Everyone knows the IRS is our nation's tax collector, but it is also a law enforcement organization tasked with investigating criminal violations of the tax laws. New documents released to the ACLU under the Freedom of Information Act reveal that the IRS Criminal Tax Division has long taken the position that the IRS can read your emails without a warrant-a practice that one appeals court has said violates the Fourth Amendment (and we think most Americans would agree).
Last year, the ACLU sent a FOIA request to the IRS seeking records regarding whether it gets a warrant before reading people's email, text messages and other private electronic communications. The IRS has now responded by sending us 247 pages of records describing the policies and practices of its criminal investigative arm when seeking the contents of emails and other electronic communications.
So does the IRS always get a warrant? Unfortunately, while the documents we have obtained do not answer this question point blank, they suggest otherwise. This question is too important for the IRS not to be completely forthright with the American public. The IRS should tell the public whether it always gets a warrant to access email and other private communications in the course of criminal investigations. And if the agency does not get a warrant, it should change its policy to always require one.
The federal law that governs law enforcement access to emails, the Electronic Communications Privacy Act (ECPA), is hopelessly outdated. It draws a distinction between email that is stored on an email provider's server for 180 days or less, and email that is older or has been opened. The former requires a warrant; the latter does not. Luckily, the Fourth Amendment still protects against unreasonable searches by the government. Accordingly, in 2010 the Sixth Circuit Court of Appeals decided in United States v. Warshak that the government must obtain a probable cause warrant before compelling email providers to turn over messages.
However, the IRS hasn't told the public whether it is following Warshak everywhere in the country, or only within the Sixth Circuit.
The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people's email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 "Search Warrant Handbook" from the IRS Criminal Tax Division's Office of Chief Counsel baldly asserts that "the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications." Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the "4th Amendment Does Not Protect Emails Stored on Server" and there is "No Privacy Expectation" in those emails.
Other older documents corroborate that the IRS did not get warrants across the board. For example, the 2009 edition of the Internal Revenue Manual (the official compilation of IRS policies and procedures) explains that "the government may obtain the contents of electronic communication that has been in storage for more than 180 days" without a warrant.
Then came Warshak, decided on December 14, 2010. The key question our FOIA request seeks to answer is whether the IRS's policy changed after Warshak, which should have put the agency on notice that the Fourth Amendment does in fact protect the contents of emails. The first indication of the IRS's position, from an email exchange in mid-January 2011, does not bode well. In an email titled "US v. Warshak," an employee of the IRS Criminal Investigation unit asks two lawyers in the IRS Criminal Tax Division whether Warshak will have any effect on the IRS's work. A Special Counsel in the Criminal Tax Division replies: "I have not heard anything related to this opinion. We have always taken the position that a warrant is necessary when retrieving e-mails that are less than 180 days old." But that's just the ECPA standard. The real question is whether the IRS is obtaining warrants for emails more than 180 days old. Shortly after Warshak, apparently it still was not.
The IRS had an opportunity to officially reconsider its position when it issued edits to the Internal Revenue Manual in March 2011. But its policy stayed the same: the Manual explained that under ECPA, "Investigators can obtain everything in an account except for unopened e-mail or voice mail stored with a provider for 180 days or less using a [relevant-and-material-standard] court order" instead of a warrant. Again, no suggestion that the Fourth Amendment might require more.
The first indication that the IRS was considering the effect of Warshak came in an October 2011 IRS Chief Counsel Advice memorandum available on the IRS website but not provided in response to our FOIA request. An IRS employee sought guidance about whether it is proper to use an administrative summons, instead of a warrant, to obtain emails that are more than 180 days old. (The emails in question were located on an internet service provider's (ISP) server somewhere in the territory covered by the Ninth Circuit Court of Appeals). The memo summarized the holding of Warshak and advised that "as a practical matter it would not be sensible" to seek older emails without a warrant. This is good advice, but the memo's reasoning leaves much to be desired. The memo explained that Warshak applies only in the Sixth Circuit but that, because the ISP had informed the IRS that it did not intend to voluntarily comply with an administrative summons for emails, there was not "any reasonable possibility that the Service will be able to obtain the contents of this customer's emails . . . without protracted litigation, if at all." Any investigative leads contained in the emails would therefore be "stale" by the time the litigation could be concluded, making attempted warrantless access not worthwhile.
The memo misses another chance to declare that agents should obtain a warrant for emails because the Fourth Amendment requires it. Instead, the memo's advice (which may not be used as precedent and is not binding in other IRS criminal investigations) is limited to situations in the Ninth Circuit where an ISP intends to challenge warrantless requests for emails. The IRS shouldn't obey the Fourth Amendment only when it faces the inconvenience of protracted litigation; it should recognize that the Fourth Amendment requires warrants for the contents of emails at all times.
Finally, to the present: has the IRS's position changed this tax season? Apparently not. The current version of the Internal Revenue Manual, available on the IRS website, continues to explain that no warrant is required for emails that are stored by an ISP for more than 180 days. Apparently the agency believes nothing of consequence has changed since ECPA was enacted in 1986, or the now-outdated Surveillance Handbook was published in 1994.
Let's hope you never end up on the wrong end of an IRS criminal tax investigation. But if you do, you should be able to trust that the IRS will obey the Fourth Amendment when it seeks the contents of your private emails. Until now, that hasn't been the case. The IRS should let the American public know whether it obtains warrants across the board when accessing people's email. And even more important, the IRS should formally amend its policies to require its agents to obtain warrants when seeking the contents of emails, without regard to their age.
(We also sent FOIA requests to the FBI and other components of the Department of Justice-we will be receiving records from those offices in the coming weeks).
Republished with kind permission from the American Civil Liberties Union. Image by Tischenko Irina/Shutterstock