FBI Acts Quickly to Protect Privacy, Notify the Courts When ISP Makes Error Implementing Court Order:
Of course, that's not quite the way the New York Times tells it. Instead, the Times opted for the headline, "F.B.I. Received Unauthorized E-Mail Access." But if you read the story closely, that does seem to be the real news here.
Quoting from the story:
These facts all seem newsworthy, at least to me. I certainly didn't know it was common for the FBI to accidentally get email from random individuals, and I also didn't know that such individuals are not notified when the mistaken collection does occur.
Of course I am glad the agency appears to have notified the proper overseers about the error.
.
Heheheh. Slight delay in noticing the "surge."
.
.
That's not error, that's patriotic cooperation!
.
I'm not sure what the other 10 of 20 "violations" were, probably "preventing terrorist attacks."
.
It'll be so much easier when we outgrow the quaint and outdated notion of expectation of privacy.
When I was at DOJ in the late 1990s, it was sometimes difficult to get ISPs to respect privacy as much as the FBI did. The ISPs would want to be lazy and take short cuts, and would offer the FBI more information than the court order requested; the FBI had to object and insist that the ISPs comply exactly with the court orders to fully protect privacy.
Cbolt,
Read on. The article states:(emphasis added)
Steve W,
Perhaps, but that would seem to create two problems. First, it requires the FBI to create records about whose accounts were tapped (records that otherwise would be destroyed). Second, public disclosure of which accounts were accidentally tapped could also lead to identification of which account was targeted. Perhaps there's a way around that, but I'm not sure.
.
I saw that. Must have been an adjustment at the ISP, 10 months after the order was issued.
.
At any rate, anybody who has an expectation of privacy in e-mail has a screw loose. Orin points out that ISP's have no respect for privacy. No company in its right mind would argue with a federal agent either. "Yes sir, here are the books, and the keys."
.
How many suits are there, challenging NSL's? Only a handful, and scores of thousands of NSL's issued.
That's, of course, ignoring the legal side of things. Still, you gotta be an idiot to think plain text e-mail is even remotely private, long before the discussion turns to federal officers or corporations.
This sounds like a good argument for imposing civil liability on companies that violate privacy laws when purporting to assist the government.
Looking through the FOIA documents there are examples of all sorts of mistakes all around. Asking for the wrong information, citing the wrong statutes, receiving the wrong information, receiving too much information. And although the documents don't report it, I wouldn't be surprised if there weren't also cases of receiving too little information. It wasn't just ISPs, the FOIA documents have examples from credit reporting agencies, telephone companies, and so on. It looks like everyone is "lazy."
And sometimes there is just simple mis-communication. The DoJ and FBI may think their letters are models of clarity, but sometimes what the DoJ/FBI calls something and what industry calls something turn out to be different things. And what is produced may or may not be what the DoJ/FBI was expecting.
As far as the analogy to executing the incorrect search warrant a better analogy would be this. Suppose the FBI got a warrant to search someone's apartment but the landlord gave them the wrong key and directed them to the wrong unit.
However, if this happens frequently it would be appropriate for the government to put in place it's own safegaurds. In particular for email warrants and other similar tasks the government should have special filters that only allow the agents to examine the information covered in their warrant. This would be a nice first step towards dealing with digital 4th amendment issues in the way Orin suggests and who cares if the FBI gets extra info if they have safeguards that prevent it from ever being examined.
-----
Ohh and it's not so clear to me that the fact that in fact ISPs aren't very careful safeguarding email somehow removes people's privacy interest in email. I mean if the government stopped firing post office employees who snooped into your mail and generally encouraged the post office to be extremely careless with your mail but kept this information from becoming generally known would they now be able to search your mail without a warrant?
Also even if many ISPs behave carelessly with your email statistically it is reasonable to assume your email isn't read by anyone else. In fact as a statistical matter I wouldn't be surprised if your emails are less frequently snooped than people listen in on your phone calls (scanners for wireless handsets, crossed lines etc..)
That said, I think my liberal credentials on this site are well-established and even I think this is a tempest in a teapot.
.
I am grafting the ability (not necessarily the right) of a third party to view communications onto the legal tests that ostensibly circumscribe government surveillance.
.
Not that you ever made the argument, and not that I think it holds any water, but some have argued that because a foreign government could view your international communications (and there would be no remedy), a US person has no reasonable expectation of privacy in an international communication.
.
As for the "constitutional" REP (privacy as against the government), that too is eventually founded on real world ability of strangers to observe, and laws that purport to prohibit such observation to private parties who happen to have access, e.g., telecom and postal privacy laws.
.
But given that the administration, Congress, and maybe a substantial majority of Americans have adopted the position that at least the FISA civil statutory "prohibition" (50 USC 1810) should be waived via immunity, I think it's reasonable to cast the "constitutional reasonable expectation of privacy" vis-a-vis the government's viewing of electronic communications, as a phantom. It exists in ones imagination.
.
A "right" to privacy can be viewed more than one way. People disclose things to the doctor, but if the doctor doesn't talk, then we feel privacy has been maintained. Similar with the government. If you aren't doing anything wrong, and you never know you've been eavesdropped, and the information doesn't spread, some would argue that privacy has been maintained.
.
It's a tough role for a protective government, because privacy in the sense of being able to prevent eavesdropping creates the ability to cloak dangerous intentions. See, e.g., export restrictions on cryptographic tools.
.
Account too, for my comment about ISPs being reluctant (unlikely in the extreme) to challenge an order from a government agent. To answer the question "what does ISP practice have to do with it," to the extent the ISP cooperates with orders to disclose to the government, there is a possibility of a 4th amendment challenge, e.g., that the basis for the government order lacks sufficient probable cause or foreign intelligence content. IOW, my comment didn't stop at "the ISP can see it," it included the ISP transferring communication content and/or wrappers to the government, without question.
.
Some ISPs may be protective of their customers' privacy against the government, but I suspect they are a rare exception, not the rule. The raw number of NSLs (warrantless) vs. how the number of legal challenges to NSLs is, I think, a reasonable window into that contention.
.
For what it's worth, yes you do. But if your nosy super (or neighbor, or "friend") is also an informant, the information he provides to the government can be used to produce probable cause and, if needed, a warrant for "official confirmation."
What cases would you cite for that view? Or do you mean this as your own normative theory of what the Constitution means, apart from what the courts have said?
.
I was thinking of (but failed to expressly specify) the informant to be acting without a specific request from the government. I.e., NOT pursuant to a government request to enter your apartment. Just a snoopy super who, upon seeing something "alarming," chooses to report the observation to the authorities.
.
So, for purposes of physical entry for criminal prosecution (but not for foreign intelligence), the authorities would need to take thew probable cause produced by the report from the snoopy super, and extend it to a warrant.
.
"Privacy" is at risk upon the existence of probable cause, or any of the other 4th amendment exceptions.
No, it wouldn't matter if the informant is acting pursuant to a specific request. The question is whether the informant is acting as an agent of the state. As for your point about warrants, you are wrong again. The problem in Chapman is that the landlord lacked authority to consent. If he had authority to consent, no warrant would be needed.
More broadly, I realize you think the Constitution and privacy are under attack. But fortunately, we have a lot more privacy than you think.
.
OK, the snoopy super is NOT acting as an agent of the state. He's just a snoopy private citizen, who, having pierced your perception of "privacy," decides to inform the authorities of his observation.
.
Is it your contention that a court-issued warrant would NOT have cured the deficiency in the Chapman case?
.
There's no definitive way to determine how much privacy (vs. the government) exists in electronic communications. Court cases that might shed light on the question are closed down on the grounds of state secret, or circumscribed by the terms of an NSL. Even Congress is moving to retroactively neuter civil remedies in the area of interceptions ordered on foreign intelligence grounds, etc. The administration decried the revelation of the TSP as disclosing classified information, the extent of surveillance undertaken without a warrant. IOW, the government held as classified (secret from the public) that surveillance exceeds the contours one would infer from privacy statutes.
.
My general point is that one reliably has privacy only to the extent information can be contained, kept out of sight from snoopy supers, etc. Information that is shared, even with "trusted" others (even doctors and lawyers) is not "perfectly" secure against disclosure, as there are certain professional and statutory requirements to report.
.
I'm not complaining about the extent of privacy, there is certainly a public interest to be balanced against personal privacy. I noted above, the ability to obtain privacy creates the ability to cloak bad intentions. And my intuition is that we have more privacy now than existed in certain historical periods.
.
But I don't think it's prudent to take the government (or a business) at its word when it asserts "such as so is kept private." The contours of the 4th amendment have changed, in some areas changed radically (e.g., from Olmstead to today), and will continue to evolve. Sometimes in secret.
I just wonder how the NY Times will report such things once a Democrat is in the White House?