The Leadership Conference is working diligently to see that Tom Perez is confirmed as U.S. Secretary of Labor. Perez is an eminently qualified public servant and consensus builder who has dedicated his career to ensuring that all individuals are treated fairly and have the opportunity to succeed. He has served with integrity and distinction at the local, state and national level, compiling an outstanding record of achievement.
Privacy Rights: A 21st Century Update
Christopher Calabrese and Sandra Fulton
“Top Gun” is in the movie theatres. Martin Luther King, Jr. Day is first celebrated as a national holiday. Fox Broadcasting Company launches a fourth television network. Oprah Winfrey takes her show national. America’s electronic privacy laws are last updated.
What do all of these things have in common? They all happened in 1986.
1986 may or may not seem like a long time ago, but it’s been an eternity when it comes to technology. Technology has had a huge impact on the minority and civil rights communities, whether it is the digital divide, law enforcement surveillance practices that are forms of racial profiling, or the media consolidation that makes diversity in news coverage and editorial viewpoints more difficult.
In 1986 there was no “World Wide Web,” very few people carried a cell phone, almost nothing was stored in the “cloud,” and social networking was still years away. Email was just starting to come into use and large companies were starting to transmit data to other companies to perform internal functions like payroll and data processing. The Electronic Communications Privacy Act of 1986 (ECPA) was Congress’s effort to deal with these new developments. But Congress has not substantially updated the law during the intervening years despite the astounding way in which technology has transformed the world we once knew.
As society’s presence online has increased, ECPA has been stretched to cover many of the new technologies Americans enjoy. Unsurprisingly, that stretch is an uncomfortable fit for the original law and it is now substantially out of date. No one could have predicted how the Internet would evolve and how much we would eventually live our lives online. That evolution now means that more personal information about our lives is now available to more people—friends and strangers alike—than ever before and there is very little in the law to protect individuals from those who would abuse that access. While such a lack of privacy protection affects all Americans, minority communities—already disproportionately targeted by law enforcement—face particular burdens.
Last year a Freedom of Information Act (FOIA) request from the Electronic Frontier Foundation revealed that the Department of Homeland Security (DHS) monitored social networking sites that cater to specific racial and ethnic demographics. The FOIA documents revealed that during the days leading up to President Obama’s inauguration, DHS had established centers to monitor the online African-American community site BlackPlanet for specific “items of interest,” including users’ political beliefs and key words related to race. The same FOIA also discovered that U.S. Citizenship and Immigration Services had been monitoring social networking sites including MiGente, which caters to the Latino community, to investigate citizenship petitions.
Not only has ECPA not been extended to protect us from government observation as we use social networking sites, but it also fails to protect online records and communications in areas as varied as email, cloud computing, and smart phones.
Problems with Existing Law
ECPA offers little protection for sensitive location information stored by mobile phones and telecommunications providers. Modern cell phones have become, in essence, portable tracking devices. Technologies including GPS and cell tower triangulation allow mobile phone providers to determine a user’s physical location in real time and retain records of this location information indefinitely. The legal standard for access to these records is currently being litigated and Congress has never weighed in on what the appropriate standard should be.
Communications content online is another area of concern. Information held in the “cloud”—a general term for information held by third parties and accessed through the Internet—doesn’t receive the type of probable cause, warrant protection it would get if left in a desk drawer at home. Instead this information—including pictures on Shutterfly, documents on Google, or wall posts on Facebook—is accessible at a much lower standard. Even email—a technology that existed in 1986—needs better protection. Back then, lawmakers were unsure whether email was more like a letter or more like a phone call. Therefore, different levels of legal protection apply depending on whether it is more or less than 180 days old.
Law enforcement is taking advantage of the outdated privacy protections in ECPA and is increasingly using new technologies in investigations. Google’s semi-annual transparency report tracks government demands for the personal information (like chat records or emails) of its users. According to its most recent report covering July to December 2010, federal government agencies asked Google to disclose the personal information of its users 4,601 times (Google complied with 94 percent of these requests). If Google alone is receiving thousands of demands from the government to provide details of individuals’ online activities, many more must be going out to Verizon, Microsoft, Facebook, and the thousands of other online and telecommunications services that Americans use every day.
Racial Profiling and Weak Electronic Privacy Laws
Disproportionately Impact Minority Communities
An outdated ECPA is a particular burden on minority communities. Despite the efforts of civil rights groups, the practice of racial profiling by members of law enforcement at the federal, state, and local levels remains a widespread and pervasive problem affecting African-American, Muslim, Latino, and other communities.
In August 2011, an Associated Press report revealed a massive surveillance department established within the New York Police Department (NYPD) after 9/11 to monitor Muslim neighborhoods and infiltrate their community organizations. According to officials involved, undercover officers were sent to investigate all parts of daily life in these communities including bookstores, bars, Internet cafes, and clubs looking for “hot spots” of “radicalization.” As part of a largely secret police program, they spied on and recorded the lives of innocent Americans without any evidence of wrongdoing.
The NYPD has long viewed the Internet as dangerous territory. In a 2009 report it said:
“The Internet plays an important role during the radicalization process…. The Internet becomes a virtual ’echo chamber’ – acting as a radicalization accelerant while creating the path for the ultimate stage of Jihadization. In the Jihadization phase, people challenge and encourage each other’s move to action. The Internet (sic) is now a tactical resource for obtaining instructions on constructing weapons, gathering information on potential targets, and providing spiritual justification for an attack.”
It’s not known whether NYPD’s efforts to track Muslims involved government surveillance under ECPA because of the secrecy of the program. Assuming ECPA applied, however, there is no question that the outdated nature of ECPA’s protections would have allowed these activities to proceed with little transparency and judicial oversight.
Additionally, recent studies have shown that minority communities use smart phones at a significantly higher rate than the rest of the population. At the same time, the sensitive information stored in these phones has become a hot commodity for law enforcement investigations. In just one year, Sprint Nextel provided law enforcement agencies with the specific whereabouts of its customer more than 8 million times without requiring a warrant or probable cause. The company even set up a website for law enforcement agents so they could access these records from the comfort of their desks. “The tool has just really caught on fire with law enforcement,” said Paul Taylor, Sprint’s manager of electronic surveillance, in 2009. The fact that Sprint needs to employ a person with the title “manager of electronic surveillance” may go a long way toward explaining why ECPA needs updating.
Congressional Efforts to Bring Electronic Privacy Up-to-Date
Calls have already begun for Congress to update ECPA, with a particular focus on the issue of location tracking. The Digital Due Process Coalition—which includes the ACLU, the Electronic Frontier Foundation, and the American Library Association, as well as leading academics and major companies like Google, Microsoft, and Facebook—have called on Congress to increase protection of private online communications and require a warrant based on probable cause for all location tracking. The ACLU believes additional important protections for ECPA should include reporting requirements (disclosing when content and location-based searches are conducted), provisions barring the use of information collected illegally, and heightened protections for sensitive records that reveal information like reading habits or associational information.
Several members of Congress have introduced legislation to address growing concerns over online privacy. In May 2011, Senate Judiciary Committee Chairman Patrick Leahy, D. Vt., took a significant step toward updating ECPA and introduced the Electronic Communications Privacy Act Amendments Act of 2011. Additionally, Sen. Ron Wyden, D. Ore., and Rep. Jason Chaffetz, R. Utah, have introduced the Geolocational Surveillance and Privacy (GPS) Act to establish clear protections for Americans’ location information. The bill would require law enforcement to obtain a warrant based on probable cause before accessing any location information. In addition to restricting law enforcement’s access to personal information, these bills would also regulate the use of this information by businesses.
The Founding Fathers recognized that participants in a democracy need privacy for their “persons, houses, papers, and effects.” That remains as true today as ever. But privacy laws have not kept up as technology has changed the way Americans hold their personal information. Outdated laws allow law enforcement to circumvent the right to privacy, probe personal communications and track an individual’s whereabouts without any evidence of wrongdoing. In many circumstances, such a weak statutory scheme has a disproportionate impact on racial minorities and people who may hold unpopular beliefs. Updating privacy laws to require a warrant for access to sensitive personal information will ensure that police are following proper investigative guidelines and help to guard against profiling. It’s important to update ECPA in order to maintain the robust privacy protections all Americans expect and deserve.
Christopher Calabrese is the legislative counsel for privacy issues at the American Civil Liberties Union (ACLU). He co-chairs The Leadership Conference Task Force on Media and Telecommunications. Sandra Fulton is a legislative assistant at the ACLU focusing on privacy issues.