There is a loophole written into law that makes Americans vulnerable to unnecessary privacy intrusions, even more unsettling than a lot of the Snowden disclosures, and many people aren’t even aware of it.
Though the PRISM and phone metadata programs that Mr. Snowden detailed were secret, at least a court must scrutinize them. A section of law that hasn’t come up for discussion in the past few weeks [...] is arguably less protective, giving law enforcement at all levels relatively unfettered access to stored e-mail, documents in the “cloud” and other personal material.
The reason is that law, the Electronic Communications Privacy Act (ECPA), is old, and technology has far surpassed the vision of the lawmakers who wrote and passed it in 1986.
The Stored Communications Act was enacted as part of the broader Electronic Communications Privacy Act. It was designed to keep service providers from releasing Americans’ stored phone and internet communications without their consent. Under the law, phone and email providers cannot provide communications to law enforcement without a search warrant, if they have been stored for fewer than 180 days. (In those days, anything stored longer than 180 days was considered abandoned, and therefore open to law enforcement inspection with little oversight.)
The problem is that in 1986 electronic storage was expensive, and email service providers usually deleted email after 30 or 90 days. Congress assumed that if someone wanted to keep a copy of an email, they would download it onto their own computer or print it out. Computer users stored documents on their personal computer hard drives, not in Google Docs or in another type of “cloud” storage. They rarely, if ever, emailed attached documents to other people…I’m not even sure that was possible in 1986.
In today’s connected world, Americans store email messages online, sometimes for years, compose everything from professional documents to love letters on cloud-based word processors, and keep their files on remote hard drives owned by communications companies or other entities, and located far away from their homes. For example, I prepare, file and store all of my income tax returns for the past several years at TurboTax, as well as locally on my home computer. So it’s not just metadata that’s vulnerable, as I discussed a couple of weeks ago — it’s the full contents of every stored email and every cloud-based document. But the law hasn’t changed accordingly, so law enforcement merely has to get a subpoena to examine all of it.
For years Sen. Patrick Leahy (D-Vt.), chairman of the Judiciary Committee, has been trying to amend the ECPA via the AMENDMENTS ACT OF 2013 [PDF]. The updates would contain multiple exceptions for law enforcement, but his amendments would at least require government investigators to obtain a search warrant when they want to obtain email content of any vintage from third-party companies. This would go a long way to meeting Americans’ legitimate expectations of privacy.
Image by kevindooley, Creative Commons Attribution 2.0 Generic license