Privacy SOS

Department of Justice has too much access to our electronic communications, not too little

Two articles in today’s press illuminate just how far the Department of Justice is straying from the Fourth Amendment when it comes to electronic surveillance.

The first story is from CNET, reporting on documents the ACLU pried out of the DOJ and the Executive Office of US Attorneys. The records reveal that US Attorneys in some parts of the country, including Manhattan, do not think they need to get warrants to read emails or other electronic communications content.

CNET:

Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail. The IRS, on the other hand, publicly said last month that it would abandon a controversial policy that claimed it could get warrantless access to e-mail correspondence.

The U.S. Attorney for Manhattan circulated internal instructions, for instance, saying a subpoena — a piece of paper signed by a prosecutor, not a judge — is sufficient to obtain nearly "all records from an ISP." And the U.S. Attorney in Houston recently obtained the "contents of stored communications" from an unnamed Internet service provider without securing a warrant signed by a judge first.

"We really can't have this patchwork system anymore, where agencies get to decide on an ad hoc basis how privacy-protective they're going to be," says Nathan Wessler, an ACLU staff attorney specializing in privacy topics who obtained the documents through open government laws. "Courts and Congress need to step in."

The Justice Department's disinclination to seek warrants for private files stored on the servers of companies like Apple, Google, and Microsoft continued even after a federal appeals court in 2010 ruled that warrantless access to e-mail violates the Fourth Amendment. A previously unreleased version of an FBI manual, last updated two-and-a-half years after the appellate ruling, says field agents "may subpoena" e-mail records from companies "without running afoul of" the Fourth Amendment."

In other words, the DOJ thinks it can (and in many cases does) get access to our electronic communications without the judicial check required under the Fourth Amendment. Keep that in mind as you read this excerpt from Charlie Savage’s New York Times story on the FBI supposedly “going dark” online:

The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations.

The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders. That proposal, however, bogged down amid concerns by other agencies, like the Commerce Department, about quashing Silicon Valley innovation.

While the F.B.I.’s original proposal would have required Internet communications services to each build in a wiretapping capacity, the revised one, which must now be reviewed by the White House, focuses on fining companies that do not comply with wiretap orders. The difference, officials say, means that start-ups with a small number of users would have fewer worries about wiretapping issues unless the companies became popular enough to come to the Justice Department’s attention.

Critics of the DOJ proposal say that it opens up reasonably secure communications channels to attacks from hackers and identity thieves, not to mention the obvious privacy implications pertaining to government access. A lawyer for technology companies quoted in the NYT piece says that if the proposal becomes law, “we’ll look a lot more like China than America."

Those criticisms are valid and important, but the Savage piece misses a key detail pointed out by EFF’s Trevor Timm: the FBI, contrary to its sustained and loud protestations, does not have a “going dark” problem.

Just as Commissioner Ed Davis has called for more cameras after the Boston bombings, even though the cameras at the scene sufficed to assist investigators in identifying their suspects, the FBI is loudly complaining about a problem — and proposing a drastic, privacy violative 'solution' — that does not practically exist.

Timm tweeted evidence of this indisputable fact. What you’re looking at below is a table from the US Courts 2011 Wiretap Report showing how many times the federal government has been denied access to electronic communications information due to encryption. As you can see, this supposedly enormous problem arose exactly zero times between 2000 and 2011.

The news today shows that the DOJ has no problem getting access to our electronic communications, often without warrants, and yet wants even greater power to wiretap the internet. 

Perhaps we are already more like China than we’d like to believe.

© 2021 ACLU of Massachusetts.