Electronic privacy

  • August 5, 2014

    by Caroline Cox

    Adam Liptak of The New York Times discusses Justice Ruth Bader Ginsburg’s recent comments on the Supreme Court’s different treatment of cases involving gay people and women. Justice Ginsburg comments suggest that the five-justice conservative majority does “not understand the challenges women face in achieving authentic equality.”

    In Slate, Emily Bazelon explains the recent decisions by the U.S. Court of Appeals for the Fifth Circuit and the U.S. District Court for the Middle District of Alabama that blocked major restrictions on abortion clinics. Despite these pro-choice victories, the legal fight against allegedly burdensome regulations on abortion clinics remains an uphill battle as a Texas law goes before the Fifth Circuit.

    Robert Barnes of The Washington Post reports that a Florida judge has found two of the state’s congressional districts unconstitutional. The decision, one of several challenging gerrymandering throughout the country, sets the stage for a possible Supreme Court case in the fall. 

    Shawn DuBravac, the chief economist of the Consumer Electronics Association, writes for the Harvard Business Review that the Supreme Court’s view on the Fourth Amendment is increasingly taking into account changing technology and the importance digital privacy.

    The New York Times’ James Barron provides the obituary for James S. Brady, White House press secretary for President Ronald Reagan and a major champion of gun control legislation.

    The Alliance for Justice published a comprehensive report detailing each federal case on the legality of a same-sex marriage ban. 

  • July 30, 2014
    Guest Post

    by Cameron F. Kerry. Kerry is the Sara R. & Andrew H. Tisch Distinguished Visiting Fellow at the Brookings Institution and a Visiting Scholar at the MIT Media Lab. He is the former General Counsel and Acting Secretary of the U.S. Department of Commerce.

    Yesterday, I moderated a panel on Microsoft’s federal court challenge to a warrant seeking email records that Microsoft stores at a data center in Ireland.  Microsoft is contending that the governing statute, the stored communications provisions of the Electronic Communications Privacy Act (ECPA), does not apply outside the territory of the United States.

    My take-away from the panel is that discussion of reforms to bring ECPA up-to-date with the way we use devices and cloud services in the 21st Century needs to take up the difficult questions presented by services and networks that flow freely across national borders.  As I put it during the discussion, “what does extraterritoriality mean in a virtual world?”

    The panel featured James Garland of Covington & Burling, who is arguing the case on behalf of Microsoft in the Federal District Court for the Southern District of New York this Thursday, along with other lawyers involved in the case.  The case has been the deserving subject of wide attention, including a stern letter from the European Commission’s Justice Commissioner and a July 27 New York Times editorial.  It involves a warrant issued last December for email records “owned, maintained, controlled or operated by Microsoft” for a particular email address.  Microsoft produced records located in the United States that did not involve the content of the emails, but objected to producing the emails themselves because they are stored in a data center in Dublin, Ireland.  They are there because the Dublin servers are closest to the country that the email customer identified in establishing the account, reducing latency in email transmission.  Microsoft only recently established overseas data centers and, so far as anyone knows, this is the first time any Internet service provider has challenged the extraterritorial application of authorities for law enforcement access to Internet communications.

    The issues center on the interpretation of Section 2703 (c)(A) of the Stored Communications Act in the decision by a federal magistrate in New York issued April 25.  In some respects, the issues are narrow:  for example, does the SCA contain language that overcomes the Supreme Court’s “presumption against extraterritorial application” of U.S. statutes; does the “warrant” required by the SCA to obtain most content of electronic communications incorporate requirements for a warrant under the Fourth Amendment?

  • July 30, 2014

    by Ellery Weil

    Brad Smith, General Counsel and Executive Vice President for Legal and Corporate Affairs at Microsoft, writes in a Wall Street Journal op-ed that Microsoft will argue in federal court that the federal government’s classification of emails which are stored on remote servers (i.e., the cloud) are not “business records,” but rather should be afforded the same privacy protections as letters in the U.S. Mail. At the 2013 ACS National Convention, Mr. Smith was presented with a Progressive Champion Award.

    In a piece for Bloomberg News, Laurel Calkins and Andrew Harris report on a 2-1 decision by the U.S. Court of Appeals for the Fifth Circuit affirming a trial court’s entry of a preliminary injunction against a Mississippi law that requires all doctors who work at an abortion provider to obtain hospital admitting privleges. If enforced, the law would shutter  Mississippi’s lone abortion clinic.

    Sarah Solon, writing for the ACLU, discusses the drop in crime since 1990 in relation to mass incarceration, concluding that mass incarceration does not actually make communities any safer.

    MSNBC’s Ned Resnikoff reports on a major decision by the general counsel for National Labor Relations Board, ruling that the McDonald’s corporation must share joint legal responsibility for the working conditions in its franchise locations.

    Emma Green, reporting for The Atlantic, explores the Satanic Temple’s attempt to use the Hobby Lobby decision to grant their members religious exemption from “informed consent” state abortion laws, which require doctors to distribute anti-abortion information before performing an abortion. The Satanists claim that their religion calls for medical decisions to be made without clouding the mind with “unscientific” claims. 

  • July 17, 2014

    by Jeremy Leaming

    Eighty-three percent of American “voters believe police should get a warrant before searching personal information on someone’s cell phone,” Microsoft General Counsel Brand Smith notes in a post on Digital Constitution.

    The survey conducted by the research firm, Anzalone Liszt Grove, following the U.S. Supreme Court’s unanimous opinion in Riley v. California, also reveals that 86 percent of respondents “believe police should have to follow the same legal requirements for obtaining personal information in the cloud as they do for personal information stored on paper.” In Riley, the high court found that police need warrants to search mobile devices of people they arrest.

    Smith says that while the Riley decision can be viewed as a “historic first step,” it only addresses “one of many questions that the growth of technology is posing for our privacy laws. We’ve raised another unresolved question in a case in federal court in New York in which we’re challenging a search warrant seeking customer communications stored in our data center in Ireland.”

    He continued that Microsoft believes it is a “problem for governments to use a warrant to reach across international borders and search a person’s email without respecting local privacy laws.” Smith then cites the survey that says a majority of Americans agree.

    Seventy-nine percent of those polled believe the “federal government should have to respect local privacy laws when searching through people’s personal information like their email accounts.” Moreover, the survey found 56 percent of respondents are “worried” that if the federal government demands “information in other countries without going through their governments, then other countries will follow suit and force companies to turn over Americans’ private information.”

    Smith concludes that the polling, all of which is available here, “suggests” Americans understand “what’s at stake for technology and the future of privacy.”

  • April 21, 2014
    Guest Post

    by Mark M. Jaycox, Legislative Analyst, Electronic Frontier Foundation

    The Electronic Communications Privacy Act (ECPA), which governs when service providers may disclose private online messages like Twitter direct messages, was ahead of its time in 1986. In the nearly three decades since it passed however, it has fallen woefully out of date. The government has used one archaic section to skirt the Fourth Amendment’s warrant requirement and obtain online messages older than 180 days with a simple subpoena based on much less than probable cause. Courts are leading the charge to ensure ECPA doesn't violate the Fourth Amendment, but Congress must step to the plate and make common sense changes to ECPA by explicitly requiring a warrant before the government can access your private online messages or your mobile phone location data.

    Just because your emails are stored online must not mean they have any less protection than if they were printed out and sitting on your desk. The Fourth Amendment's warrant requirement can not be ignored. The archaic law is an example of a typical statute that isn't "technology neutral." Nowadays people store emails and other private messages they care about most for extended periods of time online.

    The statute is also out of date regarding how law enforcement can obtain location data from your mobile phone. ECPA does not specifically say when geolocation can be obtained by law enforcement, so many law enforcement agencies don't currently obtain a warrant when they want your mobile location in the past or present. It's another example of how flaws in ECPA have been abused by the government to skirt the Fourth Amendment’s protections.

    In both instances, Courts are leading the charge to ensure ECPA is in line with Fourth Amendment requirements. In a U.S. Court of Appeals for the Sixth Circuit opinion called U.S. v. Warshak, the Court noted that emails and other private communications are protected by the Fourth Amendment. As a result, many Internet providers and other companies storing online communications require a warrant in all cases, despite any language in ECPA to the contrary. When it comes to issuing a warrant for geolocation, a circuit split exists between the U.S. Court of Appeals for the Third Circuit, which ruled that a warrant could be required for location information, and the U.S. Court of Appeals for the Fifth Circuit, which ruled that an order based on a lower threshold suffices. At the state level, courts in New Jersey and Massachusetts have firmly sided on ensuring law enforcement obtains a warrant, while states like Utah, Indiana and Montana passed laws requiring a warrant for geolocation.

    Congress is only now beginning to catch up with the judiciary. Representatives Kevin Yoder, Tom Graves, and Jared Polis have introduced The Email Privacy Act, which provides a "clean" update to ECPA by requiring law enforcement obtain a warrant before seeking any online private messages. And Senator Ron Wyden and Representative Jason Chaffetz have introduced the GPS Act, which requires law enforcement to obtain a warrant before obtaining geolocation.