Senate bill rewrite lets feds read your e-mail without warrants
Proposed law scheduled for a vote next week originally increased Americans' e-mail privacy. Then law enforcement complained. Now it increases government access to e-mail and other digital files.
Sen. Patrick Leahy previously said his bill boosts Americans' e-mail privacy protections by "requiring that the government obtain a search warrant." That's no longer the case.
(Credit: U.S. Senate)A Senate proposal touted as protecting Americans' e-mail privacy has been quietly rewritten, giving government agencies more surveillance power than they possess under current law.
CNET has learned that Patrick Leahy, the influential Democratic chairman of the Senate Judiciary committee, has dramatically reshaped his legislation in response to law enforcement concerns. A vote on his bill, which now authorizes warrantless access to Americans' e-mail, is scheduled for next week.
Revised bill highlights
✭ Grants warrantless access to Americans' electronic correspondence to over 22 federal agencies. Only a subpoena is required, not a search warrant signed by a judge based on probable cause.
✭ Permits state and local law enforcement to warrantlessly access Americans' correspondence stored on systems not offered "to the public," including university networks.
✭ Authorizes any law enforcement agency to access accounts without a warrant -- or subsequent court review -- if they claim "emergency" situations exist.
✭ Says providers "shall notify" law enforcement in advance of any plans to tell their customers that they've been the target of a warrant, order, or subpoena.
✭ Delays notification of customers whose accounts have been accessed from 3 days to "10 business days." This notification can be postponed by up to 360 days.
Leahy's rewritten bill would allow more than 22 agencies -- including the Securities and Exchange Commission and the Federal Communications Commission -- to access Americans' e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.
It's an abrupt departure from Leahy's earlier approach, which required police to obtain a search warrant backed by probable cause before they could read the contents of e-mail or other communications. The Vermont Democrat boasted last year that his bill "provides enhanced privacy protections for American consumers by... requiring that the government obtain a search warrant."
Leahy had planned a vote on an earlier version of his bill, designed to update a pair of 1980s-vintage surveillance laws, in late September. But after law enforcement groups including the National District Attorneys' Association and the National Sheriffs' Association organizations objected to the legislation and asked him to "reconsider acting" on it, Leahy pushed back the vote and reworked the bill as a package of amendments to be offered next Thursday.
One person participating in Capitol Hill meetings on this topic told CNET that Justice Department officials have expressed their displeasure about Leahy's original bill. The department is on record as opposing any such requirement: James Baker, the associate deputy attorney general, has publicly warned that requiring a warrant to obtain stored e-mail could have an "adverse impact" on criminal investigations.
Marc Rotenberg, head of the Electronic Privacy Information Center, said that in light of the revelations about how former CIA director David Petraeus' e-mail was perused by the FBI, "even the Department of Justice should concede that there's a need for more judicial oversight," not less.
An aide to the Senate Judiciary committee told CNET that because discussions with interested parties are ongoing, it would be premature to comment on the legislation.
Markham Erickson, a lawyer in Washington, D.C. who has followed the topic closely and said he was speaking for himself and not his corporate clients, expressed concerns about the alphabet soup of federal agencies that would be granted more power:
❝ There is no good legal reason why federal regulatory agencies such as the NLRB, OSHA, SEC or FTC need to access customer information service providers with a mere subpoena. If those agencies feel they do not have the tools to do their jobs adequately, they should work with the appropriate authorizing committees to explore solutions. The Senate Judiciary committee is really not in a position to adequately make those determinations. ❞
The list of agencies that would receive civil subpoena authority for the contents of electronic communications also includes the Federal Reserve, the Federal Trade Commission, the Federal Maritime Commission, the Postal Regulatory Commission, the National Labor Relations Board, and the Mine Enforcement Safety and Health Review Commission.
Leahy's modified bill retains some pro-privacy components, such as requiring police to secure a warrant in many cases. But the dramatic shift, especially the regulatory agency loophole and exemption for emergency account access, likely means it will be near-impossible for tech companies to support in its new form.
A bitter setback
This is a bitter setback for Internet companies and a liberal-conservative-libertarian coalition, which had hoped to convince Congress to update the 1986 Electronic Communications Privacy Act to protect documents stored in the cloud. Leahy glued those changes onto an unrelated privacy-related bill supported by Netflix.
At the moment, Internet users enjoy more privacy rights if they store data on their hard drives or under their mattresses, a legal hiccup that the companies fear could slow the shift to cloud-based services unless the law is changed to be more privacy-protective.
Members of the so-called Digital Due Process coalition include Apple, Amazon.com, Americans for Tax Reform, AT&T, the Center for Democracy and Technology, eBay, Google, Facebook, IBM, Intel, Microsoft, TechFreedom, and Twitter. (CNET was the first to report on the coalition's creation.)
Leahy, a former prosecutor, has a mixed record on privacy. He criticized the FBI's efforts to require Internet providers to build in backdoors for law enforcement access, and introduced a bill in the 1990s protecting Americans' right to use whatever encryption products they wanted.
An excerpt from Leahy's revised legislation authorizing over 22 federal agencies to obtain Americans' e-mail without a search warrant signed by a judge. Click for larger image.
But he also authored the 1994 Communications Assistance for Law Enforcement Act, which is now looming over Web companies, as well as the reviled Protect IP Act. An article in The New Republic concluded Leahy's work on the Patriot Act "appears to have made the bill less protective of civil liberties." Leahy had introduced significant portions of the Patriot Act under the name Enhancement of Privacy and Public Safety in Cyberspace Act (PDF) a year earlier.
One obvious option for the Digital Due Process coalition is the simplest: if Leahy's committee proves to be an insurmountable roadblock in the Senate, try the courts instead.
Judges already have been wrestling with how to apply the Fourth Amendment to an always-on, always-connected society. Earlier this year, the U.S. Supreme Court ruled that police needed a search warrant for GPS tracking of vehicles. Some courts have ruled that warrantless tracking of Americans' cell phones, another coalition concern, is unconstitutional.
The FBI and other law enforcement agencies already must obtain warrants for e-mail in Kentucky, Michigan, Ohio, and Tennessee, thanks to a ruling by the 6th Circuit Court of Appeals in 2010.
Declan McCullagh is the chief political correspondent for CNET. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Replies
By Craig Timberg and Amy Gardner, Updated: Tuesday, November 20, 6:22 AM
If you voted this election season, President Obama almost certainly has a file on you. His vast campaign database includes information on voters’ magazine subscriptions, car registrations, housing values and hunting licenses, along with scores estimating how likely they were to cast ballots for his reelection.
And though the election is over, Obama’s database is just getting started.
150
Comments
Gallery
The Obama camp’s digital operation was far more elaborate than the ...
Democrats are now pressing to expand and redeploy the most sophisticated voter list in American political history, beginning with next year’s gubernatorial races in Virginia and New Jersey and extending to campaigns for years to come. The prospect already has some Republicans worried.
“It’s always hard to play catch-up,” said Peter Pasi, a Republican direct marketer who worked on Rick Santorum’s primary challenge to Romney. “It can be done by 2016. I’m much more doubtful it can happen by 2014.”
The database consists of voting records and political donation histories bolstered by vast amounts of personal but publicly available consumer data, say campaign officials and others familiar with the operation, which was capable of recording hundreds of fields for each voter.
Campaign workers added far more detail through a broad range of voter contacts — in person, on the phone, over e-mail or through visits to the campaign’s Web site. Those who used its Facebook app, for example, had their files updated with lists of their Facebook friends along with scores measuring the intensity of those relationships and whether they lived in swing states. If their last names seemed Hispanic, a key target group for the campaign, the database recorded that, too.
The result was a digital operation far more elaborate than the one mounted by Obama’s Republican rival, Mitt Romney, who collected less data and deployed it less effectively, say officials from both parties.
To maintain their advantage, Democrats say they must guard against the propensity of political data to deteriorate in off years, when funding and attention dwindles, while navigating the inevitable intra-party squabbles over who gets access now that the unifying forces of a billion-dollar presidential campaign are gone.
“If this is all we do with this technology, I think it will be a wasted opportunity,” said Michael Slaby, the campaign’s chief integration and innovation officer.
Tests of whether Obama’s database can be successfully redeployed will come even sooner. Virginia Democrat Terry McAuliffe, a party insider who ran unsuccessfully for governor in 2009, already has inquired about the data for his gubernatorial campaign next year, say those familiar with the conversations.
“We have been communicating to Obama For America all along about the importance of receiving that data, since Virginia has a 2013 election,” said Brian Moran, the outgoing chairman of the Virginia Democratic Party.
Though McAuliffe is an early frontrunner, many in the party say individual candidates should get access to such data only after winning the nomination — something that in Virginia can’t happen before the June primary, leaving only a few months before the November general election. The short time frame may make a full data set, should McAuliffe get it, even more valuable.
Report: French officials accuse US of hacking Sarkozy's computers
The United States used U.S.-Israeli spy software to hack into the French presidential office earlier this year, the French cyberwarfare agency has concluded, according to the newsmagazine l'Express.
The magazine reported late Tuesday that the computers of several close advisers to then-president Nicolas Sarkozy – including Chief of Staff Xavier Musca – were compromised in May by a computer virus that bears the hallmarks of Flame, which was allegedly created by a U.S.-Israeli team to target Iran's nuclear program. Anonymous French officials pointed the finger at the United States.
“You can be on very good terms with a 'friendly' country and still want to guarantee their unwavering support – especially during a transition period,” an official told the magazine. The alleged spying attack took place a few days before the second round of the French presidential elections, which Sarkozy lost to Francois Hollande, a socialist.
Homeland Security Secretary Janet Napolitano reportedly did not deny the allegations when asked point-blank about them.
“We have no greater partner than France, we have no greater ally than France,” Napolitano reportedly answered, at the opening of an interview with l'Express. “We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”
In the interview, Napolitano also said that the Flame and Stuxnet viruses had “never been linked to the U.S. government.”
The White House did not return a request for comment from The Hill.
Parts of this article have been translated from the French.