1986 Privacy Law Is Outrun by the Web
In contrast, Twitter’s policy “is to notify users of requests for their information prior to disclosure unless we are prohibited from doing so by statute or court order.”
In the WikiLeaks case, Twitter has told the targets of the government investigation that it would turn over the information after 10 days unless they went to court to seek to block the release of the data, according to online postings by Birgitta Jonsdottir and Robbert Gonggrijp, two of the people who said they had received notices from Twitter.
SAN FRANCISCO — Concerned by the wave of requests for customer data from law enforcement agencies, Google last year set up an online tool showing the frequency of these requests in various countries. In the first half of 2010, it counted more than 4,200 in the United States.
As Internet services — allowing people to store e-mails, photographs, spreadsheets and an untold number of private documents — have surged in popularity, they have become tempting targets for law enforcement. That phenomenon became apparent over the weekend when it surfaced that the Justice Department had sought the Twitter account activity of several people linked to WikiLeaks, the antisecrecy group.
Many Internet companies and consumer advocates say the main law governing communication privacy — enacted in 1986, before cellphone and e-mail use was widespread, and before social networking was even conceived — is outdated, affording more protection to letters in a file cabinet than e-mail on a server.
“Some people think Congress did a pretty good job in 1986 seeing the future, but that was before the World Wide Web,” said Susan Freiwald, a professor at the University of San Francisco School of Law and an expert in electronic surveillance law. “The law can’t be expected to keep up without amendments.”
Even Google, when it posted its online tool, acknowledged that the majority of requests it received “are valid and the information needed is for legitimate criminal investigations.”
Still, Internet companies chafe at what they say is the weaker protection under the law afforded online data. They contend that an e-mail should have the same protection from law enforcement as the information stored in a home. They want law enforcement agencies to use a search warrant approved by a judge or a magistrate rather than rely on a simple subpoena from a prosecutor to obtain a person’s online data.
While requests for information have become routine, the way Internet companies respond is not. In the WikiLeaks case, Twitter took the unusual step of seeking to unseal the court order so it could follow its own internal policies and notify its customers, the WikiLeaks members, that the government wanted information about them. Privacy experts praised Twitter for this.
Most of the time, companies do no such thing; they are not required to do so under the patchwork of rules that govern law enforcement access to customer data.
But as the data requests mount, companies like Google, Twitter and Facebook find themselves on the front lines of the tug of war between security concerns and the need to protect privacy.
The rules established by the 1986 Electronic Communications Privacy Act depend on what type of information is sought and how old it is. And courts in different jurisdictions have interpreted the rules differently.