Who gets to read your mail? Under what conditions?
In the pre-Internet days, these questions were answered easily.
Private correspondence was just that — private, between the letter writer and the intended recipient. Absent a court order — based on probable cause — no else was legally entitled to have a look.
And it was much harder for anyone not legally entitled to have a look because correspondence was physical — a letter written on paper or a similar document you actually held in your hands — and so, harder for people who had no business looking at it to even get their hands on it. Someone would have to filch your desk drawer, for example — which pretty much meant physically entering your home.
Internet correspondence — emails — changed that balance, which now tilts too far away from the legitimate privacy concerns of ordinary Americans. Emails, once sent, are no longer under the sender’s (or recipient’s) physical control. Copies are stored in servers that are under someone else’s control. Many people are unaware of this fact. Every email you’ve ever sent — or received — has transited the Net via a server and that server retains a copy.
That means anything you’ve ever written — or which someone else has written to you — is out there, somewhere. And could be accessed without your consent or even your knowledge. More than mere embarrassment (à la the Sony hack scandal) could ensue, too. Many of us have been a bit too liberal with our personal information, such as our financial data. But even if you have been careful, it doesn’t mean you’re protected from the consequences of the carelessness of others. Your bank, for example. A merchant (store) you deal with online. Bear in mind that any data that’s ventured out onto the information superhighway can be “pulled over” not just by “cops” (with warrants) but teenage hackers in Russia, too.
The Fourth Amendment reads:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The problem is, the Fourth Amendment only applies within the boundaries of the United States. And the Internet is global.
Teenage hackers in Russia are not bound by the Constitution. Russian courts do not respect it. If your data is stored in a foreign country, it is not protected by the Fourth Amendment.
And even within the boundaries of the United States, under current law, Fourth Amendment protections apply more loosely to electronic communications. A mere subpoena is all that’s required in order to force a telecom to hand over any emails and so on that are more than 180 days old. Remember: For years now, server capacity (especially since the advent of so-called “cloud” storage) is effectively infinite.
Whereas in the early days of the Internet — circa the late 1990s — limited capacity effectively forced the regular automatic deletion of old emails and so on in order to avoid overloading the storage capacity of servers.
Hence the need to update the laws regarding online communications. Specially, the now-ancient (enacted back in 1986) Electronic Communications Privacy Act. Which — obviously — didn’t take into account electronic communications such as emails. Because emails did not exist in 1986. Well, there was the Arpanet — the Internet’s predecessor. But outside of academia and the military, circa 1986, ordinary people didn’t even know what an “email” was — let alone sent (or received) emails.
Last fall, Utah Republican Senator Orrin Hatch put forward an amendment to the hoary ECPA Act of ’86 called the Law Enforcement Access to Data Stored Abroad (LEADS) Act. The proposed legislation (S. 512 and H.R. 1174) would update the ECPA, talking into account the now-ubiquitous used of “e” rather than physical means of correspondence as well as the facts about where these electronic communications are stored. Perhaps even more important to the average person’s peace of mind, it lays down the “terms and conditions” as regards how this data may be accessed by third parties such as law enforcement, including a provision that would end the current (ECPA) loophole that allows government to filch through emails more than 180 days old with nothing more than a subpoena. The LEADS act would require the same protections — the same Fourth Amendment due process — that apply to newer emails. Indeed, to physical correspondence such as a letter you sent or received that’s stored in a desk drawer inside your home.
A warrant — based on probable cause — would need to be issued by a judge.
This places a higher evidentiary burden on the government than a mere subpoena, which is merely an order issued by a judge (often, by a clerk — with the judge’s signature added as a mere formality) that does not require the presentation of probable cause. That is, a subpoena does not require the government to present any evidence that a crime has been committed. The difference in legal protection afforded the average citizen is — cue Paris Hilton — huge.
LEADS would make it much more difficult for the government to conduct dragnet-style fishing expeditions.
While some might object to this — if you’ve got nothing to hide, why are you worried? — they miss the point that in a free society, it is necessary that the government (and law enforcement) be held to a higher standard than would be the case in a not-free society. While it might be a bit more challenging to catch criminals, the upside is that average people are not treated as presumptively criminal.
This is a critical difference between a free — and unfree — societies.
LEADS would also do something about the current problem of American-based corporations which store data outside the boundaries of the United States — if not completely closing at least cinching tighter what has been up to now a very big loophole through which much data has already been mined. Similar legal restrictions that apply to accessing data stored within the boundaries of the U.S. would be applied to data stored outside the U.S. under the control (via servers and clouds) of U.S. based companies operating overseas — with the caveat that the company could fight a government order to hand over data if that order would violate the foreign country’s own laws.
LEADS isn’t perfect. It does not restore the full vigor of the Fourth Amendment’s intended protections. But, to draw an analogy, it’s like containing the in-rushing waters of the ice-cold Atlantic that night in 1912 when Titanic hit the iceberg.
Instead of sinking, the ship’s merely listing now.
More work toward reestablishing the balance between government’s voracious appetite for information — and the American people’s right to be “secure in their persons, houses, papers and effects against unreasonable searches and seizures” remains to be done, but — as Jefferson himself repeatedly admonished — it’s vital to never fall into the trap of letting the perfect become the enemy of the good.