The FBI appears to believe it has the authority to rummage through people's emails without a warrant, even after a court decision directed the agency not to, according to documents obtained this week by the American Civil Liberties Union.
The ACLU's blog says it received excerpts from the FBI's Domestic Investigations and Operations Guide from 2008 and 2012 and both say that under the 1986 Electronic Communications Privacy Act, the FBI can look at any emails that are more than 180 days old with just a subpoena, not a warrant.
"In 1986, that might have made sense," said Ben Wizner, director of the ACLU's Speech, Privacy and Technology Project. "The World Wide Web hadn't been created yet. Now, people have years of emails, calendars, photos, their diaries, all of this stuff is in a cloud."
In 2010, a federal appeals court ruled that the FBI did, however, need a warrant even for emails older than 180 days. But based on the FBI documents sent to the ACLU in response to a public records request, the FBI's position on warrantless email snooping remains unchanged.
"The documents we have, suggest that they aren't following the [court decision]," Wizner said.
Wizner said the 6th Circuit Court of Appeals decision only applies to its district, which covers Kentucky, Michigan, Ohio and Tennessee.
In an email Friday, FBI spokesperson Christopher Allen said the FBI follows the dictates of each district.
“In all investigations, the FBI obtains evidence in accordance with the laws and Constitution of the United States, and consistent with Attorney General guidelines," Allen said. "Our field offices work closely with U.S. Attorney’s Office to adhere to the legal requirements of their particular districts as set forth in case law or court decisions/precedent."
It's unclear if the FBI actually reads people's emails without a warrant. But Wizner said the fact that the FBI has fought hard to keep the government from requiring a warrant, suggests that the agency is accessing emails.
"They are adamantly opposed to reforming the law to bring it up to date with the way people use technology," Wizner said. "The reason it hasn't happened is because law enforcement doesn't want it, which suggests they're using the authority."
The New York Times reported this week that the Obama administration is weighing whether to support the FBI's effort to require Internet companies like Facebook and Google to allow the agency backdoor access to monitor instant messages in real time.
The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders.
Allen said the FBI would not comment on any specific legislative proposals that are still in draft form and that haven't been introduced in Congress. But he did point to a comment by the agency's general counsel, Andrew Weissmann, who told the Times, “This doesn’t create any new legal surveillance authority. This always requires a court order. None of the ‘going dark’ solutions would do anything except update the law given means of modern communications.”
In 2011, then-FBI general counsel Valerie Caproni spoke to the House Judiciary Committee about the agency's trouble keeping tabs on suspects in a rapidly changing electronic landscape.
"In order to enforce the law and protect our citizens from threats to public safety, it is critically important that we have the ability to intercept electronic communications with court approval," Caproni said. "In the ever-changing world of modern communications technologies, however, the FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications."
Wizner contends the legislative proposals mentioned in the Times piece put an absurd burden on companies like Facebook and Twitter to comply with court orders and will also leave companies more vulnerable to attacks by hackers.
"In order to provide a backdoor, they have to rewrite their software," Wizner said. "Every time you do that, you create vulnerabilities. This puts surveillance ahead of all other interests, including privacy and security."