The scandal that brought down General David Petraeus this fall contained a miniscandal within it: just how easy it is for the FBI to read people’s e-mail. If Petraeus and his biographer Paula Broadwell had communicated about their extramarital affair solely by telephone, their exchanges might have remained secret. But e-mail does not get the kind of legal protection from government snooping that phone calls and regular mail do.
There have long been calls on Congress to upgrade e-mail privacy, but it still has not — and recently, it let us down once again. This failure to act is not the usual Washington inertia or gridlock. It is because there are a lot of people in government who like the idea of being able to read citizens’ private e-mail. And Internet users — who have gotten good at pushing back against Facebook over privacy issues — have not been putting pressure on Congress to strengthen e-mail privacy.
The Electronic Communication Privacy Act (ECPA) — the main law governing e-mail privacy — was enacted in 1986, when no one had any idea how important e-mail would become or how it would be used. The ECPA requires the government to obtain a search warrant to read e-mail — just like regular e-mail — but the FBI’s position is that it does not need a warrant once you have opened your e-mail. That means in much of the country — some federal courts have said no — all the FBI needs to do to read your e-mail, essentially, is to ask Google or Yahoo nicely (and issue an easy-to-do subpoena).
This fall, when Congress got to work on rolling back privacy protections for online videos — something Netflix wanted badly — the original bill contained a provision to require the FBI to get a search warrant before reading your e-mail. But in late December, Congress passed the “Netflix Amendment” without the e-mail-privacy provision. Make no mistake: the e-mail-privacy protections did not just get lost in the shuffle. Law enforcement lobbied strongly against the change to require a search warrant to read stored e-mails, arguing that it “could jeopardize the effectiveness of investigations,” and also opposed new requirements that people be given prompt notice if the government has gotten a search warrant to look through their e-mails. The bill is headed to the President, who is expected to sign it.
Many people think that keeping the government from wantonly searching e-mail is not important because the FBI is targeting the bad guys — al-Qaeda operatives and organized-crime figures — not ordinary folks. But there is no way of knowing that this is true, and there are some worrisome indications that it is not. As recently as 2005, the National Security Agency was intercepting millions of purely domestic e-mails and phone calls between Americans. That is a lot of e-mails and phone calls — and it is hard to believe a lot of law-abiding people were not caught up in that surveillance net.
The weak privacy protection for e-mail is a real crisis because e-mail is one of the most sensitive realms of modern life. There is a great deal of constitutional law about the right not to have the government search our cars or our U.S. mail. But those things cannot compare with e-mail, where people often put their most private, intimate communications — as the Petraeus scandal demonstrated. Millions of people care deeply about their privacy rights, but they are not as well organized or as sophisticated as the government lawyers and law-enforcement groups that have been fighting for access to e-mail. If Americans want their e-mail protected, they are going to have to start speaking up at least as loudly as law-enforcement interests who want to keep reading our private communications.