Tech

The FBI Is Winning the Fight to Invade Your Online Privacy

FBI Director Rober Mueller III, via the Department of Justice

Two months ago, the Supreme Court refused to hear a challenge to the Foreign Intelligence and Surveillance Act (FISA), a Bush-era law that allows the NSA to wiretap American citizens without a warrant. Now, the full scope of the US government’s warrantless surveillance schemes is becoming known. 

Leaked documents from the IRS, the FBI, and the Department of Justice have now shown that none of those agencies believe that warrants are required for monitoring the online communication—think emails, not just public Twitter posts—of American citizens. At the same time, the Obama administration is reportedly planning on backing an FBI plan that would force internet providers, email hosts, social media platforms, and others to install backdoors to their system to allow the FBI easier access. 

Videos by VICE

The past few months have seen the culmination of years of work by authorities to exploit the regulatory vagaries of electronic communication and the technical ineptitude of legislators. By loudly proclaiming that internet is the realm of criminals, authorities are successfully pushing to make monitoring of American’s communication online far easier, and with fewer legal barriers, than traditional modes of communication.

The revelation that the FBI doesn’t believe the Fourth Amendment applies to all online communication comes via the ACLU, which filed a FOIA request to see if the FBI was exploiting loopholes in the Electronic Communications Privacy Act (ECPA), a hopelessly outdated pre-Internet bill that Congress has yet to update and which allows for some warrantless monitoring of communication.

The FBI argues that the law states citizens have no expectation of privacy on transmitted information, and that accessing six month old emails only require a subpoena.

The FBI sent the ACLU “excerpts from two versions of its Domestic Investigations and Operations Guide (DIOG), from 2008 and 2012,” which is notable because they fall on either side of the 2010 Sixth Circuit Court of Appeals decision on United States v. Warshak, in which the court ruled authorities must get warrants before forcing email hosts to hand over user emails.

It’s important to note that Warshak only applies to the Sixth Circuit, which only comprises four states. And it appears it had little effect. According to the ACLU, neither version of the FBI’s handbook for domestic investigations states that warrants are required for all emails.

The FBI argues that the law states citizens have no expectation of privacy on transmitted information, and that old emails only require a subpoena—an order signed by a district attorney, not an independent judge like a warrant does—to force providers to hand over data. The relevant paragraph from the 2012 Guide, as quoted by the ACLU:

In enacting the ECPA, Congress concluded that customers may not retain a “reasonable expectation of privacy” in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.

As Declan McCullagh writes at CNET, with whom the ACLU shared its FBI documents, the Department of Justice doesn’t see a problem. Internal documents sent by the US attorney in Manhattan state that subpoenas are all that are required to obtain “all records from an ISP.” McCullagh also notes that the US attorney in Houston recently won  “contents of stored communications” using the same argument.

After the IRS’s exploitation of the same “180-day rule” from the ECPA—which states that police can obtain American emails that are more than 180 days old without a warrant—came to light last month, the agency was roundly criticized by Congress and the public. The head of the IRS has since declared the agency will change its policy.

Attorney General Eric Holder, with Homeland Security Secretary Janet Napolitano and New York Police Commissioner Raymond Kelly, speaking at a press conference about the 2010 attempted Times Square bombing. Via the Justice Department

While it’s a big win for privacy, everyone hates the tax man. Clamping down on the FBI and DoJ’s ability to access emails without warrants is a tougher task in a regulatory environment filled with crime and terror fear mongers. In fact, instead of backtracking, the FBI appears to be doubling down on its ability to access American’s private electronic correspondence without judiciary oversight.

At the same time that ECPA loopholes and Warshak‘s toothlessness have come to light, the FBI has continued a Bureau-wide complaint spree about its “going dark” problem. The premise is simple: the FBI says that, in the past, it had no trouble tapping people’s phones and whatnot (with a warrant) because our modes of communication were centralized. But now that we’ve got Snapchat and Gmail and Facebook and all the rest of the booming communications diaspora, it can’t figure out how to find the bad guys.

Recently, FBI general counsel Andrew Weissman took the dais at an American Bar Association forum in Washington, DC, to say that the FBI is helpless in finding the people “up to no good” online, while also dropping the terrorism card. Of the FBI’s ability to monitor the internet, Weissman said, “This huge legal apparatus that many of you know about to prevent crimes, to prevent terrorist attacks is becoming increasingly hampered.” 

FBI Director Robert Mueller III has argued for years that the FBI’s “going dark” problem can only be fixed by forcing email and communications providers like Google and Microsoft to build in backdoors to their email and messaging systems that would allow the FBI to easily access user data—provided the FBI has a wiretap warrant, Mueller says.

Currently, Mueller’s backing a proposal that would fine companies that don’t offer backdoors when provided with a warrant, rather than requiring them across the board, a past idea that opponents like the Commerce Department argue would stifle innovation. And now, , the White House is close to supporting the move.

We’re ruled by a state that’s unrelenting in waving the specters of crime and terrorism to eliminate Americans’ privacy protections.

So, first we’ve got the FISA precedent set by the Supreme Court, which ruled 5-4 that the plaintiffs suing to overturn the law couldn’t prove that they’d actually been hurt by a secret wiretapping program. Now the FBI is getting closer to getting far more wiretapping ability (with warrants, but the backdoors would allow for little oversight) following years of terror and crime drumbeating. That’s despite the fact that the FBI and DoJ have been shown, in their training manuals and court cases, to believe that warrants aren’t required for all wiretaps.

Pile that on with the opaque, broad spying powers of the National Counterterrorism Center; the case of David House, in which Homeland Security said it could confiscate and examine a laptop’s data because it has the power to examine “closed containers” at border crossings; the FBI’s continued legal battles over fake cell phone towers; NYPD officials stating that online suspects need to prove their innocence; and the Obama Administration’s unprecedented prosecution of whistleblowers.

What have we got? A state that’s unrelenting in waving the specters of crime and terrorism to eliminate Americans’ privacy protections, especially on the internet, while trying to distract criticism with gestures like open data projects. We’re reaching the end sum of a long trend: in the US, privacy is now a myth, unless you’re working with the government.