Last week the U.S. government dropped its demand that a federal magistrate force Yahoo! to fork over the contents of a user’s email account without a warrant. Although the government’s withdrawal is a victory for privacy in this case, it denies the court an opportunity to issue an opinion that could clarify this increasingly important, yet muddled, area of the law. The DOJ’s move highlights the need for Congressional action to protect privacy through a consistent set of rules
In its motion to compel, the Department of Justice (DOJ) claimed it did not need a probable cause warrant to obtain the emails because the Yahoo! accountholder had already read them. Instead, the DOJ argued, it needed only to show “specific and articulable facts” that the information was relevant to its investigation – known as a 2703(d) order. Courts disagree on whether the weaker 2703(d) standard is indeed sufficient in these circumstances.
A coalition of privacy groups and Internet companies that included EFF, CDT, Google and the Progress and Freedom Foundation filed an amicus brief to bolster Yahoo!’s opposition to the government’s request. The coalition argued that the Electronic Privacy Communications Act (ECPA) and the Fourth Amendment require the government to obtain a warrant to get the contents of email whether they are stored on a user’s computer or with a service provider like Yahoo! and regardless of whether or not the user had read the email.
This case represents a pattern in which the government makes overbroad data requests of questionable constitutionality and then drops its case when it looks like the court might rule in favor of privacy. The DOJ has also refused to appeal numerous magistrate and district court rulings that require a warrant for the government to conduct real-time cell phone location tracking. By dropping cases and declining to appeal adverse rulings, the government seeks to maximize its ability to exploit an ambiguous area of the law. The DOJ’s strategy indicates that the government itself is not convinced of the legality of its demands.
Although in this case the government backed down as soon as Yahoo! and its privacy allies put up solid resistance, service providers field many, many demands for data from government agencies each year. It is not improbable that the government succeeds with many overbroad – possibly unconstitutional – requests made to service providers with less sophistication than Yahoo!. So long as the law on government access to digital communication remains hopelessly in dispute, user privacy is threatened, the trust relationship between online service providers and their clients is undermined, and tax dollars are wasted on law enforcement investigations that wither beneath the light of judicial scrutiny.
The real bright spot in all this is the growing chorus calling for the law to be updated, clarified and strengthened. CDT is leading the Digital Due Process group, made up of companies, think tanks, and advocates across the political spectrum. Digital Due Process is dedicated to reforming ECPA in a way that enhances user privacy, fosters commercial innovation, and preserves the ability of law enforcement to conduct effective investigations. Although the Yahoo! amicus was not a part of the Digital Due Process campaign, the diversity of participants in both efforts reflects widespread consensus among the business and privacy communities that ECPA must be updated in light of modern technology.