Inside Orders: Administrative Subpoenas and the Surveillance State

Above: the cover of the administrative subpoena the DA of Suffolk county's office sent to Twitter seeking records related to Occupy Boston in December 2011.

When the government wants to listen in on your phone calls, it needs to take an oath to a judge affirming that it believes you are involved in criminal activity. If the evidence looks good, the judge will provide it with a warrant. When everyone used land lines to communicate, this system worked.

But now that most people travel with and use their mobile phones everywhere they go, law enforcement's interest in our telephones has changed substantially. Many times the actual spoken words --- the content --- of telephone conversations is less useful to investigators than are the transactional details of the calls you make. Transactional records, also called 'metadata', show the GPS location from where calls were made, the numbers called, and the dates and times the phone was used. Email metadata reveals the information in the 'To', 'From', and 'CC' fields, as well as the time and date when the email was sent, and the IP address assigned to the computer that sent it. This information, held by third parties like phone and internet companies, can often tell law enforcement a lot more than they'd be able to discern by listening to what you say over the phone. Unlike us, metadata doesn't lie. And unfortunately for our privacy rights, metadata is also a lot easier for police to access.

In place of asking a judge for a warrant, federal and increasingly state and local law enforcement only need a subpoena in order to compel telecommunications companies (or banks, or even pharmacies) to hand over your private information. An administrative subpoena is simply a piece of paper that a prosecutor fills out and hands to the holder of records. No judge is involved in this process, and prosecutors can obtain this information about us even if they have no evidence that we've broken the law.

When testifying before Congress, Ava Cooper Davis, Deputy Assistant Administrator of the Office of Special Intelligence at the DEA, explained how her agency obtains records using subpoenas:

When a criminal investigator acquires a telephone number for which the subscriber information is not immediately known, the investigator must first identify the telephone company (e.g., Verizon, Sprint, AT&T, etc.) that owns or controls that number. Once the telephone company is identified, the investigator will obtain an administrative subpoena, requesting subscriber name, billing information, and telephone toll records for a specific time frame.

Administrative subpoenas differ from traditional warrants because they are issued by agencies, not judges. Subpoenas are official letters demanding something of the target, either a demand that the target testify or that the target hands over something tangible, like phone records or a computer. Unlike warrants, subpoenas do not need to be based on evidence that there is probable cause to suspect a crime has been committed.

One of the reasons courts have allowed subpoenas without evidence of probable cause is because the subpoenas are issued directly to the holder of the records or to the person whose testimony is sought, and not seen as intrusive as search warrants executed by law enforcement. The legal framework governing access to our metadata wrongly assumes that content is automatically more revealing, and thus deserving of more protection. But metadata reveals the content of our lives, in a way that even content sometimes doesn't.

Making matters worse, when prosecutors issue administrative subpoenas to telecommunications or other third party information holders, the actual subject of the investigation often remains unaware of the intrusion into their private life, because they do not possess their own records --- the companies do. Something in legal precedent called the "Third Party Doctrine" says that, as soon as you give records over to a third party, you lose your right to defend them from the government's sticky fingers.

Often the subpoenas ask that the company holding the records not disclose to the target, or the user, that their information is being subpoenaed. That was the case in December 2011 when the Sufflok county DA office in Boston requested information on Occupy Boston affiliated Twitter accounts. Twitter, acting responsibly as it has done in the past, did not comply with the DA's request and notified the users.

Twitter is an outstanding member of the corporate internet community in this regard, but other companies don't appear to make much of an effort to even inform people when the government requests their records.

In order to fix this problem, we need to update both state and federal law to reflect the kinds of communications technologies we use today. The subpoena model for call records may have sufficiently protected our rights in the 1980s, but it does not suffice today. Investigators can learn too much about our private lives simply by filling out a piece of paper and submitting it to companies that maintain our most sensitive records. In Massachusetts, most people don't even know this law exists.

It's not just the NSA. When it comes to our most sensitive metadata, state and local prosecutors can often obtain our most private information--no warrant, judicial oversight, or evidence required.

Mass Focus: Administrative Subpoenas in the Commonwealth

In 2008, the provisions of Massachusetts general law c. 271 section 17B were amended to expand the power of prosecutors in the state to obtain information about your private communications. Enacted as part of legislation addressed to preventing sexual abuse of children, and described as a tool to track online predators, the amendment of section 17B went much further. As amended, the law allows the attorney general or a district attorney to issue an administrative subpoena to telecommunications companies for transactional information concerning private communications if the prosecutor has "reasonable grounds to believe that [such records] are relevant and material to an ongoing criminal investigation." The recipient of such a subpoena is required to deliver the records to the attorney general or district attorney within 14 days. Although the statute expressly prohibits the disclosure of the content of electronic communications, the transactional and location-based data that can be obtained under the statute could reveal significant information about the activities and communications of Massachusetts persons.

We at the ACLU of Massachusetts are interested to learn how often agencies in Massachusetts are using administrative subpoenas, so we submitted a public records request to each district attorney and to the state attorney general, asking for records showing how and when they used this power over a three-year period. What we learned is alarming.

The responses to our requests showed that:

Most DAs keep no separate records regarding their use of administrative subpoenas, meaning there is no practical way to find out how many they issue each year, or why they are issued;
Only two offices – the DAs for Suffolk and Berkshire counties – keep records about the use of administrative subpoenas, and they show that prosecutors are using the powerful surveillance tool a lot;
In the first two full years they had administrative subpoena powers, Suffolk County (which includes Boston) made 514 requests for people’s personal electronic information held by phone and internet companies. But the trend was even more alarming than the number of subpoenas issued: the number more than doubled from 2009 to 2010. Who knows how many are issued annually today?
In Berkshire County, the DA made more than 1,000 requests in 2009 and 2010. Only 131,219 people lived in the county in 2010. That means either Berkshire County is the world hub of online predators, or prosecutors are using this secret power to invade the privacy of residents with unchecked abandon.
In 2013, we filed another round of requests to prosecutors offices in Massachusetts. We wanted to know how the use of administrative subpoenas had changed over the years. Here's some of what we learned:
  • With the exception of the Suffolk County DA’s office, no DAs provided documents other than templates of administrative subpoenas or sample request forms used for internal approval. Two DA’s offices – Cape and Islands, and Bristol County – failed to respond to our request altogether.
  • Some DAs don’t maintain separate logs of administrative subpoenas at all. Others claimed that almost all information related to their use is exempt from public disclosure – declining to reveal the broad categories of offenses investigated through this power, or even the bare number of subpoenas issued.
  • The number of times that the Suffolk DA (whose jurisdiction includes Boston) sought personal information through administrative subpoenas has dramatically increased since being granted this power in 2008. In the first 2 years, Suffolk issued 514 demands for information. Between 2009-2010, this number more than doubled. This upward trend has continued, with over 1,300 administrative subpoenas issued in 2011 and 2012 (with an increase from 578 in 2011 to 734 in 2012). We don’t have enough 2013 data to approximate the past year’s numbers, but there is no indication that the DA’s hunger for our private records has diminished. The information from 2012 shows that prosecutors in Suffolk County alone were filing more than two of these warrantless demands per day, on average.
  • Although Berkshire County previously accounted for its administrative subpoena use in response to our first public records request, this time it failed to do so. Here’s what we had concluded about Berkshire previously: “The DA made more than 1,000 requests in 2009 and 2010. Only 131,219 people lived in the county in 2010. That means either Berkshire County is the world hub of online predators, or prosecutors are using this secret power to invade the privacy of residents with unchecked abandon.” Contrary to its earlier stance, Berkshire’s DA office now holds the position that this is not a matter of public record even if such records are currently available.
We are going to continue to investigate how administrative subpoenas are being deployed to secretly collect information about us from third parties, so stay tuned. We are also working with state legislators to narrow and alter the 2008 administrative subpoena statute to require that prosecutors keep records about how and why they are deploying the power.
But ultimately, if law enforcement wants access to our private information, they should get a warrant. Towards that end, we are also supporting legislation that will mandate police get a warrant before they pry into our private digital lives. To find out how you can get involved to support that effort, join us.
Sign up for email alerts // Contact us

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer