Technology lobbyists have been pushing for reform of the 1986 Electronic Communications Privacy Act for years, primarily to address the multitude of shortcomings, loopholes that couldn’t have been predicted almost 30 years ago. Law enforcement has also jumped onto the bandwagon, having recently submitted a rider proposal that would be attached to any changes proposed to the ECPA. Their objective? To get cellular providers to retain all the text messages passing through their network, primarily for the purposes of investigating criminal activity. Currently, most providers say they do not retain the actual text messages centrally, and smartphones by default are not designed to retain text messages long term, but each provider appears to have different policies governing exactly how much data is retained, and how long. This inconsistency troubles some lawmakers, and enforcement has long held that criminals purposefully use SMS as an “untraceable, untrackable” communication method.
What this means for you:
A proposal is a long way from actual law, but many privacy advocates and watchdog groups say a rider proposal like this could hamper much needed changes to the decades-old ECPA by weighing down progressive proposals with Big Brother agendas that most technology companies find distasteful, if not diametrically opposed to in their publicy stated values – think Google’s “Do no evil” policy. The fight for privacy continues to carry into new areas everyday, but the SMS fight could be a huge battle: six billion text messages are sent everyday. Privacy issues aside, imagine having to figure out how to store this information in a way that is useful, let alone subpoenable!
Apparently, even the (former) head of the CIA can fall victim to a security breach. General David Petraeus recently handed in his resignation as the leader of the US’s Central Intelligence Agency when his extra-marital affair surfaced through an investigation led by the CIA’s own sister agency, the Federal Bureau of Investigation. What’s interesting is that the FBI didn’t use exotic technology or Hollywood-esque espionage to gain access to Petraeus’ “anonymous” email account – in the end, it boiled down to a simple, lawful, court-order through the Electronic Communications Privacy Act. Once the FBI had covert access, they were easily able to track the account usage and trace it to the General himself.
What this means for you:
What undid Petraeus – aside from lack of integrity and fidelity – wasn’t his extremely clever usage of Gmail. Once again, the subterfuge was ruined by a person – in this case, by his own mistress, Paula Broadwell, who sent threatening emails to Petraeus family friend, Jill Kelley who then got the FBI on the case. In the course of any criminal investigation, the ECPA grants the government authority to access any electronic communication without a warrant if it’s under 180 days old, and if it’s older than 180 days, then all that is needed is a court order. Even if you think you’ve set up an anonymous email account, all email travels through the internet by virtue of metadata attached to the digital envelope that is impossible to hide. Think of it as a digital postmark. And because all data must come from somewhere and go somewhere, IP addresses (and logs) make it possible to pinpoint those locations with ruthless precision. The next time you send an email that you need to be completely confidential, think carefully about the implications of it appearing on the front page of every news website in the world. Obviously, the government doesn’t have the time (or the justification) to watch everyone in America, but they certainly have the means, and will to use it, even if it undermines one of their own sacred cows.
Image courtesy of renjith krishnan / FreeDigitalPhotos.net