The report details how two popular and increasingly ubiquitous technologies — Web-based email and location awareness — inadvertently give the government unprecedented access to Americans’ personal data.
Web-based email is a convenient, inexpensive way to stay in touch with friends and colleagues and to access one’s mail, photos and documents from anywhere in the world. Several webmail services now offer their users gigabytes of storage, touting the fact that users never need delete anything.
As “Digital Search and Seizure” illustrates, all of this information sits on the computers of service providers. The legal distinction between Web-based and traditional email accounts is essentially meaningless for most Internet users, but under the Electronic Communications Privacy Act (ECPA) — drafted in 1986, before webmail existed — messages and documents stored with webmail providers are entitled to weaker protections than those stored on users’ computers. While the government needs a judicial warrant to search a person’s computer, it may be able to access that person’s webmail account with only a subpoena, issued without judicial review; without any specific suspicion of wrongdoing on the part of the user; and often without notice to the person whose data is being disclosed.
“Digital Search and Seizure” also outlines how mobile phones serve as tracking beacons. “While a cell phone is turned on, whether or not it is making a call, it is regularly seeking out the nearest antenna and sending to it its identification numbers,” the report points out. Unfortunately the legal standards regulating the government’s ability to use that constant stream of new data haven’t kept pace with the technological reality. Since no existing law lays out explicit standards for government location tracking, the government’s use of location technology is governed by a patchwork of laws and court precedents, the report finds.
Finally, the report discusses the emergence of “government spyware” — keystroke-logging technology that can record everything a subject does on his or her computer. Here too the technology has far out paced the legal protections, giving the government a uniquely intrusive surveillance tool, with inadequate legal controls.
The report concludes that in all these areas and others (such as RFID and search services), the laws must be updated to reflect the technological realities of a new century.