Yesterday was Data Privacy Day, making this a good time to recap some recent developments in law enforcement access to email and other electronic communications.
Data Privacy Day. You’re probably familiar with it already, but just in case you need a bit of background: Data Privacy Day is an “effort to raise awareness about data privacy and the protection of personal information on the Internet.” In 2009, Representative David Price, from right here in North Carolina, introduced House Resolution 31, recognizing the event, and it passed 402-0. The Senate passed a similar resolution. Congress officially “encourage[d] individuals across the Nation to be aware of data privacy concerns and to take steps to protect their personal information online.”
Law enforcement and data privacy. Although Data Privacy Day originally focused on internet users exposing their personal information to other individuals, the focus has expanded to internet users’ exposure of personal information to the government, and specifically, to law enforcement.
Recent developments. Several major internet companies release reports about law enforcement requests for information on or near Data Privacy Day. Interesting developments this year included the following:
- Google issued its twice-yearly transparency report, providing information about requests for information that it receives from law enforcement and courts around the world. It’s now receiving about 100 such requests each day globally, about a quarter from the United States. As to domestic requests, most are by subpoena, presumably for basic subscriber information under 18 U.S.C. § 2703(c)(2). Most of the rest are search warrants. Google complies with about 90% of the requests it receives, though it explains on its corporate blog that it scrutinizes each request, seeks to narrow overbroad requests, notifies the affected user(s) when possible, and requires a search warrant when law enforcement is seeking “query information and private content stored in a Google Account—such as Gmail messages, documents, photos and YouTube videos.”
- Twitter likewise released its most recent transparency report. It doesn’t receive as many requests as Google, but takes similar steps to scrutinize requests. Perhaps in keeping with its image as the most vigorous advocate of subscriber privacy, Twitter denies a higher percentage of requests than Google, producing data in response to 69% of United States requests.
- Although I doubt that it was intended to coincide with Data Privacy Day, the Fourth Circuit just ruled, in a case connected to the Wikileaks investigation, that applications for court orders under 18 U.S.C. § 2703(d), and the orders themselves, may properly be sealed when doing so is necessary to preserve the integrity of an ongoing investigation. The court reasoned that such proceedings “are ex parte in nature, and occur at the investigative . . . pre-indictment phase . . . where privacy and secrecy are the norm.” Frankly, it seems like a no-brainer to me that if search warrants can be sealed under appropriate circumstances, so may proceedings for 2703(d) orders. Ars Technica summarizes the case here, while Orin Kerr approvingly notes it here.