No Warrant, No Problem: How the Government Can Get Your Digital Data by ProPublica
Update, June 27, 2014: This post has been updated. It was originally published on Dec. 4, 2012.
The government isn’t allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI to the Internal Revenue Service, to snoop on the digital trails you create every day. Authorities can often obtain your emails and texts by going to Google or AT&T with a court order that doesn’t require showing probable cause of a crime. These powers are entirely separate from the National Security Agency’s collection of Americans’ phone records en masse, which the House of Representatives voted to end last month.
Here’s a look at what the government can get from you and the legal framework behind its power:
How They Get It
Listening to your phone calls without a judge’s warrant is illegal if you’re a U.S. citizen. But police don’t need a warrant — which requires showing “probable cause” of a crime— to monitor the numbers for incoming and outgoing calls in real time, as well as the duration of the calls. Instead, they can get a court to sign off on an order that only requires the data they’re after is “relevant to an ongoing criminal investigation“— a lesser standard of evidence.The government can also get historical phone records with an administrative subpoena, which doesn’t require a judge’s approval.
Many cell phone carriers provide authorities with a phone’s location and may charge a fee for doing so. Cell towers track where your phone isat any moment; so can the GPS features in some smartphones. In response to an inquiry by Sen. Edward J. Markey, a Massachusetts Democrat, Sprint reported that it provided location data to U.S. law enforcement67,000 times in 2012. AT&T reported receiving 77,800 requests for location data in 2012. (AT&T also said that it charges $100 to start tracking a phone and $25 a day to keep tracking it.) Other carriers, including T-Mobile, U.S. Cellularand Verizon, didn’t specify the number of location data requests they had received or the number of times they’ve provided it. Internet service providers can also provide location data that tracks users via their computer’s IP address — a unique number assigned to each computer.
The standard for IP addresses is the same as the one for phone records: Authorities can get a court order allowing real-time access as long the court approves that the records are relevant to an investigation. They can also get historical records of IP addresses with an administrative subpoena.
Here’s where the rules get really complicated. Authorities need a warrant to get unopened emails that are less than 180 days old, but they can obtain opened email as well as unopened emails that are at least 180 days old with only a subpoena as long as they notify the customer whose email they’ve requested. The government can also get older unopened emails without notifying the customer if they get a court order that requires them to offer “specific and articulable facts showing that there are reasonable grounds to believe” the emails are “relevant and material to an ongoing criminal investigation” — a higher bar than a subpoena. How often does the government request emails? Google says it got16,407 requests for data in total — including emails sent through its Gmail service — from U.S. law enforcement agencies in 2012, and an additional 10,918 requests in the first half of 2013. Microsoft, with its Outlook and Hotmail email services, says it received11,073 requests from U.S. authorities in total in 2012, and an additional 7,014 in the first half of 2013. The company provided some customer data in 75.8 percent of the 2013 requests. (The figures don’t include requests for data from Skype, which Microsoft owns.) And Yahoo says it received12,444 such requests in the first half of 2013, providing at least some customer data in 91.6 percent of them. (The Department of Justice requires providers to wait six months before releasing data on the requests.) A coalition of technology companies, including Apple, Google and AT&T, is lobbying to change the law to require a search warrant for email and other digital data stored remotely.
Communicating through draft emails, à la David Petraeus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent emails because the law treats them differently.
Investigators need only a court order or a subpoena, not a warrant, to get text messages that are at least 180 days old from a cell provider — the same standard as emails. Many carriers charge authorities a fee to provide texts and other information. Sprint charges $30 for access to a customer’s texts, according to documents obtained by the ACLU in 2012, while Verizon charges $50.
Authorities typically need only a court order or a subpoena to get data from Google Drive, Dropbox, SkyDrive and other services that allow users to store data on servers, or “in the cloud,” as it’s known.
When it comes to sites like Facebook, Twitter and LinkedIn, the rules depend on what authorities are after. Content is treated the same way as emails — unopened content less than 180 days old requires a warrant, while opened content and content at least 180 days old does not. Authorities can get IP addresses from social networks the same way they get them from Internet service providers — with a court order showing the records are relevant to an investigation for real-time access, and with a subpoena for historical records. Twitter has reportedthat it received 1,494 requests for user information from U.S. authorities in 2012, and 1,735 requests in 2013. In the second half of 2013 — the most recent time period for while data is available — Twitter reported that 55 percent of the requests were from subpoenas, 7 percent through other court orders, 26 percent came through search warrants and 12 percent came through other ways. Twitter says that “non-public information about Twitter users is not released except as lawfully required by appropriate legal process such as a subpoena, court order, or other valid legal process,” except in emergencies “involving the danger of death or serious physical injury to a person.” Facebook says it requires a warrant from a judge to disclose a user’s “messages, photos, videos, wall posts, and location information.” But it will supply basic information, such as a user’s email address or the IP addresses of the computers from which someone recently accessed an account, under a subpoena.
What the Law Says
Police can get phone records without a warrant thanks to a 1979 Supreme Court case, Smith v. Maryland, which found that the Constitution’s Fourth Amendment protection