New documents from the FBI and U.S. Attorneys’ offices paint a troubling picture of the government’s email surveillance practices. Not only does the FBI claim it can read emails and other electronic communications without a warrant—even after a federal appeals court ruled that doing so violates the Fourth Amendment—but the documents strongly suggest that different U.S. Attorneys’ offices around the country are applying conflicting standards to access communications content (you can see the documents here).
Last month, in response to a Freedom of Information Act request, the ACLU received IRS documents indicating that the agency’s criminal investigative arm doesn’t always get a warrant to read Americans’ emails. Today we are releasing these additional documents from other federal law enforcement agencies, reinforcing the urgent need for Congress to protect our privacy by updating the laws that cover electronic communications.
The documents we received from the FBI don’t flat out tell us whether FBI agents always get warrants, but they strongly suggest that they don’t.
In 2010, the Sixth Circuit Court of Appeals decided in United States v. Warshak that the government must obtain a probable cause warrant before compelling email providers to turn over messages to law enforcement. But that decision only applies in the four states covered by the Sixth Circuit, so we filed our FOIA request to find out whether the FBI and other agencies are taking advantage of a loophole in the outdated Electronic Communications Privacy Act (ECPA) that allows access to some electronic communications without a warrant. Distressingly, the FBI appears to think the Fourth Amendment’s warrant requirement doesn’t always apply.
The FBI provided the ACLU with excerpts from two versions of its Domestic Investigations and Operations Guide (DIOG), from 2008 and 2012. One of the Guides is from before Warshak was decided and the other one is from after, but they say the same thing: FBI agents only need a warrant for emails or other electronic communications that are unopened and less than 180 days old. The 2012 Guide contains no mention of Warshak, and no suggestion that the Fourth Amendment might require a warrant for all emails. In fact, the 2012 Guide states:
In enacting the ECPA, Congress concluded that customers may not retain a “reasonable expectation of privacy” in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.
Versions of the Guide from 2008 and 2011 are available on the FBI website, but the 2012 edition has not previously been made public. We would have thought that by 2012, the FBI would have updated its policy to require a warrant for all private electronic communications. Our FOIA request was the FBI’s chance to produce any policy documents, manuals, or other guidance stating that a warrant is always required, but they failed to do so. Instead, the documents we received strongly suggest that the FBI doesn’t always get a warrant.
In fact, confirmation that the FBI is reading some emails without a warrant can be found in a recent opinion issued by a federal magistrate judge in Texas. Most of the opinion concerns whether the FBI is allowed to surreptitiously infect a computer with spyware (the judge refused to grant the FBI a warrant to do so). But tucked inside the opinion is this revelation: “the Government also sought and obtained an order under 18 U.S.C. § 2703 directing the Internet service provider to turn over all records related to the counterfeit email account, including the contents of stored communications.” Amazingly, as recently as March of this year, the FBI went after emails without a warrant. This is an affront to the Fourth Amendment.
In addition to the FBI documents, the ACLU also received records from six U.S. Attorneys’ offices (in California, Florida, Illinois, Michigan, and New York), and from the Justice Department’s Criminal Division, which provides legal advice to federal prosecutors and law enforcement agencies. The Criminal Division withheld far more documents than it released. The U.S. Attorneys’ office documents reveal some information, but paint a confusing picture of federal policy. We received two paragraphs from the U.S. Attorney for the Southern District of New York—part of an unidentified document stating that law enforcement can obtain “opened electronic communications or extremely old unopened email” without a warrant. Perplexingly, the agency has not released the cover page or other contextual information from this document, so we don’t know whether it reflects the current policy of that office.
Excerpts from an October 2012 document released by the U.S. Attorney for the Northern District of Illinois show that at least one part of the government understands that the Fourth Amendment protects private electronic communications. The document, a chart titled “Procedures for Obtaining Certain Forms of Electronic Surveillance and Related Evidence,” contains entries setting out the procedures for obtaining text messages, voicemails, and emails stored by internet service providers, as well as stored communications on Facebook and “private tweets” on Twitter. The document says a warrant is required for each of these forms of communication. It even explains that “The Sixth Circuit in Warshak held that the non-warrant methods of obtaining stored emails to be [sic] unconstitutional.” Again, because the document lacks a cover page or other explanatory information we don’t know whether it constitutes binding policy for prosecutors or how broadly it applies. This lack of context is frustrating, but at least the document gets the law right.
The six U.S. Attorneys’ offices also told us in this email that since Warshak, they have not authorized a request to a court for access to the contents of electronic communications without a warrant. But according to the recent Texas magistrate judge’s opinion, one U.S. Attorney’s office apparently authorized such a request this year. Even with today’s documents, the government’s actual position is far from clear.
If nothing else, these records show that federal policy around access to the contents of our electronic communications is in a state of chaos. The FBI, the Executive Office for U.S. Attorneys, and DOJ Criminal Division should clarify whether they believe warrants are required across the board when accessing people’s email. It has been clear since 1877 that the government needs a warrant to read letters sent via postal mail. The government should formally amend its policies to require law enforcement agents to obtain warrants when seeking the contents of all emails too.
More importantly, Congress also needs to reform ECPA to make clear that a warrant is required for access to all electronic communications. Reformlegislation is making its way through the Senate now, and the documents released by the U.S. Attorney in Illinois illustrate that the law can be fixed without harming law enforcement goals. If you agree that your email and other electronic communications should be private, you can urge Congress to take action here.