back to article Feds snooping on your email without a warrant? US lawmakers are on a war path to stop that

On Monday, the US House of Representatives – normally a body that can't agree on anything – voted unanimously to pass the Email Privacy Act (HR 387). The new legislation amends the 1986 Electronic Communications Privacy Act (ECPA), which states that Americans' emails that are unread or stored for more than 180 days can be …

  1. Oh Homer
    Mushroom

    You mean...

    America has privacy laws?

    Shocking.

    I always assumed that privacy was illegal in America, comparable to an act of terrorism.

    1. Anonymous Coward
      Anonymous Coward

      Re: You mean...

      Well, no, they do have privacy laws. They just have enough other federal laws that can take precedent to render those privacy laws mere window dressing.

      My personal favourite is the privacy law that California came up with, that was actually quite decent and sane (yes, I know, shocking in itself). The problem: Federal law trumps (sorry) State law, so it didn't matter much in the grand scheme of things..

      1. jamesb2147

        Re: AC

        California is a curiosity unto itself. I do not understand how that state manages to get so much so right and so much wrong all at the same time.

        1. Anonymous Coward
          Happy

          Re: AC

          we're schizophrenic as Hell. Republican, Democrat, Libertarian & Green get significant votes. I'm that rare individual, a native. I love it, even if it confuses the fuck out of everyone else.

      2. Youngone Silver badge

        Re: You mean...

        My favourite is the way US legislators can add riders to bills, to either derail them, or add some completely unrelated clause.

        I can't for the life of me think of a good reason this is allowed. In my country bills are presented to Parliament, and the members vote yay or nay.

        This seems a lot less open to corruption, which might be some sort of clue.

        1. Mike 16

          Re: You mean...

          @youngone:

          ---

          My favourite is the way US legislators can add riders to bills, to either derail them, or add some completely unrelated clause.

          ---

          Not just legislators. There have been well-publicized cases of staffers 'improving" legislation under rteh guise of "fixing a few typos", and the legislators voting without reading the revised bills. I mean, who has time to read the entire 1000-page ext of the "Puppies and Happiness preservation (plus pork for anybody involved Bill) when the vote is in ten minutes?

      3. tom dial Silver badge

        Re: You mean...

        Federal law trumps state law. Indeed it does, giving us thereby the Civil Rights Act of 1964 and numerous other laws that most people would approve. The good with the bad. The upshot is that in CA, the state officials have to get a warrant unless they can establish enough of a federal case to enlist the FBI or DHS to fetch for them.

        That said, I do not think the warrant requirement, if passed in both the House and the Senate and signed by the President, will be a serious impediment to federal criminal investigations, and do not know why Senator Cornyn torpedoed it the last time around. The existing authority to obtain old email content without a warrant doubtless simplified matters in some cases and reduced the workload on federal magistrate judges, but it is likely that in nearly all cases, orders were issued to produce email messages of people already under significant suspicion based on enough facts that a reasonable judge would issue a search warrant. But then, again, my own practice is to download and delete email from my ISP every minute and leave them on the ISP's server for no more than 14 days.

        1. eldakka

          Re: You mean...

          I think you might find the TechDirt article The FBI Can Engage In All Sorts Of Surveillance And Snooping Without Actually Placing Someone Under Investigation from today regarding FBI procedures quite enlightening as to why law-enforcement doesn't want warrant requirements.

          TL:DR

          Basically, they have to open a formal investigation into someone before they can apply for subpoena's and warrants. Once an "official investigation" is opened, there are all sorts of documentation red-tape requirements that must be followed, all potentially subject to FOI requests. However, they have a pre-"official investigation" process, called an assessment, they undertake to see if it's worth opening an official investigation. This pre-assessment is basically a free-for-all with regards to process, as long as they can convince their boss it's worth looking into, they don't need all that evidentiary/tracking paperwork. As long as they don't need a subpoena or warrant, any information they can get their hands on is used in the assessment. Including emails older than 180-days left on the server...

    2. jamesb2147

      Glass house?

      I believe there's a saying about throwing stones when one lives in a glass house...

      Our privacy protections in the US of A are actually quite robust (excepting, apparently, NSA surveillance). Of course, US contract law is more robust, and so makes it quite easy to sweep away privacy rights.

      1. tom dial Silver badge

        Re: Glass house?

        There are substantial legal and constitutional protections in the US from the NSA as well. While they might have exceeded them on a number of occasions, the documents released courtesy of Edward Snowden indicate fairly plainly that NSA generally followed its rules, approved by the FISC, although they regularly (and with FISC approval) acquired data that many thought overbearing. The approved limits, however, were consistent with the law in 50 USC 36 and restricted targeting of "US persons" defined roughly as US citizens anywhere in the world along with citizens of any country who were legally present in the US.

        This, of course, allowed them to target a citizen of any other country who was not legally present in the US and not protected by either a treaty approved by the US Senate (equivalent to a US law) or an intergovernment agreement not to spy on each others' citizens. Neither the "Snowden documents" nor officially declassified documents that I am aware of say anything about either, so we may be substantially in the dark here. An obvious consequence of this is "incidental" collection of US person information, both data and metadata, where targeted persons and untargeted US persons were in communication. It is not obvious that this is avoidable, but the law imposes significant restrictions on its use.

        We may disagree with the legal limits of NSA data collection as concerns the US persons, as well as with the constitutionality of various parts of 50 USC 36, not to mention the validity of the FISC decisions, many of which are classified and few of which were appealed to the Foreign Intelligence Surveillance Court of Review. Given the international scope of The Register, a great many of the readers will have a much different perspective on this and may object strongly to it, although most will be citizens of a Five Eyes country and have potential issues with their own governments' SigInt and police agencies. I suspect there are treaty provisions or intergovernment agreements with less status that protect citizens of each from all, but do not know that; we all should be asking our governments about it.

        The matter of privacy grants by individuals as a matter of contract is much different from legal privacy breach by government officials. It seems to be an active development area, in legislatiive activity as well as litigation. Courts will enforce the contract, but establishing violations is likely to be very costly and inconvenient for individuals. In the US we have the possibility of class action lawsuits, but quite often these have the primary effect of enriching plaintiff attorneys and only a secondary and relatively trivial effect of compensating class members.

        1. Anonymous Coward
          Anonymous Coward

          Re: Glass house?

          The matter of privacy grants by individuals as a matter of contract is much different from legal privacy breach by government officials. It seems to be an active development area, in legislatiive activity as well as litigation. Courts will enforce the contract, but establishing violations is likely to be very costly and inconvenient for individuals. In the US we have the possibility of class action lawsuits, but quite often these have the primary effect of enriching plaintiff attorneys and only a secondary and relatively trivial effect of compensating class members.

          3 problems here: transparency, accountability and the ability of a poor citizen to obtain justice after breach. In the present US, there's no good news on any of these 3 issues, which is partly what fuels the unrest and the ability of seriously bad actors to whip up and use dissent - it's what got you Trump in the first place. People didn't really vote for Trump IMHO, they voted against establishment which started to lose sight of what the man in the street needed.

          Of course, the current set of predators has (as far as I can tell) no desire to deliver that either, but it got them through the door, and that's what matters. If you want to see how focused they are on the benefit to the main in the street, just look at them turning back the restrictions on banks that caused a global crisis. I bet the banks are already warming up the robosigning systems...

      2. streaky

        Re: Glass house?

        I believe there's a saying about throwing stones when one lives in a glass house...

        Our privacy protections in the US of A are actually quite robust (excepting, apparently, NSA surveillance). Of course, US contract law is more robust, and so makes it quite easy to sweep away privacy rights.

        My response to that..

    3. earl grey
      FAIL

      Re: You mean...

      Apparently they haven't enacted a Snooper's Charter yet....

      1. Anonymous Coward
        Anonymous Coward

        Re: You mean...

        Apparently they haven't enacted a Snooper's Charter yet....

        They don't have to - they have had the basics in play for more than a decade. The UK is a bit of a latecomer to that game.

  2. Anonymous Coward
    Anonymous Coward

    Trump would probably veto it anyway

    He's totally in the pocket of law enforcement, he'll go with what they say and ignore a unanimous vote in congress.

    1. tom dial Silver badge

      Re: Trump would probably veto it anyway

      A two-thirds vote in both the House and Senate would trump Trump.

      1. Anonymous Coward
        Anonymous Coward

        Re: Trump would probably veto it anyway

        True, and then we'll get to see some entertaining tweets where he says "blame everyone who voted to override my veto next time anything bad happens" like he tried to blame the judge who overruled him.

  3. ecofeco Silver badge

    Oh NOW they're worried

    Gee, I wonder why they suddenly care. That's the REAL story.

  4. Bob Dole (tm)
    Mushroom

    I'll never vote for cornyn again.

  5. Anonymous Coward
    Anonymous Coward

    When the ECPA was enacted 31 years ago, emails were almost exclusively stored locally and not for very long, since hard drive sizes were in megabytes, not gigabytes,

    Are you implying that people no longer store emails locally. We, and our clients always have and once down they are deleted from the server. Is there any other way to maintain security? The cloud mist certainly isn't.

    1. Anonymous Coward
      Anonymous Coward

      Same here. It makes it much more difficult to intercept (as you need to monitor constantly and not just chuck a request at Google or whatever), or black-bag the actual computer/s the email is stored on; both of which makes discovery of monitoring more likely and also makes monitoring more expensive and time-consuming.

      Doubt if I'm interesting enough to be monitor-worthy, but if someone is I'm gonna make the bastards work for it.

      1. jake Silver badge

        I don't just store email locally ...

        ... I run my own servers. Old fashioned? Perhaps. But ifwhen anything goes wrong, it's my fault anyway. Might as well make it really my fault!

        (It's been over a third of a century since I had a "live" email system cock-up. That paranoia training seems to have paid off ... )

  6. mr. deadlift
    Coat

    soo

    they are trying to modernise at 30+ year old law.

    hmmm.

    while we're at it may we can look at other anachronistic behavior.

    for example voting on the first tuesday after Nov. 1, allowing the plebs to get their horse and buggy to market on Wednesday.

    maybe not having a polling day when everyone is likely WORKING their JOBS may impair results such as Mr T in office. electoral and college debates aside.

    excuse me im off to replace muh wagon wheel.

  7. John Smith 19 Gold badge
    Black Helicopters

    Who is Sen Cornyn

    And what has the FBI got on him?

    Or is it that all R-TX Senators are ignorant SEL's ?

    1. ecofeco Silver badge

      Re: Who is Sen Cornyn

      All R-TX politicians are ignorant SEL's.

  8. Anonymous Coward
    Anonymous Coward

    Privacy is only in your head.

    Once someone decided it was a good idea to connect every computer in the world to the internet. The concept of privacy died a long time ago.

    That said. The only privacy that still exists. Is in your head.

    1. jake Silver badge

      Re: Privacy is only in your head.

      Then why did you post AC, coward?

      1. Diginerd

        Re: Privacy is only in your head.

        Hazard a guess?

        Hint - A public post is not private, and there's a thing called inductive argument..

        I'm NOt the OP ;-)

  9. Prndll

    Email is not private

    The interesting part of all this is that email has never been private in the first place. There is no way to make it private.

    1. King Jack

      Re: Email is not private

      If you encrypt the email then send it, won't that make it private?

      1. Diginerd

        Re: Email is not private

        In transit and at rest.

        The contents are reachable via RH Decryption. :-(

      2. My other car is an IAV Stryker

        Re: Email is not private

        To King Jack: Only the contents. Not the metadata: sender (you), recipient, servers used, date/time-stamp of sending (and possible of every hop in the route, plus the route itself). All that is important.

        That is, assuming there isn't a TOR system for email. Even using an old(er)-school email anonymizing service, only some of that information is occluded. I'm not up on "avoiding scrutiny" tech.

        1. Kiwi
          Black Helicopters

          Re: Email is not private

          Not the metadata: sender (you), recipient, servers used

          If you want to see the value of metadata, take a wander through people's facebook friends lists and the lists of random ones of those, maybe take a wander through this person's family contacts and their contacts and so on. Take a closer look at random people, posts etc to find out all you can about the sort of company these people keep. That's why gubbermint et al are so keen grabbing as much of the "it's only just metadata, nothing at all important, no need to concern yourselves about our new law giving us unfettered access!", there's potentially a hell of a lot of information there!

          You can "learn" a hell of a lot about someone and their friends doing this. Even just the "who they know" (1st degree) can be quite interesting at times, if you're looking up the right people. That said, in context a "facebook friend" is often someone they never would pause to give the time of day to, and could be there for family reasons or could be a forgotten one of hundreds.

          What can be more telling sometimes is who isn't on their list if you know people well enough.. (No I don't have a FB account, borrowed one trying to locate an old friend, stumbled across someone else I knew a while back and went exploring)

  10. DerekCurrie
    Devil

    Unconstitutional Cornyn

    "...until Senator John Cornyn (R-TX) attached a rider to the bill a few days before the vote. The rider allowed the FBI to get anyone's internet history and metadata without a warrant using a National Security Letter."

    He, as with other US federal employees, swore to uphold and protect the US Constitution. Can we try this perennial pariah for treason?

    The Fourth Amendment To The US Constitution

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    And to help the kiddies: Yes, 'papers' includes email messages. That's never been in question except by those who wish to ignore the US Constitution.

  11. Kiwi
    Coat

    Question from a Gmail user

    Yeah I know.. Anyway..

    Year or so back I deleted a whole pile of stuff from gmail, and purged it from trash as well.

    Months go by, and I daily log into my gmail account, do whatever mail stuff there is to do, and log out.

    All handily done on Imap.

    Couple of months ago I was checking gmail from their webmail client for some reason or other, and had a look around the options there. I discovered a "all mail" folder which has.. all mail... Everything. Including every deleted email.

    So this is the question. Will this rule cover stuff that was supposed to be deleted, and as far as the user is concerned was deleted? What about any backups that gmail does? Even if I went into the "all mail" folder and cleared that out fully, and there's a backup from gmail that survives long enough, would it count?

    (Of course, the real issue is... Intelligent crims/scarerorists are not likely to be using something as easily traced as email...!)

    --> That's my coat, and me checking my pockets for my dagger...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like