Privacy Beyond the Personal

Ordinarily, business cares as much for civil liberties as my dog does for integral calculus; in most cases, personal freedoms are as relevant to making a buck as the slope of a curve is to what kind of pizza is coming up the steps. But there’s a hole in privacy law that affects corporate America as much as it does Joe Sixpack, and it concerns email that’s stored in the cloud.

You see, in most of the country, any email that’s left on a server for more than six months is considered to be abandoned, and is therefore accessible by the authorities without a warrant. That’s because the relevant clauses of the ECPA (Electronic Communications Privacy Act) became law in 1986—when disk space was dear and email was still a curiosity.

I say “most of the country” because there’s an exception to this rule in the states assigned to the Sixth Circuit of the U.S. Court of Appeals: Kentucky, Michigan, Ohio and Tennessee. At the end of last year, that court recognized that the way we use email has changed dramatically in the last 25 years and that, thanks to cloud-based mail services such as Google’s Gmail and Microsoft’s Hotmail, it is now common practice to leave email on a server for years. But that ruling has no effect in the other 12 appellate circuits; as usual, technology is way ahead of the law, and it’s up to legislators or the courts to bring the law up-to-date, by enactment on the part of the Congress and the White House, or interpretation by judges.

The Senate Judiciary Committee held hearings in early April on extending the protections of the Fourth Amendment to cloud-based email, and as usual, the authoritarians in the government and law enforcement objected to the quaint notion of requiring a search warrant before combing through emails that are beyond the six-month threshold. The ranking member of the committee, Senator Charles Grassley (R-Iowa), described requirements for search warrants in the case of stored communications “burdens” on courts and law enforcement.

Senator Grassley needs a refresher on the Bill of Rights, if he truly believes that is the case. Such “burdens” exist for a reason; if law enforcement lacks probable cause, it has no business combing through the email of private persons or businesses, no matter where it happens to be stored.

I expect the Justice Department to be hostile to an argument in favor of privacy rights; after all, one of its jobs is enforcement of this country’s laws at almost any cost. But when a senior senator who has used liberty as a bully pulpit takes a position against “the right of the people to be secure in their papers and effects,” I wonder what exactly it was that my ancestors fought for. It’s a sad state of affairs when the Commerce Department appears to care more about the rights of Americans than do those who present themselves as the defenders of our freedom.

AT&T and Google, among others, have come together to lobby the Congress for an update to ECPA that recognizes the right to privacy in communications without regard to how long those communications have been stored, but it’s going to be an uphill battle. What’s at stake here is the right of businesses, as well as that of individuals, to be free from unreasonable search and seizure.

Although on its face, very little of the Bill of Rights can be said to apply to business, even the most gung-ho crime fighter would get a warrant before invading my employer’s office in search of evidence. Why should my email be any different, just because it’s stored on a computer in Texas instead of a file cabinet in San Francisco?