It probably will not surprise most people to learn that in today’s wired world, usage of “snail mail” is going the way of the carrier pigeon. According to the USPS’s 2009 Annual report, mail volume dropped dramatically from 203 billion of pieces of mail in 2008 to about 177 billion pieces in 2009. While 177 billion pieces is still a huge number, it is hard to ignore a 26 billion drop.
So with hundreds of millions of people re-directing their communications to electronic media, and in particular web-hosted e-mail like Gmail, it may surprise you to learn that under current laws, you have a far greater expectation of privacy in your regular mail than you do in your e-mail.
If you have any type of web-based e-mail account, the Stored Wired and Electronic Communications and Transactions Records Access Act (ECPA), 18 U.S.C. § 2701, despite the long and boring sounding title, is a statute worth getting to know. Enacted in 1986, the ECPA was actually quite forward-thinking in addressing governmental access to electronically stored information. Nevertheless, to some, recent case law interpreting the statute – such as the Central District of Illinois’s 2009 decision in U.S. v. Weaver, 636 F. Supp.2d 769 (C.D. Ill. 2009) – signal a need for legislative reform.
At issue in the Weaver case, was whether law enforcement officers could gain access to the contents of the defendant’s (accused of child pornography charges) Microsoft/MSN Hotmail account with a trial subpoena rather than a search warrant.
Why does it matter whether the government is required to obtain a search warrant as opposed to a trial subpoena? It matters because search warrants are much more difficult to get. To obtain a search warrant, the government must demonstrate probable cause and this requires the approval of a judicial officer. By contrast, a trial subpoena can be obtained by making the much less demanding showing that the requested materials are likely to contain relevant and admissible evidence – subpoenas can be issued by a court clerk or in some jurisdictions, the attorney herself.
So back to the outcome of the decision: the court reasoned that under the current statute, “for emails less than 181 days old, the question of whether a warrant is necessary turns on whether the emails are in ‘electronic storage’ or are ‘held or maintained . . . solely for the purpose of provided storage or computer processing services to [the] subscriber or user.’”
Somewhat counter-intuitively, “if [the emails] are held or maintained solely to provide the customer storage or computer processing services” then a subpoena would suffice. Significantly, the court’s decision turned on its finding that because Hotmail is a “web-based” and “remote” e-mail system, the messages stored in the defendant’s Hotmail account were maintained “solely for the purpose of providing storage or computer processing services” to him – and not for backup purposes. Click here for a copy of the decision.
If you find this discussion a somewhat odd way to think about the privacy issues related to e-mail, you are not alone. A interesting and diverse group of advocacy groups, technology companies, think tanks, attorneys and law professors have banded together to form Digital Due Process, a coalition in support of reforming the ECPA. For more information on Digital Due Process, click here.
While legislative reform may well be on the horizon, in the mean time, you might be able to improve your expectation of privacy in your e-mail by backing up what you need locally and taking what you don’t need off the web (it certainly can’t hurt). Here are some resources to help you accomplish this:
Plus: Just this past week, Google (a member of the Digital Due Process coalition) has broken with the trend by treating the issue of government requests for data with remarkable transparency. Indeed, Google has an entire webpage devoted to the issue (click here) – complete with a nifty map showing where the requests come from, country by country.