The Electronic Communications Privacy Act – Part 1
This may not be a surprise to some of you but the government can access your emails without a warrant by simply providing a statement (or subpoena) that the emails in question are relevant to an on-going federal case – criminal or civil.
This disturbing fact is legally justified through the misnamed Electronic Communications Privacy Act of 1986 otherwise known as 18 U.S.C. § 2510-22.
There are some stipulations to the government gaining access to your email;
- The email must be stored on a server, or remote storage (not an individual’s computer).This obviously targets Gmail, Outlook.com, Yahoo mail and others but what about corporate email administered by third parties, what about Outlook Web Access, remote workers that VPN into their corporate email servers, PSTs saved on cloud storage…
- The emails must have already been opened. Does Outlook auto-preview affect the state of “being read”?
- The emails must be over 180 days old if unopened
The ECPA (remember it was written in 1986) starts with the premise that any email (electronic communication) stored on a server longer than 180 days had to be junk email and abandoned. In addition, the assumption is that if you opened an email and left it on a “third-party” server for storage you were giving that “third-party” access to your mail and giving up any privacy interest you had which in reality is happening with several well-known email cloud providers (terms and conditions). In 1986 the expectation was that you would download your emails to your local computer and then either delete it or print out a hard copy for record keeping. So the rules put in place in 1986 made sense – unopened email less than 180 days old was still in transit and could be secured by the authorities only with a warrant (see below); opened email or mail stored for longer than 180 days was considered non-private or abandoned so the government could access it with a subpoena (an administrated request) – in effect, simply by asking for it.
Warrant versus Subpoena: (from Surveillance Self-Defense Web Site)
To get a warrant, investigators must go to a neutral and detached magistrate and swear to facts demonstrating that they have probable cause to conduct the search or seizure. There is probable cause to search when a truthful affidavit establishes that evidence of a crime will be probably be found in the particular place to be searched. Police suspicions or hunches aren’t enough — probable cause must be based on actual facts that would lead a reasonable person to believe that the police will find evidence of a crime.
In addition to satisfying the Fourth Amendment’s probable cause requirement, search warrants must satisfy the particularity requirement. This means that in order to get a search warrant, the police have to give the judge details about where they are going to search and what kind of evidence they are searching for. If the judge issues the search warrant, it will only authorize the police to search those particular places for those particular things.
Subpoenas are issued under a much lower standard than the probable cause standard used for search warrants. A subpoena can be used so long as there is any reasonable possibility that the materials or testimony sought will produce information relevant to the general subject of the investigation.
Subpoenas can be issued in civil or criminal cases and on behalf of government prosecutors or private litigants; often, subpoenas are merely signed by a government employee, a court clerk, or even a private attorney. In contrast, only the government can get a search warrant.
With all of the news stories about Edward Snowden and the NSA over the last year, this revelation brings up many questions for those of us in the eDiscovery, email archiving and cloud storage businesses.
In future blogs I will discuss these questions and others such as how does this effect “abandoned” email archives.