Monday, November 19, 2012
Petraeus Affair Raises Concerns About E-mail Privacy
With all the coverage surrounding the recent fiasco involving General Petraeus, the extent of people’s personal electronic security has been given increased attention. After all, if the CIA Director isn’t able to keep his emails private, what hope is there for the rest of us? Many privacy experts agree the recent scandal has shown just how vulnerable most people are in terms of the transparency of their digital communications.
The first thing that many experts say you need to realize is that no matter what you’re trying to hide, if it’s in your e-mail inbox it is possible that someone will find out. If the thing you’re hiding involves criminal activity, the chance of the government finding it goes up exponentially given their power to search and subpoena information. This doesn’t change whether the information is contained on your hard drive or floating up in the cloud.
One thing that Petraeus discovered was that the government can easily connect you to an account by using the IP address of the computer you used to access the account. This is what proved that he and his mistress were using the otherwise anonymous account. E-mail providers like Google and Yahoo save this kind of information for 18 months, during which time it can easily be subpoenaed.
Something many people may not realize is that the Fourth Amendment requires the authorities to get a warrant from a judge to search only physical property. Rules governing e-mail searches, however, are far more lax. Under the 1986 Electronic Communications Privacy Act, a 1986 law that Congress enacted to protect your privacy in electronic communications, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for “unopened” e-mail. Everything else, including identifying information such as the IP address used to access the account requires only a subpoena.
One complicating factor is a recent rejection of the government’s approach by the Ninth Circuit Court of Appeals. The district happens to encompass many of the technology companies that handle e-mail messages and the servers that contain the data. Given the decision by the Ninth Circuit, the Department of Justice’s Manual now includes a note reminding agents in the area to get a warrant before accessing such information.
Though many people might believe this kind of e-mail surveillance only happens in high profile cases, the reality is that law enforcement throws a large net when looking for incriminating information. Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year, and it complied in 90 percent of cases. Online users need to realize that everything is logged and recorded somewhere. If you don’t want someone else to find it, don’t say it.
Read: “Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t,” by, published at NYTimes.com.