It was a clear violation of citizens’ rights—and about as quaint as a cold war spy movie. Nowadays governments have far more comprehensive ways of monitoring citizens than merely tapping computers on desktops or in briefcases. Hardly any of us still keep our private data solely in any one machine; instead it resides on corporate servers far from our homes. E-mail providers save messages in giant server farms distributed around the world. Online services such as Google Docs, Dropbox and iCloud store spreadsheets and word-processing files in the “cloud” so that we can work on critical documents wherever we happen to be. Wireless phone companies keep records of the individual towers our cell phones connect to as we move around our communities. We tend to assume that these data are ours to keep private, just as we expect that the data on our machines are private. But here the law fails us.
The last wholesale revision to U.S. electronic privacy law was the Electronic Communications Privacy Act of 1986 (ECPA), which prevented law enforcement from eavesdropping on digital files as they moved through the nascent Internet. (Before then, the Department of Justice had argued that monitoring anything that wasn’t a voice call wasn’t a wiretap and therefore didn’t require a warrant.) Yet much has since changed. In 1986, when digital storage was expensive, an e-mail provider would send a file to the recipient’s computer and delete the message from its own servers soon thereafter. Congress therefore let the protections of the act expire after a file had been stored for 180 days. In 1986 cell phones were still mostly called “car phones” because the briefcase-size boxes they required were usually kept in a vehicle. The first satellite that would make up the Global Positioning System was still three years away from launch, as was the World Wide Web. In 1986 Facebook genius Mark Zuckerberg was two.
Law-enforcement agencies have been making active use of all the new data these technologies generate. Google reports that U.S. government agencies send it nearly 1,000 requests for user information every month; the company complied with 93 percent of them between January and June of last year (the most recent period for which statistics are available). Verizon executives told Congress in 2007 that law-enforcement agencies send the company 90,000 requests for user details a year, including information on the specific locations of cell-phone customers.
It is important to maintain a balance between the needs of security and the right of each citizen to lead a private life. Cops should be able to investigate a suspect’s e-mail, location and other data. But first they should have to ask a judge.
