Tag: ecpa

A No-Brainer: Bad for Privacy and Liberty

CNET journalist Declan McCullagh has lit up the Internets today with his reporting on a revamped Senate online privacy bill that would give an alphabet soup of federal agencies unprecedented access to email and other online communications.

Leahy’s rewritten bill would allow more than 22 agencies – including the Securities and Exchange Commission and the Federal Communications Commission – to access Americans’ e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.

This would be an astounding expansion of government authority to snoop. And it comes at a time when the public is getting wind through the Petraeus scandal of just how easy it already is to access our private communications.

Assuming McCullagh’s reading of the draft he obtained is remotely plausible, Senate Judiciary Committee Chairman Patrick Leahy (D-VT) should reconsider his current course–if he wants to maintain the mantle of a privacy leader, at least.

The Washington, D.C., meta-story is almost as interesting. Who is where on the bill? And when? The ACLU’s Christopher Calabrese told McCullagh last night, “We believe a warrant is the appropriate standard for any contents.” Freedom Works came out of the gate this morning with a petition asking for oppositions to Senator Leahy’s revised bill.

The Center for Democracy did not have a comment when McCullagh asked, though spokesman Brock Meeks suggests via Twitter today that McCullagh didn’t try hard enough to reach him. The reason that’s important? CDT has a history of equivocation and compromise in the face of privacy-invasive legislation and policies. At this point, the group has said via Twitter that they “wouldn’t support the rewrite described in CNET.” That’s good news, and it’s consistent with people’s expectations for CDT both on the outside and within.

There will undoubtedly be more to this story. Emails should not only be statutorily protected, but Fourth Amendment protected, based on the framework for communications privacy I laid out for the Supreme Court in Cato’s Florida v. Jardines brief.

Sacrificing Liberties in the Name of Security

The new Justice Department Inspector General report finds that the FBI broke the law in seeking phone records.  Reports Jacob Sullum of Reason magazine:

In a report (PDF) issued today, Justice Department Inspector General Glenn Fine shows that the FBI routinely broke the law for several years by demanding telephone records through informal methods that were not authorized by statute. The abuses, which involved thousands of records, are especially striking because it is not very hard for the FBI to obtain this information legally. The Electronic Communications Privacy Act (ECPA) allows the bureau to demand records from phone companies through a “national security letter” (NSL) signed by the director or an official he designates. Under FBI policy, any special agent in charge can sign an NSL, which simply states that the records sought are “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.”

In 2003 FBI officials began dodging this minimal requirement by asking telecommunications carriers to suppy records without the legally required NSL “due to exigent circumstances” and promising to provide an NSL after the fact. These so-called exigent letters, which were often used when no emergency actually existed, were an extralegal contrivance that violated ECPA, bureau policy, and guidelines issued by the attorney general. The retroactive NSLs promised by the exigent letters often failed to appear because there was no authorized investigation to which they could be linked. To fix that problem, FBI officials resorted to another illegal procedure, issuing “blanket” NSLs tied to no particular investigation.

Even these pseudolegalities look downright upright next to the FBI’s other informal methods of obtaining records, which included requests by email, phone, post-it note, and in-person oral communication as well as “sneak peeks,” which were about as legitimate as they sound. The failure to follow the established NSL process is legally significant because ECPA prohibits telecom companies from disclosing customer records to the government except in specified circumstances. One of them is not when an FBI agent shows up at your office and says, “Mind if I take a look at that?”

The targets of the FBI’s illegal record grabs are unknown, with one major exception. “Some of the most troubling improper requests for telephone records,” the inspector general’s report notes, “occurred in media leak cases, where the FBI sought and acquired reporters’ telephone toll billing records and calling activity information without following federal regulation or obtaining the required Attorney General approval.” In 2008 FBI Director Robert Mueller apologized for the bureau’s improper snooping on foreign correspondents for The New York Times and The Washington Post.

Obviously, federal agencies require investigative authority to combat terrorism and other crimes.  But those investigations need to be conducted in accordance with the law and Constitution.  We must never forget that it is a free society which we are defending.