Is it safe to assume that your private online data is really private?
In a word, no. Everything you place in the cloud, every email you send or store, in fact, every file that you put on the Internet can be read by the government. They don’t even have to tell you they are doing it.
Despite the news reports about the NSA spying on American citizens, there are a lot of people who assume that no one will be able to read email they address to another person, or the documents they upload to online services like Dropbox, unless granted access. Ok, maybe some people know that hackers can sometimes illegally access this information, but the government? Without a warrant? Isn't the constitution is supposed to guarantee citizens the security of our “persons, houses, papers, and effects”? Well, if it's a piece of paper in your desk at home, the only way that it can be seen by the government is if they have a warrant and use it to search your home, and a warrant means they convinced a judge that there was probable cause of a crime being committed. This protection was put in place by the founders, to prevent the kinds of abuses that the British empire visited on its citizens. Doesn’t this apply to the documents we place online? Not a chance. Your online data can be swept up with a subpoena and used against you in court.
The law that allows this is an outdated statute called the Electronic Communications and Privacy Act (ECPA), and its sub-section, the Stored Communications Act (SCA). Enacted in 1986 (that is, before most of us could spell “email”), ECPA allows access to your email and online data with only a subpoena, and the government can even issue a gag order, so your hosting company can't even tell you they are asking for it.
The sixth circuit court has ruled that the SCA portion of ECPA is actually unconstitutional in the Warshak case, which has seriously impaired the ability of the government to use the subpoena process since then, but the rest of the law is still on the books, and still outdated.
Gandi is working with the Internet Infrastructure Coalition to push for much-needed ECPA reform. We meet with congressional representatives, write letters, and make calls to key decision makers. We want clear rules to follow so we can protect the data our customers put online with due process when it is subject to US law. That means warrant for content. In March we met with the SEC to discuss their objections to ECPA reforms. Law enforcement needs reform and clarity as much as the hosting industry, especially post Warshak. The SEC, however, has objected to the current bills in Congress and asked for an agency exception to the warrant requirement. That would let the SEC, IRS, and DOJ (among others) just bypass the Constitution and get access to the data. It's a complicated legal battle, but there is hope.
What can you do?
If you're a US citizen, you can ask your congressional representative to become a co-sponsor of HR 1852, the Email Privacy Act, Sponsored by Kevin Yoder (R-KS, 3rd District). Here’s a handy link to help you find your representative and their phone number. Call them today!
Can you spot the Gandian?
— Engine (@EngineAdvocacy) June 2, 2014
If you are from the great state of Kansas, tell Congressman Kevin Yoder that you are behind him in pushing for email privacy. Here’s his twitter account: @RepKevinYoder. Thank him for helping protect our rights, and tell him not to allow the bill to be gutted by the Department of Justice, the SEC, or the IRS. This is a constitutional issue, not a partisan one.