Having just completed a month-long study about the life and works of George Orwell, I'm trying hard not to be overly sensitive about "Big Brother." Then I come across "Reform to Require Warrant for Private Online Messages Up for Vote, but Down on Privacy," an Electronic Frontier Foundation (EFF) post by Mark M. Jaycox:
Under these changes, certain administrative agencies would be able to obtain emails without a search warrant, making compliance complex and burdensome for businesses.
From what I understand, the EFF is upset that the politicians involved in reforming the Electronic Communications Privacy Act (ECPA) are backpedaling. The language in the initial amendment they championed removed all controversy about whether digital messages older than 180 days could be acquired without a warrant:
Section 202 amends title 18, United States Code, section 2702 (ECPA) to prohibit an electronic communication or remote computing service provider from voluntarily disclosing the contents of its customer's email or other electronic communications to the Government.
The latest version of the amendment retracts the above language and that is disconcerting to many privacy advocates. Not requiring a warrant for digital messages regardless of age is a problem for another branch of the federal government according to EFF's Jaycox:
Courts increasingly agree that the Fourth Amendment requires a warrant before the government-whether law enforcement or administrative agencies-can access all of our digital communications.
Wanting to understand what else the proposed amendments intended to change, I waded through the verbose lawyer-speak, coming away knowing no more than when I started. So, I checked with my sources who do understand.
Declan McCullagh of CNET already posted his interpretation, "Senate bill rewrite lets feds read your e-mail without warrants." The following points are Declan's translation of the interesting bits:
- Grants warrantless access to Americans' electronic correspondence to over 22 federal agencies. Only a subpoena is required, not a search warrant signed by a judge based on probable cause.
- Permits state and local law enforcement warrantless access to Americans' correspondence stored on systems not offered "to the public," including university networks.
- Authorizes any law enforcement agency to access accounts without a warrant -- or subsequent court review -- if they claim "emergency" situations exist.
- Says providers "shall notify" law enforcement in advance of any plans to tell their customers that they've been the target of a warrant, order, or subpoena.
- Delays notification of customers whose accounts have been accessed from 3 days to "10 business days." This notification can be postponed by up to 360 days.
Subpoena versus warrant
So, along with not clarifying the ECPA, politicians want to change from requiring warrants to requiring subpoenas. To fully understand what that meant, I did some checking. In no time at all, I accumulated a plethora of definitions -- all involving lawyer-speak. Sigh...
Fortunately, I know Peter D. Gifford. He's one of the lifeguards who protects me while I'm swimming laps at the local YMCA. I've been known to misjudge where the pool ends. Anyway, he's in law school, so I asked him.
Peter was happy to help, but only after I signed an ex-parte affidavit. That's my future attorney. Peter tackled warrants first:
In order for a court to issue a warrant, a court official (usually a judge) must determine if the requesting party has enough evidence to demonstrate probable cause that the suspect committed the crime.
Probable cause standards generally require more than circumstantial evidence in order for a Court to issue warrants -- therefore issued with more caution.
Next, Peter described why it was easier to obtain a subpoena:
Subpoenas, because they are often used to verify evidence, are issued at a far greater frequency. Judges do not need to issue them (usually just a lawyer or clerk representative of the court), and the standards for their issuance are easier to fulfill than the standards for a warrant.
From that, one might conclude the proposed changes would mean less privacy.
Have it wrong?
I was about to finish up, then all hell broke loose. It seems Declan's article raised quite a ruckus. It's not often the office of a U.S. Senator will issue a tweet saying a writer is wrong, and on the same day the article posted.
Senator Leahy's office also issued a press release that further clarified his position.
Up for vote
All this happened just before the Thanksgiving holiday. There is supposed to be a vote on the proposed changes the week starting November 25. So you still have time to ask questions or voice concerns.
I better put this piece to bed; my editor will be wondering what's going on. In a sense, I'm wondering as well. My best guess: there were ideas floating around from all concerned parties while the legislators were in what they call "discussion before markup" mode. And, it was some of those ideas that caused the angst.
Finally, it will be interesting to see if Declan's article plays a role in how the ECPA is reformed.Update (29 Nov 2012): I have been corresponding with Mr. Jaycox, and he asked me to clarify something. I felt it was best to let him explain:
If there's one thing to takeaway from the ECPA reform issue it's that currently the government argues that it can access email older than 180 days without a warrant and only with a subpoena.
Despite Fourth Amendment arguments to the contrary, law enforcement has been successful of convincing the courts that users do not have a reasonable expectation of privacy in their email older than 180 days. Judges are slowly turning aside this argument. In 2010 in the Sixth Circuit's US v. Warshak, they ruled that ECPA's differentiation of 180 days was unconstitutional.
I wanted to clarify this because reading your article left me with the impression that right now the government needs a warrant to read my emails older than 180 days.
Michael Kassner is currently a systems manager for an international company. Together with his son, he runs MKassner Net, a small IT publication consultancy.