There is frequently talk of warrantless spying on citizen communications and online data, but what about how the government and law enforcement can track people -- legally? With the scandal between the former CIA Director Gen. David Patreaus and his former mistress Paula Broadwell coming to light thanks to content stored in an email account, many have begun to wonder about the privacy of their own communications.
Tech experts say it really comes down to outdated laws. Laws which Congress is expected to update soon, but this update might not be in favor of more privacy.
TheBlaze spoke with "ethical hacker" Michael Gregg, the COO of Superior Solutions and author of a dozen IT security books, who said most people have no idea how much information about them is readily available in the digital age.
"It's not the 1990s anymore. We're in a Brave New World."
The scarier part though is when people don't even care. As Chris Weber with Casaba, a security consulting firm, said in an email, the sentiment of many regarding surveillance of their communications is that they don't care since they're not doing anything bad.
"They failed to see the bigger problem here, as it wasn’t about your personal business, it was a larger erosion of civil liberty, and a right to privacy," Weber said.
The laws allowing for this sort of information spying were developed in the days of landline telephones and when cloud computing might have been considered a form of technology-inspired daydreaming. The main law governing the privacy of electronic communications was signed by in the 1980s by President Ronald Reagan. The Electronic Communications Privacy Act allows a federal prosecutor -- not a judge with the authority to issue a warrant -- to approve a subpoena giving authorities access to electronic communications six months and older.
Many of the laws governing how authorities can obtain what can also vary by state. For example, those in the states governed by the 6th Circuit Court of Appeals must obtain a warrant before seeking out emails. Here's a brief rundown of how your digital movements can be obtained though:
- Cell phones: Cell phones can be tracked easily when authorities issue a subpoena to cellphone service providers for data that can triangulate the movements of a person's phone, if they are already part of a criminal investigation. Many apps on smartphones also track location data. Gregg explained that many people don't read privacy policies or understand that their GPS location data could be collected. In the policies for many of these apps, they state that they will comply with proper requests made by law enforcement for information.
- Landlines: Perhaps an oldie, but still worth mentioning, the Communications Assistance for Law Enforcement Act requires telephone companies to make it easy for the authorities to wiretap lines, if necessary.
- Emails and the web: Google's report on the amount of requests the government makes for information is an indication of its increasing interest of electronic information. In the first six months of this year, it make 7,969 requests for data of Google users in the United States -- the company complied with 90 percent of these requests. The number of requests made has been increasing each year (see the graph below). Cloud computing and social media site are also changing the game because once your information is stored on a server, it is subject to their rules and regulations should authorities request it. Here's how the ACLU put it in a recent blog post:
Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, U.S. law currently permits law enforcement agencies to obtain these records with a mere subpoena—no judge required.
This graph shows the requests made from many world governments to Google for user data. (Image: Google)
"People have been concerned about the privacy of communications since writing began," Executive Director of the Electronic Privacy Information Center Marc Rotenberg said to TheBlaze in an email.
Although current federal law seeks to protect the privacy of emails, technology and business practices have "outpaced the law," according to Rotenberg.
"[I]t is necessary to update the law and ensure that private communications will be protected," Rottenberg wrote.
Senate Judiciary Chairman Patrick Leahy (D-VT) said he wanted to update this law to require a probable-cause warrant for non-public Internet communications. Last month, Leahy went as far to say that the bill would "[provide] enhanced privacy protections for American consumers by [...] requiring that the government obtain a search warrant."
But CNET reported Tuesday that Leahy has rewritten the bill in response to concerns from law enforcement to provide even more surveillance capabilities than before. Here's more from CNET:
Leahy's rewritten bill would allow more than 22 agencies -- including the Securities and Exchange Commission and the Federal Communications Commission -- to access Americans' e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.
Leahy's modified bill retains some pro-privacy components, such as requiring police to secure a warrant in many cases. But the dramatic shift, especially the regulatory agency loophole and exemption for emergency account access, likely means it will be near-impossible for tech companies to support in its new form.
CNET reported this bill is expected to see a vote in the Senate next week.
In the mean time though, Superior Solutions' Gregg has some tips for protecting your online movements. He said at this point, people need to employ their own level of privacy protection. He said using an encrypted email service or use of VPN while online is beneficial, especially if you're on an unsecure wireless network. Gregg said, if at all possible, avoid free, unsecure wireless Internet, like that provided in cafes or hotels, and instead use a hot spot device or phone tethering service instead.
Gregg also advocated for more sites using cookies to enable a "do not track" opt-out feature. Most sites with an "opt out" feature though require the user to manually choose to do so and won't automatically enable it.
Update: According to a separate post by CNET, Leahy tweeted that he would not support the exceptions reported earlier. Here's more:
A note from Leahy's Twitter account added: "Technology has created vacuum in privacy protection. Sen. Leahy believes that needs to be fixed, and #ECPA needs privacy updates." That's a reference to the 1986 Electronic Communications Privacy Act, which currently does not require that police always obtain a warrant for the contents of e-mail and other communications.
This revised position will come as a relief to privacy advocates and business lobbyists, who have been scrambling since last week to figure out how to respond to Leahy's revamped legislation. Some portions would have imposed new restrictions on law enforcement, while others would lessen existing ones, making the overall bill unpalatable to many groups.
Featured image via Shutterstock.com.