Senate bill rewrite lets feds read your e-mail without warrants

Eugen Leitl eugen at leitl.org
Tue Nov 20 07:16:17 PST 2012


http://news.cnet.com/8301-13578_3-57552225-38/senate-bill-rewrite-lets-feds-read-your-e-mail-without-warrants/

Senate bill rewrite lets feds read your e-mail without warrants

Proposed law scheduled for a vote next week originally increased Americans'
e-mail privacy. Then law enforcement complained. Now it increases government
access to e-mail and other digital files.

by Declan McCullagh

November 20, 2012 4:00 AM PST Follow @declanm

Sen. Patrick Leahy previously said his bill boosts Americans' e-mail privacy
protections by "requiring that the government obtain a search warrant."
That's no longer the case.  (Credit: U.S. Senate)

A Senate proposal touted as protecting Americans' e-mail privacy has been
quietly rewritten, giving government agencies more surveillance power than
they possess under current law.

CNET has learned that Patrick Leahy, the influential Democratic chairman of
the Senate Judiciary committee, has dramatically reshaped his legislation in
response to law enforcement concerns. A vote on his bill, which now
authorizes warrantless access to Americans' e-mail, is scheduled for next
week.  Revised bill highlights

b- Grants warrantless access to Americans' electronic correspondence to over
22 federal agencies. Only a subpoena is required, not a search warrant signed
by a judge based on probable cause.

b- Permits state and local law enforcement to warrantlessly access Americans'
correspondence stored on systems not offered "to the public," including
university networks.

b- Authorizes any law enforcement agency to access accounts without a warrant
-- or subsequent court review -- if they claim "emergency" situations exist.

b- Says providers "shall notify" law enforcement in advance of any plans to
tell their customers that they've been the target of a warrant, order, or
subpoena.

b- Delays notification of customers whose accounts have been accessed from 3
days to "10 business days." This notification can be postponed by up to 360
days.

Leahy's rewritten bill would allow more than 22 agencies -- including the
Securities and Exchange Commission and the Federal Communications Commission
-- to access Americans' e-mail, Google Docs files, Facebook wall posts, and
Twitter direct messages without a search warrant. It also would give the FBI
and Homeland Security more authority, in some circumstances, to gain full
access to Internet accounts without notifying either the owner or a judge.

It's an abrupt departure from Leahy's earlier approach, which required police
to obtain a search warrant backed by probable cause before they could read
the contents of e-mail or other communications. The Vermont Democrat boasted
last year that his bill "provides enhanced privacy protections for American
consumers by... requiring that the government obtain a search warrant."

Leahy had planned a vote on an earlier version of his bill, designed to
update a pair of 1980s-vintage surveillance laws, in late September. But
after law enforcement groups including the National District Attorneys'
Association and the National Sheriffs' Association organizations objected to
the legislation and asked him to "reconsider acting" on it, Leahy pushed back
the vote and reworked the bill as a package of amendments to be offered next
Thursday.

One person participating in Capitol Hill meetings on this topic told CNET
that Justice Department officials have expressed their displeasure about
Leahy's original bill. The department is on record as opposing any such
requirement: James Baker, the associate deputy attorney general, has publicly
warned that requiring a warrant to obtain stored e-mail could have an
"adverse impact" on criminal investigations.

Marc Rotenberg, head of the Electronic Privacy Information Center, said that
in light of the revelations about how former CIA director David Petraeus'
e-mail was perused by the FBI, "even the Department of Justice should concede
that there's a need for more judicial oversight," not less.

An aide to the Senate Judiciary committee told CNET that because discussions
with interested parties are ongoing, it would be premature to comment on the
legislation.

Markham Erickson, a lawyer in Washington, D.C. who has followed the topic
closely and said he was speaking for himself and not his corporate clients,
expressed concerns about the alphabet soup of federal agencies that would be
granted more power:

    There is no good legal reason why federal regulatory agencies such as
the NLRB, OSHA, SEC or FTC need to access customer information service
providers with a mere subpoena. If those agencies feel they do not have the
tools to do their jobs adequately, they should work with the appropriate
authorizing committees to explore solutions. The Senate Judiciary committee
is really not in a position to adequately make those determinations. b 

The list of agencies that would receive civil subpoena authority for the
contents of electronic communications also includes the Federal Reserve, the
Federal Trade Commission, the Federal Maritime Commission, the Postal
Regulatory Commission, the National Labor Relations Board, and the Mine
Enforcement Safety and Health Review Commission.

Leahy's modified bill retains some pro-privacy components, such as requiring
police to secure a warrant in many cases. But the dramatic shift, especially
the regulatory agency loophole and exemption for emergency account access,
likely means it will be near-impossible for tech companies to support in its
new form.

A bitter setback This is a bitter setback for Internet companies and a
liberal-conservative-libertarian coalition, which had hoped to convince
Congress to update the 1986 Electronic Communications Privacy Act to protect
documents stored in the cloud. Leahy glued those changes onto an unrelated
privacy-related bill supported by Netflix.

At the moment, Internet users enjoy more privacy rights if they store data on
their hard drives or under their mattresses, a legal hiccup that the
companies fear could slow the shift to cloud-based services unless the law is
changed to be more privacy-protective.

Members of the so-called Digital Due Process coalition include Apple,
Amazon.com, Americans for Tax Reform, AT&T, the Center for Democracy and
Technology, eBay, Google, Facebook, IBM, Intel, Microsoft, TechFreedom, and
Twitter. (CNET was the first to report on the coalition's creation.)

Leahy, a former prosecutor, has a mixed record on privacy. He criticized the
FBI's efforts to require Internet providers to build in backdoors for law
enforcement access, and introduced a bill in the 1990s protecting Americans'
right to use whatever encryption products they wanted.  An excerpt from
Leahy's revised legislation authorizing over 22 federal agencies to
obtain Americans' e-mail without a search warrant signed by a judge.

An excerpt from Leahy's revised legislation authorizing over 22 federal
agencies to obtain Americans' e-mail without a search warrant signed by a
judge. Click for larger image.

But he also authored the 1994 Communications Assistance for Law Enforcement
Act, which is now looming over Web companies, as well as the reviled Protect
IP Act. An article in The New Republic concluded Leahy's work on the Patriot
Act "appears to have made the bill less protective of civil liberties." Leahy
had introduced significant portions of the Patriot Act under the name
Enhancement of Privacy and Public Safety in Cyberspace Act (PDF) a year
earlier.

One obvious option for the Digital Due Process coalition is the simplest: if
Leahy's committee proves to be an insurmountable roadblock in the Senate, try
the courts instead.

Judges already have been wrestling with how to apply the Fourth Amendment to
an always-on, always-connected society. Earlier this year, the U.S. Supreme
Court ruled that police needed a search warrant for GPS tracking of vehicles.
Some courts have ruled that warrantless tracking of Americans' cell phones,
another coalition concern, is unconstitutional.

The FBI and other law enforcement agencies already must obtain warrants for
e-mail in Kentucky, Michigan, Ohio, and Tennessee, thanks to a ruling by the
6th Circuit Court of Appeals in 2010.

Topics:

    Privacy 

Tags: department of justice, fbi, calea, ecpa, fourth amendment, electronic
communications privacy act, privacy, patrick leahy, u.s. senate 

Declan McCullagh

Declan McCullagh is the chief political correspondent for CNET. Declan
previously was a reporter for Time and the Washington bureau chief for Wired
and wrote the Taking Liberties section and Other People's Money column for
CBS News' Web site.





More information about the cypherpunks-legacy mailing list