Legal loophole allows law enforcement to read what’s in the ‘cloud’
The following editorial appeared in Thursday’s Washington Post:
Ever since former National Security Agency contractor Edward Snowden dropped a slew of classified documents into the public’s view, the country has reengaged in a vigorous debate about some — but not all — of the authorities the U.S. government claims to eavesdrop on electronic communications. But there is at least one loophole written into law that makes Americans vulnerable to unnecessary intrusions, is much more unsettling than a lot of the Snowden material and isn’t getting much attention.
Though the PRISM and phone metadata programs that Mr. Snowden detailed were secret, at least a court must scrutinize them. A section of law that hasn’t come up for discussion in the past few weeks, on the other hand, is arguably less protective, giving law enforcement at all levels relatively unfettered access to stored e-mail, documents in the “cloud” and other personal material.
The reason is that law, the Electronic Communications Privacy Act, is old, and technology has far surpassed the vision of the lawmakers who wrote and passed it in 1986. Almost no one used e-mail then, the online cloud didn’t really exist, and storing personal information for long periods of time with a third party such as Google didn’t seem to make any sense. So, the law says, if users keep e-mail on a third-party server for more than 180 days, they’ve abandoned the material and law enforcement can look at it — armed merely with a subpoena, not a warrant from a judge.
Now Americans store years’ worth of e-mail online, compose everything from professional documents to love letters on cloud-based word processors and keep all sorts of other files on remote hard drives owned by communications companies and located far away from their homes. It’s not just metadata that’s vulnerable here — it’s the full contents of every stored e-mail and every cloud-based document. Journalists, among many others, use these tools, which is why the Newspaper Association of America, to which The Washington Post belongs, is part of the Digital Due Process Coalition, a group lobbying to change the law.
For years, Sen. Patrick J. Leahy, D-Vt., chairman of the Judiciary Committee, has been trying to do that. Though his updates would keep multiple exceptions for law enforcement, his reforms would at least require government investigators to obtain a search warrant when they want to obtain e-mail content of any vintage from third-party companies. This would not only meet Americans’ legitimate expectations of privacy, it would also moot the legally murky question of whether searches conducted under the old law are constitutional.
Unlike some of the tougher issues the country is confronting following the NSA leaks, this one is easy. Congress should finally act on Mr. Leahy’s bill, and soon.