Decades ago, federal law was written to permit law enforcement to obtain certain data surrounding telecommunications quickly and efficiently, without any need for a search warrant. Yet unlike the law, technology has evolved, and law enforcement has been using that outdated authority to obtain digital communications, like email. That has lawmakers questioning whether the same warrantless standard should apply under such circumstances.
“As with all things related to technology, it’s a little more complicated than yes or no,” Rep. Mike Pompeo, R-Kan., told the Washington Examiner. In particular, Pompeo references Section 215 of the Patriot Act, which allowed for the National Security Agency’s broad collection of metadata before its expiration in late November.
“So you say, shouldn’t you need a warrant to get the content of an email. Well, 215 essentially answers that question, yes,” said Pompeo, a member of the House Select Committee on Intelligence. “You can collect metadata, you can go two or three hops from that metadata, but you can’t get personal information, you can’t get a person’s name, you can’t connect that phone number to a human being to get an identity.”
Metadata includes things like email addresses, times, locations, IP numbers and identification numbers associated with devices. It does not include the actual contents of communication, like words in an email. Under the Patriot Act of 2001, the NSA assumed authority to collect metadata without a warrant, but was not granted the authority to go beyond that collection.
The problem, privacy advocates say, is that more antiquated laws, promulgated before the advent of the Internet, do grant exceptionally broad authority in some circumstances. One example includes the Electronic Communications Privacy Act of 1986, which has been a subject of increasing scrutiny.
“Right now, the statute allows the government to obtain private messages that are older than 180 days, including web-based emails, social media messages, text messages and voicemails, as well as private documents stored by ‘cloud’ service providers … with an administrative subpoena,” explained Sophia Cole of the Electronic Frontier Foundation.
That statute, originally passed in order to allow for much more limited surveillance of telephone calls, has been used by agencies including the Internal Revenue Service, the Federal Bureau of Investigation and the Securities and Exchange Commission to rifle through the contents of digital communications. Groups like the Electronic Frontier Foundation, in addition to a number of lawmakers, have suggested reforming ECPA to require those agencies to obtain a probable cause warrant before doing so.
However, advocates of the status quo invoke national security. Under ECPA, the FBI has assumed the authority to issue “national security letters.” Those letters grant the agency power to compel disclosure of customer records by businesses that commonly include Internet service providers. It is additionally empowered to impose gag orders on the companies in question, preventing their disclosure of a letter to the public.
“Part of the problem with national security letters is how little we know about how they are used,” Nick Merrill, the former president of web provider Calyx, told the Examiner.
In November, a federal judge lifted a gag order that had been imposed on Merrill as a result of a national security letter issued to him in 2004. Unredacted court documents from the case revealed that Calyx had been ordered to turn over physical addresses, email addresses, telephone and billing records and other information that could be considered “electronic communications transactional records.”
“It took almost 12 years of expensive court proceedings just for me to be able to reveal what was in the letter I received in 2004,” Merrill said, “when the FBI already admitted that there was no underlying investigation.
“We don’t know how many innocent people’s private data has been collected without a warrant and without oversight,” he added. “We don’t know how much data the government has collected or who they are sharing it with.”
In Merrill’s case, the letter did not compel the disclosure of the contents of his customers’ communications. However, with the exception of Merrill, the nature of the national security letter program remains opaque. According to a 2007 report issued by the Department of Justice inspector general, the FBI issued more than 140,000 national security letters from 2003-05.
Prompted in part by the court’s order, Sen. Tom Cotton, R-Ark., introduced the Liberty Through Strength Act II in December, while Pompeo introduced companion legislation in the House. The bill would, in part, “[clarify] the FBI’s authority to obtain” electronic records under limited circumstances.
While it would affirm the agency’s authority to “request the name, address, length of service, local and long distance toll billing records and electronic communications transactional records of a person or entity,” it would also require that it be “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.” To added effect, the proposal also would prohibit investigations “conducted solely on the basis of activities protected by the First Amendment to the Constitution of the United States.”
That proposal has the potential to strike a balance between privacy and security hawks by preventing agencies like the IRS from participating in surveillance authorities used by the FBI while assuaging concerns that intelligence operations could be impeded by new requirements.
“I’m not sure if it’s always appropriate for a warrant,” Pompeo said. “Imagine non-U.S. persons located outside the U.S., or transmissions apart from the U.S. that end up coming to and from known terrorists.”
Related Story: http://www.washingtonexaminer.com/article/2577390
However, he added, “We should require our law enforcement and intelligence people to go through the constitutional process.”
