by Doug Mataconis
“The Obama Administration is resisting an effort to extend 4th Amendment protections to electronic mail storied on third-party servers, such as services like Gmail and Yahoo: The Obama administration is urging Congress not to adopt legislation that would impose constitutional safeguards on Americans’ e-mail stored in the cloud. As the law stands now, the authorities may obtain cloud e-mail without a warrant if it is older than 180 days, thanks to the Electronic Communications Privacy Act adopted in 1986. At that time, e-mail left on a third-party server for six months was considered to be abandoned, and thus enjoyed less privacy protection. However, the law demands warrants for the authorities to seize e-mail from a person’s hard drive.
The Obama Administration, however, feels quite differently, as evidence by the testimony of Deputy Attorney General James Baker (PDF): "Congress should recognize the collateral consequences to criminal law enforcement and the national security of the United States if ECPA were to provide only one means — a probable cause warrant — for compelling disclosure of all stored content. For example, in order to obtain a search warrant for a particular e-mail account, law enforcement has to establish probable cause to believe that evidence will be found in that particular account. In some cases, this link can be hard to establish. In one recent case, for example, law enforcement officers knew that a child exploitation subject had used one account to send and receive child pornography, and officers discovered that he had another email account, but they lacked evidence about his use of the second account. The government’s ability to access, review, analyze and act promptly upon the communications of criminals that we acquire lawfully, as well as data pertaining to such communications, is vital to our mission to protect the public from terrorists, spies, organized criminals, kidnappers and other malicious actors.”
This is the same standard canard you get from law enforcement whenever it comes to protecting the privacy of citizens, and it’s as ridiculous here as it is in other situations. First of all, does anyone really think that this rogue’s gallery of “terrorists, spies, organized criminals, kidnappers and other malicious actors” is really using Gmail, Yahoo, or Twitter’s Direct Messaging service to plot their next criminal action? Perhaps the stupid ones are, but it isn’t the stupid ones that we need to worry about. The truly dangerous criminals already know the FBI might be watching, and they take steps to shield their communications. Second of all, the requirements of the 4th Amendment really aren’t that stringent; all it requires is probable cause, which is generally defined as: The Oxford Companion to American Law defines probable cause as “information sufficient to warrant a prudent person’s belief that the wanted individual had committed a crime (for an arrest warrant) or that evidence of a crime or contraband would be found in a search (for a search warrant)”.
How that standard is applied in individual circumstances has been refined by the Supreme Court over the years. Nonetheless the principle remains the same, if this law passed and a law enforcement officer could convince a judge that they had a reasonable belief that there was evidence of a crime that could be obtained from a person’s Gmail account then they’d have their warrant. What, exactly, is so hard about that? Moreover, expanding Fourth Amendment protections to email stored “in the cloud” would bring the law up to date with the manner in which email has evolved from something you accessed over a phone line and downloaded to your local hard drive to a web-based service that you can access from anywhere on a multitude of devices.
In Katz v. United States 389 U.S. 347 (1967) Justice Harlan set forth in a concurring a opinion a two-part test that has become a standard part of Fourth Amendment analysis:
(1) the individual “has exhibited an actual (subjective) expectation of privacy,” and (2) society is prepared to recognize that this expectation is (objectively) reasonable, then there is a right of privacy in the given circumstance
This standard was later adopted by the full court in a subsequent case. Applying this standard to services like Gmail, it’s fairly easy to see that a person who creates a password protected email account has a belief that the contents of that account will remain private. In many states, in fact, it is now a crime for third parties to access the account, even if they are family members of the account holder. Furthermore, given how widespread these third-party email services have become, such an expectation of privacy seems to be reasonable in this case (a conclusion that is bolstered, of course, by the fact that the law already recognizes a right to privacy against access by non-governmental actors).
CNet’s Declan McCullough points out that the Administration’s position here contradicts the position that then-Senator Obama took on these issues when he was a candidate for President: "Strengthening privacy laws" is precisely what Obama pledged during the 2008 presidential campaign. He told CNET at the time that: “I will work with leading legislators, privacy advocates, and business leaders to strengthen both voluntary and legally required privacy protections.”
In addition to industry groups, the coalition lobbying Congress to expand privacy protections to email on third-party servers ranges from the American Civil Liberties Union on the left to Americans For Tax Reform and the Competitive Enterprise Institute. All of these groups have agreed on a core set of principles that Congress should follow in updating the Electronic Communications Privacy Act for the new era of electronic communications:
1. The government should obtain a search warrant based on probable cause before it can compel a service provider to disclose a user’s private communications or documents stored online.
2. The government should obtain a search warrant based on probable cause before it can track, prospectively or retrospectively, the location of a cell phone or other mobile communications device.
3. Before obtaining transactional data in real time about when and with whom an individual communicates using email, instant messaging, text messaging, the telephone or any other communications technology, the government should demonstrate to a court that such data is relevant to an authorized criminal investigation.
4. Before obtaining transactional data about multiple unidentified users of communications or other online services when trying to track down a suspect, the government should first demonstrate to a court that the data is needed for its criminal investigation.
These all sound like excellent ideas to me. It’s too bad that the Obama Administration, like the Bush Administration before it, is more intent on expanding the power of law enforcement than protecting the rights of American citizens."