The NSA Isn’t the Only Government Agency Destroying Your Right to Privacy
As technology surges ahead, civil liberties are left in the dust.
For at least the last six years, government agents have been exploiting an AT&T database filled with the records of billions of American phone calls from as far back as 1987. The rationale behind this dragnet intrusion, codenamed Hemisphere, is to find suspicious links between people with "burner" phones (prepaid mobile phones easy to buy, use, and quickly dispose of), which are popular with drug dealers. The secret information gleaned from this relationship with the telecommunications giant has been used to convict Americans of various crimes, all without the defendants or the courts having any idea how the feds stumbled upon them in the first place. The program is so secret, so powerful, and so alarming that agents "are instructed to never refer to Hemisphere in any official document," according to a recently released government PowerPoint slide.
You're probably assuming that we're talking about another blanket National Security Agency (NSA) surveillance program focused on the communications of innocent Americans, as revealed by the whistleblower Edward Snowden. We could be, but we're not. We're talking about a program of the Drug Enforcement Administration (DEA), a domestic law enforcement agency.
While in these last months the NSA has cast a long, dark shadow over American privacy, don't for a second imagine that it's the only government agency systematically and often secretly intruding on our lives. In fact, a remarkable traffic jam of local, state, and federal government authorities turn out to be exploiting technology to wriggle into the most intimate crevices of our lives, take notes, use them for their own purposes, or simply file them away for years on end.
"Technology in this world is moving faster than government or law can keep up," the CIA's Chief Technology Officer Gus Hunt told a tech conference in March. "It's moving faster I would argue than you can keep up: You should be asking the question of what are your rights and who owns your data."
Hunt's right. The American public and the legal system have been left in the dust when it comes to infringements and intrusions on privacy. In one way, however, he was undoubtedly being coy. After all, the government is an active, eager, and early adopter of intrusive technologies that make citizens' lives transparent on demand.
Increasingly, the relationship between Americans and their government has come to resemble a one-way mirror dividing an interrogation room. Its operatives and agents can see us whenever they want, while we can never quite be sure if there's someone on the other side of the glass watching and recording what we say or what we do—and many within local, state, and federal government want to ensure that no one ever flicks on the light on their side of the glass.
So here's a beginner's guide to some of what's happening on the other side of that mirror.
You Won't Need a Warrant for That
Have no doubt: the Fourth Amendment is fast becoming an artifact of a paper-based world.
The core idea behind that amendment, which prohibits the government from "unreasonable searches and seizures," is that its representatives only get to invade people's private space—their "persons, houses, papers, and effects"—after it convinces a judge that they're up to no good. The technological advances of the last few decades have, however, seriously undermined this core constitutional protection against overzealous government agents, because more and more people don't store their private information in their homes or offices, but on company servers.
In a series of rulings from the 1970's, the Supreme Court created "the third-party doctrine." Simply stated, information shared with third parties like banks and doctors no longer enjoys protection under the Fourth Amendment. After all, the court reasoned, if you shared that information with someone else, you must not have meant to keep it private, right? But online almost everything is shared with third parties, particularly your private e-mail.
Back in 1986, Congress recognized that this was going to be a problem. In response, it passed the Electronic Communications Privacy Act (ECPA). That law was forward-looking for its day, protecting the privacy of electronic communications transmitted by computer. Unfortunately, it hasn't aged well.
Nearly three decades ago, Congress couldn't decide if email was more like a letter or a phone call (that is, permanent or transitory), so it split the baby and decreed that communications which remain on a third party's server—think Google—for longer than 180 days are considered abandoned and lose any expectation of privacy. After six months are up, all the police have to do is issue an administrative subpoena—a legal request a judge never sees—demanding the emails it wants from the service provider, because under ECPA they're considered junk.
This made some sense back when people downloaded important emails to their home or office computers and deleted the rest since storage was expensive. If, at the time, the police had wanted to look at someone's email, a judge would have had to give them the okay to search the computer where the emails were stored.
Email doesn't work like that anymore. People's emails containing their most personal information now reside on company computers forever or, in geek speak, "in the cloud." As a result, the ECPA has become a dangerous anachronism. For instance, Google's email service, Gmail, is nearly a decade old. Under that law, without a judge's stamp of approval or the user ever knowing, the government can now demand from Google access to years of a Gmail user's correspondence, containing political rants, love letters, embarrassing personal details, sensitive financial and health records, and more.
And that shouldn't be acceptable now that email has become an intimate repository of information detailing who we are, what we believe, who we associate with, who we make love to, where we work, and where we pray. That's why commonsense legislative reforms to the ECPA, such as treating email like a piece of mail, are so necessary. Then the police would be held to the same standard electronically as in the paper-based world: prove to a judge that a suspect's email probably contains evidence of a crime or hands off.
Law enforcement, of course, remains opposed to any such changes for a reason as understandable as it is undemocratic: it makes investigators' jobs easier. There's no good reason why a letter sitting in a desk and an email stored on Google's servers don't deserve the same privacy protections, and law enforcement knows it, which is why fear-mongering is regularly called upon to stall such an easy fix to antiquated privacy laws.
As Department of Justice Associate Deputy Attorney General James Baker put it in April 2011, "Congress should also recognize that raising the standard for obtaining information under ECPA may substantially slow criminal and national security investigations." In other words, ECPA reform would do exactly what the Fourth Amendment intended: prevent police from unnecessarily intruding into our lives.
Nowhere to Hide
"You are aware of the fact that somebody can know where you are at all times, because you carry a mobile device, even if that mobile device is turned off," the CIA's Hunt explained to the audience at that tech conference. "You know this, I hope? Yes? Well, you should."
You have to hand it to Hunt; his talk wasn't your typical stale government presentation. At times, he sounded like Big Brother with a grin.
And it's true: the smartphone in your pocket is a tracking device that also happens to allow you to make calls, read email, and tweet. Several times every minute, your mobile phone lets your cell-phone provider know where you are, producing a detail-rich history of where you have been for months, if not years, on end. GPS-enabled applications do the same. Unfortunately, there's no way to tell for sure how long the companies hang onto such location data because they won't disclose that information.
We do know, however, that law enforcement regularly feasts on these meaty databases, easily obtaining a person's location history and other subscriber information. All that's needed to allow the police to know someone's whereabouts over an extended period is an officer's word to a judge that the records sought would aid an ongoing investigation. Judges overwhelmingly comply with such police requests, forcing companies to turn over their customers' location data. The reason behind this is a familiar one: law enforcement argues that the public has no reasonable expectation of privacy because location data is freely shared with service or app providers. Customers, the argument goes, have already waived their privacy rights by voluntarily choosing to use their mobile phone or app.
Police also use cell-phone signals and GPS-enabled devices to track people in real time. Not surprisingly, there is relatively little clarity about when police do this, thanks in part to purposeful obfuscation by the government. Since 2007, the Department of Justice has recommended that its US attorneys get a warrant for real-time location tracking using GPS and cell signals transmitted by suspects' phones. But such "recommendations" aren't considered binding, so many US Attorneys simply ignore them.
The Supreme Court has begun to weigh in but the issue is far from settled. In United States v. Jones, the justices ruled that, when officers attach a GPS tracking device to a car to monitor a suspect's movements, the police are indeed conducting a "search" under the Fourth Amendment. The court, however, stopped there, deciding not to rule on whether the use of tracking devices was unreasonable without a judge's say so.