Advice from Middle Aged Female Tech

Hollyecho Montgomery - 812-779-6088

Women's Computer Consulting

I have been in the industry with my own company since 1994. The entire time I have worked in this field there have been very few times any two techs ever agree completely. The advice I give here is based on my experiences, testing, and what I know works.

Today’s Subject: Can the Feds Read Your Email

You might be shocked to learn that there's very little to prevent government snoops from peeking into your email. But a U.S. Senate committee has just approved greater protection against surreptitious and warrantless searches of people’s electronic communications. Here's what you need to know about email privacy...

New Protections for Online Privacy on the Horizon

The Leahy-Lee Amendment to the Electronic Communications Privacy Act of 1986 (ECPA) is being hailed as a breakthrough by privacy advocates, but it still faces hurdles before it can become law, and leaves a few loopholes for law enforcement. Even if it becomes law, it may be overridden by the contentious CISPA bill that seeks to expand government cyber sleuthing powers.

Currently, the ECPA allows "warrantless demands" for electronic communications (email, Facebook, Twitter, etc.) -- if such communications have been read by the intended recipients OR if they have not been accessed for more than six months. To obtain unread communications less than six months old requires a warrant to be issued by a judge.

Email Privacy Laws

That's not to say that anyone in government or law enforcement can simply take a peek into your email at any time. But most people think the Feds have more power than they should here. The situation now is this: a federal prosecutor need only issue a subpoena to a third-party service provider (Google, Microsoft, Facebook, Yahoo, etc.), without specifying probable cause or getting a judge to review it. The user need not be notified that such records are being sought. Even if a search warrant is required; the warrant is issued to the service provider, not the user.

The Leahy-Lee amendment would eliminate the “six months” rule, and requires a judge to agree that there is probable cause before issuing a warrant for the release of the information. And judges typically have a pretty high standard of proof in matters like this. It also requires the government to notify users of searches conducted pursuant to search warrants within ten days of obtaining such warrants. But there are two exceptions to that notification requirement.

The first is the infamous “National Security Letter,” an administrative subpoena authorized by the PATRIOT Act. A service provider who receives a NSL is prohibited from informing the affected user(s) that it is turning over records to the government, or even disclosing to anyone that it has received a NSL. A federal judge found NSLs to be unconstitutional prior restraint of speech in March 2013, but it remains to be seen whether that ruling will survive appeal.

The second exception allows delay of notification beyond ten days if it is necessary to avoid tipping off the subject of an investigation.

We're Not Quite There, Yet...

A third potential dilution, confusion, or potential outright nullification, of the Leahy-Lee Amendment is CISPA

the Cyber Intelligence Sharing and Protection Act that's currently under consideration. It contains a provision that makes it enforceable “notwithstanding any other provision of law.” CISPA ostensibly allows private businesses to share information about customers’ online activities and communications with each other and the government for the purpose of defeating or preventing hacker attacks. CISPA has been sent back to committee for revisions to provide more privacy protection. It appears dead for now, but could still be re-introduced at a later date.

The Leahy-Lee Amendment also forbids a service provider from “voluntarily disclosing the contents of its customers' email or other electronic communications to the government.” But yikes, why would they want to, unless it was to disclose some criminal activity to law enforcement? Hopefully, they're still allowed to do that, but it's not clear to me.

Here's the bottom line: Right now, a federal prosecutor can issue a subpoena to pry into any email you've already opened, or any unopened emails that are at least 6 months old. The Leahy-Lee Amendment changes that by requiring probable cause and a federal judge's approval.

If the bill makes it through the full Senate, is approved by the House, and signed by the President it will be a tenuous victory for privacy, with a few loopholes. If you're not a criminal or a terrorist, the Feds can no longer access your email without a judge's approval. Let's hope that happens soon.

Article based from Ask Bob Rankin –

I am always about saving money and not spending it on things you don't need to

Remember ANY questions, email me at: .