Image: Illustration by Post Typography
Last October the well-known hacking group Chaos Computer Club revealed that the German state police had been monitoring the computers of ordinary citizens using specially designed surveillance software. This spyware could peek into users’ files, record keystrokes, take screenshots of Web pages users happened to be visiting, and even commandeer Web cams and microphones, giving the cops an open window into the home. The revelations invited comparisons to the Stasi, the infamous police force that operated in the former East Germany.
It was a clear violation of citizens’ rights—and about as quaint as a cold war spy movie. Nowadays governments have far more comprehensive ways of monitoring citizens than merely tapping computers on desktops or in briefcases. Hardly any of us still keep our private data solely in any one machine; instead it resides on corporate servers far from our homes. E-mail providers save messages in giant server farms distributed around the world. Online services such as Google Docs, Dropbox and iCloud store spreadsheets and word-processing files in the “cloud” so that we can work on critical documents wherever we happen to be. Wireless phone companies keep records of the individual towers our cell phones connect to as we move around our communities. We tend to assume that these data are ours to keep private, just as we expect that the data on our machines are private. But here the law fails us.
The last wholesale revision to U.S. electronic privacy law was the Electronic Communications Privacy Act of 1986 (ECPA), which prevented law enforcement from eavesdropping on digital files as they moved through the nascent Internet. (Before then, the Department of Justice had argued that monitoring anything that wasn’t a voice call wasn’t a wiretap and therefore didn’t require a warrant.) Yet much has since changed. In 1986, when digital storage was expensive, an e-mail provider would send a file to the recipient’s computer and delete the message from its own servers soon thereafter. Congress therefore let the protections of the act expire after a file had been stored for 180 days. In 1986 cell phones were still mostly called “car phones” because the briefcase-size boxes they required were usually kept in a vehicle. The first satellite that would make up the Global Positioning System was still three years away from launch, as was the World Wide Web. In 1986 Facebook genius Mark Zuckerberg was two.
Law-enforcement agencies have been making active use of all the new data these technologies generate. Google reports that U.S. government agencies send it nearly 1,000 requests for user information every month; the company complied with 93 percent of them between January and June of last year (the most recent period for which statistics are available). Verizon executives told Congress in 2007 that law-enforcement agencies send the company 90,000 requests for user details a year, including information on the specific locations of cell-phone customers.
In part because of this deluge, a broad coalition of technology companies, think tanks and privacy advocates called Digital Due Process has formed to ask Congress to update the ECPA for the modern age. Its demand is simple enough: if a law-enforcement agency wants to look at private user data—whether e-mails, documents or cell-phone location information—it needs a warrant. This reasonable demand for clarity is fully in keeping with the spirit of the original ECPA, as well as the Fourth Amendment of the Constitution’s prohibition “against unreasonable searches and seizures.” Indeed, the Digital Due Process coalition has brought together some uncommon allies—the American Civil Liberties Union, the Competitive Enterprise Institute, Amazon, Americans for Tax Reform and AT&T, to name just a few near the top of the alphabet. It deserves support from all members of Congress, too.
7 Comments
Add CommentAs a member of local law enforcement, there are several issues with this article. There is a distinction between the Department of Justice, and "cops", as you refer to them on a local level. We have almost completely different missions and job duties. Sometimes we work together, most of the time we don't. We do not show up at work everyday trying to figure out who to "spy" on. We are far too busy for that. We also are well aware of the fourth ammendment, as it is pounded into our heads on an almost daily basis. Myself and members of my department have never tried to get digital information without a warrant, because it can't be obtained. Judges, and D.A.'s won't allow it, and cell and internet companies only keep information for a certain amount of time. Cell and internet companies will always tell us they need a warrant or subpoena for information. Have no fear, we are kept in check about privacy and the 4th ammendment. I have also never heard of agencies surrounding mine ever getting digital information without a warrant. An internet search on internet usage for the United States shows that there are nearly 240 million users, with our population of over 300 million. You stated that Google has 12,000 requests a year for information and Verizon had 90,000 a year. I feel that these are very small numbers in comparison to the ones stated above. We in law enforcement have much better things to do than "spy". A lot of these requests are to try to find already wanted subjects, or people who are actively involved in crimes, ie: maybe burglary suspects who we are tracking to your homes this very moment. I can't speak for the Department of Justice, but there is little need to raise a fever pitch amongst readers about privacy for cell phones and internet usage. This article is a typical opinion by people who have little idea of what really goes on in the law enforcement arena, and the people who read it become worried about the miniscule 12,000 requests a year, thinking that law enforcement is running rampant over everyone's civil rights regarding their cell and internet usage. The privacy laws in this country are balanced well, I see that everyday in court rooms, and D.A.'s offices. Our privacy laws do not need updating, and we are already always required to get warrants.
Reply | Report Abuse | Link to this"privacy by default" could prevent Social Media, Cloud Services etc. from gathering maximal private information from unsuspecting customers/users. Only by actively opting out of the basic information necessary to join or use any service more personal information may be revealed based on informed consent and awareness of the consequences.
Reply | Report Abuse | Link to thisA controversy is raging about the European Union´s demand to implement a Directive for a 6 to 24 months overall telecommunications data retention in Germany. Law inforcement and Conservatives like it, but civil liberties organisations, Chaos Computer Club etc. are strongly against.The Pirates Party is thriving on a surge of opposition. So far the German Justice Secretary is strictly against the Directive opting for a "quick freeze" mechanism instead. The German Constitutional Court had thrown out the German legislation and with 7 EU-Members refusing to comply, the matter is now up before the EU Court.
The Directive 2006/24/EG would allow movements of the entire population to be traced. Communications via phone, mobile or e-mail with personal/business contacts would be retraceably monitored removing privacy from personal relationships. User's location when making mobile calls or texting via mobile phone is also to be logged. Although eventually based on a judge´s warrant, data-access will be granted to police, prosecutors, secret services and even foreign states. The unreasonable expectation for better prevention and prosecution of crime and terrorism is proved by criminal´s and terrorist´s capabilities to outwit the authorities.
The joined content of different communications relating to personal interests and lives of the persons communicating can be abused. Data retention has a potential to disrupt professional activities (e.g. in clergy, journalism, medicine, law, ) relying on confidentiality. Ultimately it severely harms free society itself. Not to forget financial strain on businesses and consumers.
Unreasonable data retention excessively invades our personal privacy most likely violating the human right to privacy and informational self-determination as proclaimed in articles 8 of the EU Charter of Fundamental Rights and EU Convention on Human Rights
No really free country would make unreasonable demands on all citizens for questionable results just because of a few criminals or terrorists. Unless with an altogether different agenda behind it, which there is every reason to fight against. In court, parliament, public, online or wherever our citizen´s rights allow us to.
Sounds like the reawakening of the old Gestapo - the German SECRET state police. It's becoming harder and harder to trust "law" enforcement as it is becoming more obvious they are acting as tools of the pols.
Reply | Report Abuse | Link to thisBig Brother already has access to far too much data. Our digitized medical records, financial transactions, GPS tracking, just to name a few. Asking a judge to render a warrant granting permission is the weakest of safety checks, but better than allowing untrustworthy governments complete reckless invasion. I doubt very seriously that the NSA and other amped up government agencies will follow any law given their track records for trust. When will we figure out that surrendering freedom in the name of security is the worst and most flawed of thinking? Benjamin Franklin understood this best almost two hundred and fifty years past, “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”
Reply | Report Abuse | Link to thisThe editors' view that this particular type of invasion of privacy can only be allowed after a court has issued a warrant strikes me as entirely reasonable. But it must be noted that in many countries - including, but not merely the United States - such organs of oversight tend to become simple rubber stamps for the authorities that ostensibly appear before them to request permission for such activities. Even the work of these courts must be open to public examination, if the courts are to serve the public, rather than the authorities....
Reply | Report Abuse | Link to thisHenri
You're assuming that the 4th Amendment extends to your technology toys?
Reply | Report Abuse | Link to thisHow arrogant. Get a law passed, then come see me.
So your specific department is essentially honest. You are not part of Homeland Security. As you so clearly pointed out, you are not part of the Department of Justice. Just because you are trustworthy does not mean these other entities are.
Reply | Report Abuse | Link to thisWhen Congress and the President passed a bill into law that strips the Bill of Rights away from the Constitution on the meager suspicion or accusation of being a terrorist, do you really think we don't need protection from witch hunting? If you do then you are a terrorist. See what I did there? I just justified any government entity to disappear you without evidence, a trial, or any recourse at all.
That is why we need these protections. Due process of law should never be discarded or ignored by anyone.