FBI's official surveillance manual -- puts the department at
odds with a growing sentiment among legislators who insist that Americans'
private files should be protected from warrantless search and seizure. They say
the same Fourth Amendment privacy standards that require police to obtain
search warrants before examining hard drives in someone's living room, or a
physical letter stored in a filing cabinet, should apply.
After the IRS's warrantless e-mail access policy came to
light last month, a dozen Republican and Democratic senators rebuked the
agency. Their letter (PDF) opposing warrantless searches by the IRS and signed
by senators including Mark Udall (D-Colo.), Mike Lee (R-Utah), Rand Paul
(R-Ky.), and Ron Wyden (D-Ore.) said: "We believe these actions are a
clear violation of the Fourth Amendment's prohibition against unreasonable
searches and seizures."
Steven Miller, the IRS' acting commissioner, said during
a Senate hearing that the policy would be changed for e-mail. But he left open
the possibility that non-email data -- Google Drive and Dropbox files, private
Facebook and Twitter messages, and so on -- could be accessed without a
warrant.
Albert Gidari, a partner at the Perkins Coie law firm who
represents technology companies, said since the Sixth Circuit Court of Appeals'
2010 ruling in U.S. v. Warshak, the Justice Department has generally sought
court warrants for the content of e-mail messages, but is far less inclined to
take that step for non-email files.
Before the Warshak decision, the general rule since 1986
had been that police could obtain Americans' e-mail messages that were more
than 180 days old with an administrative subpoena or what's known as a 2703(d)
order, both of which lack a warrant's probable cause requirement and are less
privacy protective. Some e-mail providers, including Google, Microsoft, Yahoo,
and Facebook, but not all, have taken the position after Warshak that the
Fourth Amendment mandates warrants for e-mail all over the country.
The 180-day rule stems from the Electronic Communications
Privacy Act, which was adopted in the era of telephone modems, BBSs, and UUCP
links, and long before gigabytes of e-mail stored in the cloud was ever
envisioned. Since then, the appeals court ruled in Warshak, technology had
changed dramatically: "Since the advent of e-mail, the telephone call and
the letter have waned in importance, and an explosion of Internet-based
communication has taken place. People are now able to send sensitive and intimate
information, instantaneously, to friends, family, and colleagues half a world
away... By obtaining access to someone's e-mail, government agents gain the
ability to peer deeply into his activities."
A phalanx of companies, including Amazon, Apple,
AT&T, eBay, Google, Intel, Microsoft, and Twitter, as well as liberal,
conservative, and libertarian advocacy groups, have asked Congress to update
ECPA to make it clear that law enforcement needs a warrant to access private
communications and the locations of mobile devices.
In November, a Senate panel approved the e-mail warrant
requirement, and acted again last month. Rep. Zoe Lofgren, a Democrat whose
district includes the heart of Silicon Valley, introduced similar legislation
in the House of Representatives.
The political pressure, coupled with public petitions and
increased adoption of cloud-based services, has had an effect. In 2011, James
Baker, the associate deputy attorney general, warned that requiring search
warrants to obtain stored e-mail could have an "adverse impact" on
criminal investigations. By March 2013, however, Elana Tyrangiel, an acting
assistant attorney general, indicated that the department would acquiesce on
some privacy reforms.
"They dropped their opposition in Congress, but
they're going to try to wiggle out from under the Fourth Amendment whenever
possible," says the ACLU's Wessler. "They probably realize that they
couldn't figure out a way to respond to hard questions from Congress
anymore."
Separately, the New York Times reported Tuesday evening
that the Obama administration may embrace the FBI's proposal for a federal law
mandating that tech companies build in backdoors for surveillance. CNET
reported last year that the FBI has asked the companies not to oppose such
legislation, and that the FBI has been building a case for a new law by
collecting examples of how communications companies have stymied government
agencies.
Last week, FBI former counterterrorism agent Tim Clemente
told CNN that, in national security investigations, the bureau can access
records of a previously-made telephone call. "All of that stuff is being
captured as we speak whether we know it or like it or not," he said.
Clemente added in an appearance the next day that, thanks to the
"intelligence community" -- a likely reference to the National
Security Agency -- "there's a way to look at digital communications in the
past."
Comments
Post a Comment