Digital Privacy Rights Erode as Police Increasingly Access Private Data

Michael Cerkas's picture

Law enforcement officials are requesting access to private emails, instant messages, voicemails and other private electronic data at an increasing rate from digital media companies including Facebook, AOL and Sprint.

Christopher Soghoian, a graduate fellow at Indiana University Bloomington – Center for Applied Cybersecurity Research, School of Informatics and Computing, has been studying in this field as he works toward his doctorate. In his words, “These days, the police or FBI can obtain most of the data they need from the comfort and safety of their own desks, with a few clicks of a mouse, a fax, or a phone call to a telecommunications or Internet service provider.”

In fact, many telephone companies have developed self-service websites exclusively for law enforcement agents to retrieve user data without any assistance.

Soghoian’s doctoral dissertation goes on to cite that digital data being requested and retrieved by police include but is not limited to, “wiretaps and electronic communications intercepts, stored emails, instant messages, web browsing history and search engine records, as well as geo-location information from mobile phones, both historical and real-time.”

You can download the report by Christopher Soghoian here.

As a tool used in the process of fighting crime, digital or electronic information is used as input to create profiles for suspected criminals, trace the movement of persons of interest and recreate activities or behavior of suspects and victims of crimes. The data has proven invaluable for police and other law enforcement agencies, however, many of those law enforcement agencies have minimal or non-existent electronic surveillance reporting requirements. In other words, their actions are not accountable or many times invisible to the public eye.

Noting the time period of this statistic, a letter sent by a Verizon executive to members of Congress in 2007, the company receives approximately 90,000 requests from law enforcement agencies each year. The documented 2,300 wiretap orders issued across the entire United States in 2009 pales in contrast to the request and consumption of digital data by law enforcement.

The Stored Communications Act (known as SCA) was passed by the United States Congress in 1986 and is part of the larger ECPA (Electronic Communications Privacy Act). It enables law enforcement agencies and their staff to obtain electronically stored data including emails, web browsing history and search engine records. The amazing aspect of this legislation is that the data targeted for consumption is not restricted to what is stored on the computers of people targeted for surveillance, but rather, also includes data “in the cloud”.

Time Warner has revealed that it received an average of 500 IP (Internet Protocol) address lookup requests related to its cable customers per month, primarily from law enforcement. Google likewise disclosed it had received and processed 7,867 requests for user data between July 2009 and June 2010.

Much if not most of this surveillance activity is shielded from public awareness as a result of the need for anonymity by law enforcement to effectively perform their jobs as part of the process to serve and protect United States citizens. The underlying premise, however, is that their actions are indeed trustworthy and conducted with the highest degree of integrity and confidentiality.

In March 2010, unlikely partners, Google, Microsoft and the ACLU (American Civil Liberties Union) joined together to form an advocacy group called ‘Digital Due Process’. The group’s objective is to lobby the U.S. Federal Government to update the antiquated ECPA that authorizes and provides the legal infrastructure surrounding how law enforcement agencies request and obtain access to the digital data of private citizens. Currently, the consortium also includes AOL.

The need for the group was described by Richard Salgado, Google senior counsel for law enforcement and information security, as he stated, “Originally designed to protect us from unwarranted government intrusion while ensuring that law enforcement had the tools necessary to protect public safety, it was written long before most people had heard of email, cell phones or the ‘cloud’ – the term used for programs helping people store personal data like photos and documents online.”

Google created the brief overview of Digital Due Process below:

You can reach Michael Cerkas via email at mcerkas@gmail.com

Add new comment