Weather Updates

Law leaves our online lives an open secret

Updated: December 29, 2012 6:20AM

In 1986 the American Banker defined E-mail as “a trademark of CompuServe,” Computerworld noted that sending a single message required a 10-minute phone call, and InfoWorld described “a pilot scheme that will allow users of one system to send messages to mailbox holders on another.” That was the year Congress enacted the Electronic Communications Privacy Act, so it is hardly surprising that the once forward-looking law seems antiquated today.

In fact, ECPA is so out of date that it has left us vulnerable to government snooping in ways most Americans do not appreciate. With the Senate Judiciary Committee considering possible fixes this week, now is a good time to reflect on how technological advances and misguided legal reasoning have eroded the Fourth Amendment guarantee against unreasonable searches of our “papers and effects,” which nowadays take forms the Framers could not have anticipated.

A series of Supreme Court decisions dealing with information held by third parties, including tax, bank and phone records, has left the constitutional status of email highly uncertain.

As a 1976 decision put it, “This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” This logic suggests we have no constitutional right to privacy in the personal data we routinely exchange and store via the Internet; hence the need for a statute like ECPA.

But the law, written during a time of dial-up connections and expensive data storage, draws distinctions that no longer make sense now that people are online all the time and commonly keep years of messages, photos, contacts, calendars and word processing files on servers located hundreds of miles away. Under ECPA, for instance, law enforcement agencies must obtain a judicial warrant based on probable cause to read unopened, remotely stored email that is up to six months old. But they can look at email that has been opened or retained more than six months (i.e., anything important) simply by claiming it is “relevant and material to an ongoing criminal investigation.”

As George Washington law professor Orin Kerr observes, ECPA “offers surprisingly low privacy protections when the government seeks to compel contents other than unretrieved communications held pending transmission for 180 days or less.” In fact, depending on how the statute is interpreted, information stored online through services such as Gmail and Facebook, including a great deal of sensitive material that people do not intend to share with the world, may not be protected at all.

The law is also hazy on the question of whether police need a warrant, a court order, a subpoena, or simply a whim to obtain geolocation data showing everywhere you and your cellphone have been. While the Supreme Court ruled in January that police need a warrant to track a suspect by attaching a GPS device to his car, it left unresolved the constitutionality of surveillance that does not require a physical trespass, as Justice Sonia Sotomayor noted in a concurring opinion.

Sotomayor suggested “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” Without such a reconsideration, more and more of what you thought was your private business will become an open e-book.

© 2014 Sun-Times Media, LLC. All rights reserved. This material may not be copied or distributed without permission. For more information about reprints and permissions, visit To order a reprint of this article, click here.