e-mail
investigation:
Yet, the
unfolding scandal that greeted his resignation began with some purportedly
harassing emails sent from pseudonymous email accounts to Jill Kelley. After
the FBI kicked its investigation into high gear, it identified the sender as
Paula Broadwell and, ultimately, read massive amounts of private email messages
that uncovered an affair between Broadwell and Petraeus (and now, the
investigation has expanded to include Gen. John Allen’s emails with
Kelley).
Bombarded with
questions:
Based on the
foregoing, experts at the Electronic Frontier Foundation (EFF), were bombarded
with questions about this works; what legal process the Federal Bureau of
Investigation (FBI) needs to conduct an email investigation. The short answer,
they said is that ‘It’s complicated.’
EFF team of
experts made up of Hanni Fakhoury and Kurt Opsahl and Rainey Reitman, submitted
that the Electronic Communications Privacy Act (ECPA) of 1986 was enacted by
the Congress to protect privacy in electronic communications, like email and
instant messages.
‘ECPA’, the
trio said, “provides scant protection for consumer identifying information,
such as the Internet Protocol (IP) address used to access an account,” while
Paula Broadwell reportedly created a new, pseudonymous account for the
allegedly harassing emails to Jill Kelley, she apparently did not take steps to
disguise the IP number her messages were coming from.
New email
account not enough:
The FBI, thus,
could have obtained this information with just a subpoena to the service
provider, yet obtaining the account’s IP address alone does not establish the
identity of the emails’ sender.
Broadwell,
they said, apparently accessed the emails from hotels and other locations, not
her home. So the FBI cross-referenced
the IP addresses of these Wi-Fi hotspots “against guest lists from other cities
and hotels, looking for common names.” If Broadwell wanted to stay anonymous, a
new email account combined with open Wireless Fidelity (Wi-Fi) was not enough.
According to
them, after FBI identified Broadwell, they searched her email based on news
reports to reveal the intrigues over the affair between Petraeus and Broadwell,
which lasted from November 2011 to July 2012. The harassing emails sent by
Broadwell to Jill Kelley started in May 2012, and Kelley notified the FBI
shortly thereafter. Thus, in the summer
of 2012, when the FBI was investigating, the bulk of the emails would be less
than 180 days old. This 180 day old dividing line is important for determining
how ECPA applies to email.
Between
Warrant and subpoena:
Comparing this
to identifying information, they argued that ECPA provides more legal
protection for the contents of your email, but with gaping exceptions. While a
small but increasing number of federal courts have found that the Fourth
Amendment requires a warrant for all emails, the government claims ECPA only requires
a warrant for email that is stored for 180 days or less.
But as the
Department of Justice (DOJ) Manual for searching and seizing email makes clear,
the government believes this only applies to unopened email. Other email is
fair game with only a subpoena, even if the messages are less than 180 days
old. As reported, Patraeus and Broadwell
adopted a technique of drafting emails, and reading them in the draft folder
rather than sending them. The DOJ would
likely consider draft messages as “opened” email, and therefore not entitled to
the protection of a search warrant.
They pointed
out that although ECPA requires a warrant for the government to obtain the
contents of an email stored online for less than 180 days, the government
believes the warrant requirement does not apply for email that was opened and
left on the server - the typical scenario for webmail systems like Gmail; even
if the messages are less than 180 days old.
“So, under the
government’s view, so long as the emails had been opened or were saved in the
‘drafts’ folder, only a subpoena was required to look at contents of
Broadwell’s email account,” they posited.
Confused?
Well, here’s where things get really
complicated. According to them, through government’s view of the law as
rejected by the Ninth Circuit Court of Appeals, the federal appellate court
that covers the western United States, including California, and the home to
many online email companies and the servers that host their messages. This
resulted in the DOJ Manual note, indicating that “Agents outside of the Ninth
Circuit can therefore obtain such email (and other stored electronic or wire
communications in “electronic storage” more than 180 days) using a subpoena...”
but reminds agents in the Ninth Circuit to get a warrant.
Also, news
reports showed that the FBI agents involved in the Petraeus scandal were in
Tampa, Florida, which means they did not need to get a warrant even if the
email provider was in California (like, for example, Gmail): “law enforcement
elsewhere may continue to apply the traditional narrow interpretation of
‘electronic storage,’ even when the data sought is within the Ninth Circuit.”
ECPA allows 90
days delayed notice:
They
emphasised that a subpoena for email content would generally require notice to
the subscriber, though another section of ECPA allows for delayed notice, for
up to 90 days. The FBI interviewed Broadwell for the first time in September,
about 90 days after the investigation began in June.
However, many
providers nevertheless protect their users by following the Ninth Circuit rule,
and insist upon a warrant for the contents of all email. In EFF’s experience,
the government sought for a warrant rather than litigate the issue. Thus,
assuming the service provider stepped up, it is likely that the government used
a warrant to obtain access to the emails at issue.
“If a warrant
was used, note that a warrant is often quite broad, and the government may well
have obtained emails from other accounts under the same warrant. And as result,
there’s no telling how much email the FBI actually read,” the EFF experts
declared.
The
government, they continued, “is required to “minimize” its collection of some
electronic information. For example, under the Wiretap Act, the government is
supposed to conduct its wiretapping in a way that “minimizes the interception
of communications not otherwise subject to interception.” This ensures the
government isn’t listening to conversations unrelated to their criminal
investigation.
Searching
emails on ISPs server:
“But when it
comes to email, such minimization requirements aren’t as strong. The DOJ Manual
suggests that agents ‘exercise great caution’ and ‘avoid unwarranted intrusions
into private areas,’ when searching email on Internet Service Providers (ISPs)
but is short on specifics,” they noted.
The New York Times, was however, quoted as
reporting that FBI agents obtained access to Broadwell’s “regular e-mail
account.” They could have read every email that came through as they
investigated the affair. Possibly, the FBI could have read an enormous amount
of email from innocent individuals not suspected of any wrongdoing.
Accordingly,
they opined that while the Fourth Amendment requires search warrants to be
specific and particular, as noted earlier, it’s not entirely clear whether the
FBI got a search warrant to search Broadwell’s email. Even if it did get a
warrant, the government has argued that broad warrants are needed in electronic
searches because evidence could be stored anywhere. While some courts have
pushed back on this broad search authority when it comes to email, many courts
still give the government wide access to email and other forms of electronic
content.
Still Sounds
confusing?
They said ECPA
is hopelessly out of date, and fails to provide the protections we need in a
modern era. Your email privacy should be
simple: it should receive the same protection the Fourth Amendment provides for
your home.
So why has
Congress not done anything to update the law? They’ve tried a few times but the
bills haven’t gone anywhere. That’s why EFF members across the United States
are joining with other advocacy groups in calling for reform.
“This week,
we’re proud to launch a new campaign page to advocate for ECPA reform. And
we’re asking individuals to sign EFF’s petition calling on Congress to update
ECPA for the digital era so that there can be no question that the government
is required to go to a judge and get a warrant before it can rummage through
our email, online documents, and phone location histories,” they revealed.
As such, they
also know that major privacy scandals could prompt Congress to get serious
about updating privacy law, citing an instance that the Video Privacy
Protection Act was inspired by the ill-fated Supreme Court nomination of Judge
Robert Bork, after a local Washington reporter obtained Bork’s video rental
records.
Even Luther
King was surveilled:
Further, the
Foreign Intelligence Surveillance Act was inspired by the findings of the
Church Committee, which showed that the FBI had warrantlessly surveilled Dr.
Martin Luther King, Jr. and many other activists.
“If we learn
nothing else from the Petraeus scandal, it should be that our private digital
lives can become all too public when over-eager federal agents aren’t held to
rigorous legal standards. Congress has
dragged its feet on updating ECPA for too long, resulting in the confusing,
abuse-prone legal mess we’re in today,” they maintained.
Nigeria, still
waiting for NAS:
However, in
the case of Nigeria, there still a long way to go as the cybersecurity bill has
continued to drag at the National Assembly (NAS), forcing some industry
watchers to propose that whatever state it may be should be passed into law,
because it is only in using it and testing it, the law could be made stronger,
if properly implemented.
*Remmy Nweke
with additional reports from EFF.
... Making SENSE of digital revolution!
No comments:
Post a Comment