If former CIA Director David Petraeus had secretly stashed love letters he exchanged with his paramour at home under his mattress, he might have actually done a better job of protecting his privacy.
Blame federal law for this counterintuitive result. Because it’s so easy to dash off an e-mail — or edit a Gmail draft — you might think electronic correspondence should receive far greater legal protections and be more difficult for the FBI to read.
Not quite. Because of the way a key federal privacy law was worded in 1986, back in the pre-Internet days of analog modems, floppy disks, and the 2.8 MHz Apple IIgs, e-mail stored in the cloud receives less legal protection than it would if printed out.
For love letters stashed under a mattress, FBI agents would have had to secure a search warrant from a judge to enter Petraeus’ bedroom. Perhaps just as important, he would likely have known that his house had been raided. Front doors bashed in with a “Hydra Ram” forcible entry tool tend to make that obvious. So does Rule 41 of the Federal Rules of Criminal Procedure.
But for love letters stored in draft format on Gmail, something that Petraeus and biographer Paula Broadwell reportedly did, the Justice Department claims that police have the right to access those without a search warrant. It says only a subpoena, signed by a prosecutor without a judge’s prior approval and without demonstrating probable cause related to a crime, is necessary.
In a legal brief (PDF) filed with a federal appeals court in a previous case, the Justice Department argues that draft e-mail messages aren’t in “electronic storage” and therefore “do not” require the FBI to obtain search warrants to peruse them.
Another oversight in the 1986 law, called the Electronic Communications Privacy Act (ECPA), is that you won’t even know if police are poking through your e-mail accounts. (Contrast this with the notification requirements for searching bank records.)
Courts have not required police to notify account holders of e-mail searches. In a 2009 ruling (PDF), a federal district judge in Oregon ruled that notifying the Internet or Web e-mail provider was sufficient under both ECPA and the Fourth Amendment. The court’s conclusion: the “notice requirement is satisfied when a valid warrant is obtained and served on the holder of the property to be seized, the ISP.”