Google revealed Wednesday that it always requires a search warrant whenever authorities seek access to the content of a user's emails or documents stored in Google's cloud, Wired reported.
The company's insistence in asking for a warrant is seemingly against current law. Particularly, the Electronic Communications Privacy Act, which allows authorities to get access to information stored on a server for more than 180 days with a simple subpoena. The law states that if there are "reasonable grounds to believe" that the information could be useful as part of an investigation, there's no need for a judge's intervention.
The law was passed in 1986, when emails were deleted from servers every time a user downloaded them — and cloud storage wasn't even in the wildest dreams of a computer scientist. According to the law, emails left on a server for more than six months were considered abandoned, and thus freely accessible to authorities. Nowadays, critics say, with the advent of cloud based storage, the law is out of date. That seems to be Google's thinking as well.
"Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Chris Gaither, a Google spokesman told Wired's blog Threat Level.
The search giant can afford to do that because there have been a series of conflicting court rulings that have interpreted the ECPA and the Fourth Amendment in different ways. In 2010, a federal appeals court weighed in on the matter. The 6th U.S. Circuit Court of Appeals ruled that the government must have a valid warrant to access email content stored on a provider's server. The judges wrote that email content shouldn't be treated differently than phone calls and letters — which can't be accessed without a warrant.
"Given the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection," the ruling read. "First, the very fact that information is being passed through a communications network is a paramount Fourth Amendment consideration. [...] Second, the Fourth Amendment must keep pace with the inexorable march of technological progress, or its guarantees will wither and perish."
This decision was followed by two different court cases in 2012, one in Kansas and the other in Minnesota. None of the cases, however, set a national precedent, and the Supreme Court has not yet ruled on the matter.
These decisions give Google some leeway to protect its users' privacy. "Law enforcement agencies must be able to pursue illegal activity and keep the public safe. But it’s just as important that laws protect our users against overly broad requests for their personal information," Gaither wrote in an email statement to Mashable. "Respect for the privacy and security of data that users store with Google underpins our approach. Before complying with a government request, we make sure it follows the law and Google's policies."
Google does turn over some information to the authorities without requiring a warrant, the so-called email metadata. That is, things like the names users provide when creating accounts, IP addresses of the computer where the account was created, what time and where somebody signs in or out of a Google account, the non-content part of emails like the addressee and sender, its date, and the IP address used to send a particular email.
Repeated legislative efforts to review the ECPA have so far faltered. The most recent attempt, led by the Senate Judiciary Committee, added email protections to the so-called Netflix bill. The provisions, which would have required authorities to get a warrant whenever they wanted to access a suspect's email, were stripped out of the bill when it was approved at the end of 2012.
No comments:
Post a Comment