If you are a person whose lifestyle, ethnicity, politics or past history gives a government agency a reason to suspect or dislike you, the NSA or other law enforcement agencies may already be snooping into your data stored online — without a warrant.
All an agent needs is an administrative subpoena, issued by a law enforcement agency. For most types of data it doesn’t require a search warrant. Unlike a warrant — which requires a judge to review a written affidavit containing sworn allegations and determine whether it establishes probable cause to believe a crime has been committed — an administrative subpoena is done entirely in-house by the investigating agency. No judge is involved.
The Electronic Communications Privacy Act (ECPA) of 1986 allows law enforcement to obtain the following by subpoena, no warrant required:
• email which has been on the company’s server for 180 days (if less than 180 days, a warrant is required)
• a list of the phone numbers you have dialed, or who have dialed you
• data stored “in the cloud” may also be obtained by subpoena under the same rationale as email, according to the Krebs’ on Security blog: “Help Bring Privacy Laws Into 21st Century.”
If a subpoena is served on your cell phone carrier, internet service provider, or company where you store data “in the cloud” and the company doesn’t feel like wasting time and money fighting the subpoena on your behalf, they’ll just turn over the information. Under several statutes it is illegal for the third party company to tell you, its customer, when your data is subpoenaed. Rogue cops can go on a fishing expedition and you will not even know it.
Many companies do not even notify the customer even if they could. A recent survey compiled by the Electronic Frontier Foundation rated 18 major data storing corporations for how they help protect privacy rights by giving stars for positive marks on six issues. Verizon scored zero stars. Apple, AT&T and Yahoo scored one star each. Comcast scored two stars. Twitter and Sonic.net were the only two companies surveyed that scored six stars. “Who Has Your Back” report (EFF 2013).
As a lawyer who conducts business daily by phone and email, this alarms me greatly. When they access attorney client communications they are invading the attorney client privilege.
For details please read the Krebs on Security Blog “Help Bring Privacy Laws Into 21st Century.” Also check out the primer Security and Surveillance, published by the Center for Democracy & Technology, and the Electronic Frontier Foundation’s warnings about the use of the subpoena to target news reporters and chill First Amendment rights in “5 Overlooked Lessons From the AP Subpoena Controversy and Other Leak Investigations.”
Thanks to advanced technology they can also surveil your movements. The American Civil Liberties Union very chillingly shows how Big Brother can now watch your every move through the GPS features of your cellphone and traffic surveillance data in “Meet Jack. Or, What the Government Could Do With All That Location Data.”
And they also follow your money. Many of your banking transactions are now feeding into Big Brother’s database (a/k/a FinCEN) thanks to the Bank Secrecy Act (how clever of them to name it the opposite of what it really is).
Every time you deposit over $10,000 in cash and fill out a CTR form, that goes into a national database called FinCEN, which stands for Financial Crimes Enforcement Network. Every time you cross an international border with over $10,000 cash and fill out a CMIR form, that goes into FinCEN. Other transactions secretly get reported to FinCEN too. When you make multiple cash deposits of less than $10,000 or fit one of many suspicious transaction profiles specified in banking regulations, your banker is required to fill out a Suspicious Activity Report on you, and that goes to FinCEN. Your banker is prohibited from telling you that they filed a SAR report on you. FinCEN records on any person or company may be obtained by any law enforcement agency in the country — without a judicially approved warrant.
What can we do to roll back these invasions of our privacy? Krebs suggests that we “sign a petition at the White House’s ‘We the People’ site, asking the Obama administration to reform ECPA.” We can also vote with our pocketbooks by not doing business with companies that get a low rating for customer privacy. Write your Congressman, unless your Congressmen are sold-out shills for the big corporations or Tea Party nutcases, in which case you should vote your pocketbook by supporting the political campaign of the opponents.
We shouldn’t sit idly by as our country goes down the tubes. What is “America” if we don’t have our freedom?