IRS Can Read Your Email Without Warrant

kodiaktau writes "The ACLU has issued a FOIA request to determine whether the IRS gets warrants before reading taxpayers' email. The request is based on the antiquated Electronic Communication Protection Act — federal agencies can and do request and read email that is over 180 days old. The IRS response can be found at the ACLU's website. The IRS asserts that it can and will continue to make warrantless requests to ISPs to track down tax evasion. Quoting: 'The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 "Search Warrant Handbook" from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that "the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications." Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the "4th Amendment Does Not Protect Emails Stored on Server" and there is "No Privacy Expectation" in those emails.'"

It's sucks, but they're sorta' right.

[preflex]

Really, if you're not encrypting your email, you have no reasonable expectation of privacy. If your communications are in plaintext, being passed around from server to server in plaintext, it would be absolutely stupid to expect that would be in any way private. It's about as private as a postcard: no envelope, all information plainly visible to anyone that handles it..

Re:In other news...

[therealkevinkretz]

oops.

http://triblive.com/x/pittsburghtrib/news/pittsburgh/s_720838.html [triblive.com]

http://www.irs.gov/irm/part5/irm_05-017-013.html [irs.gov]

Advice from you, troll? No thanks.

[Anonymous Coward]

Especially after you trolled us 100's of times last month http://slashdot.org/comments.pl?sid=3581857&cid=43276741 [slashdot.org] in March 2013, but you forgot to submit that one as anonymous coward like you did all the others idiot, and instead you used your registered username here. You got played: You played yourself, moron.

Antiquated Legal Standard

[necro81]

The 180-day limit is based on an antiquated legal standard, the Electronic Communications Privacy Act [wikipedia.org], which was signed into law in 1986 - more than 25 years ago. At the time, email was still in its infancy, and "cloud"-based email providers like Yahoo, GMail, etc. simply didn't exist.

Efforts are underway [google.com] to update the act so that, among other things, law enforcement will need to obtain a warrant anytime they want to access email. But those updates aren't law yet, so the old statute still applies.

Re:Is it that hard to get a warrant?

[wierd_w]

Warrants, as defined in the constitution, must cite specific papers, and specific places. You can't get a constitutionally aboveboard warrant to go "fishing".

Since the government is looking for unidentified persons who may be infringing, so that can then identify and prosecute, they really can't get a warrant.

This is intentional. The limitations on how warrants work were *intended* to frustrate magistrates and government agents.

Making it "easier" for them is how you lose your freedoms.

Re:No expectation

[Sarten-X]

The IRS is using it in a legal sense, and they are wrong here. From a practical sense, one should not expect email to be confidential. From a legal aspect we should have that expectation.

I am not a lawyer, but this guy is [tumblr.com], and he illustrates well how email is not legally private.

Re:It's sucks, but they're sorta' right.

[Predius]

Clarification - In the US a service provider can view customer content on or transiting their equipment IF IT'S REQUIRED FOR NETWORK OPERATIONS. IE if there is a mail delivery problem an ISP IT monkey would be ok trolling through mailbox files looking at the smtp headers. Same ISP IT monkey would NOT be legally in the clear if he decided on a random Tuesday to read customer Bob's email for fun. If he went further and acted on the contents of Bob's email he'd really be setting himself up for a legal hurting.

Re:Okay, so, just to be clear...

[eugene6]

If postal mail passes through an IRS person's hands for some legal reason, I believe they are legally entitled to read all the postcards in your mail, as there is no expectation of privacy on them, given that they're postcards. Email is the same way: the contents are naked, written on the side of the packets for anyone on a given network segment to view if the traffic comes their way. Just as we put mail in envelopes, we should encrypt our email if it's not for anyone and everyone to read if they happen to be standing "near" it when it goes by.

Re: Okay, so, just to be clear...

[Anonymous Coward]

It started with the "no reasonable expectation of privacy" doctrine, handed down by courts in years past, that actually made some kind of sense at the time. You can't (easily) stop someone from seeing you in public or who you might be with, etc.

All well and good, except that the doctrine has been abused beyond belief where technology is concerned, and the Supreme Court is too cowardly or too intimidated to fix it.

If I see you walking down the street but we've never met, unless you do something to call attention to yourself, I'm probably not going to remember much about you after too long except in very general terms. It is possible for me to record my observations, but there is a lot of effort in that. It is possible for the police to follow me around when I'm in public, but that is a lot of effort and it is an insurmountable effort to try to do that to large groups of people. Even taking pictures or video, where the abuse of this doctrine started, still requires a lot of effort to make information out of hours of video or thousands of pictures.

Until we get things like GPS bugs, cell phone location data, facial and automatic license plate recognition, etc. Here is the abuse writ large. It is now possible to have a searchable record of the whereabouts of people you didn't know you were looking for at the time. So....you may not be invisible in public, but do you have a right to not be thoroughly identified, tracked, and data mined? I think so. A lot of people do. The law is still very backwards in this and stubbornly avoids the question of whether the original doctrine is fatally flawed because we are humans in a human world being stalked by non humans with unknown and unannounced abilities.

The email problem is that the text of an unencrypted email can be read by anybody in the line of transmission. Postcards are similar. If I'm holding it I could read it. There isn't an expectation of privacy or secrecy there, though I at least would argue that I have reason to believe the US mail isn't constantly being spied on. It is not, or was not, practical to image every postcard in the mail system though. It is totally possible to capture every single email that goes by. Again, abuse of doctrine which was written before these things were practical at any scale.

Something's got to give, and it's got to give in favor of humans and against the subhumans and their machines who want to violate our privacy at every turn.