US DOJ Say They Don't Need Warrants For E-Mail, Chats

gannebraemorr writes "The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail."

Fourth Amendment

[Anonymous Coward]

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Oh wait!

[Anonymous Coward]

Maybe we should create an amendment to the constitution that makes this issue more clear regarding illegal search.

Oh, wait... http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

well then maybe we should create a law that clarifies the position a bit further

Oh, wait.. http://www.justice.gov/opcl/privstat.htm

ok, well maybe we will have courts decide that emails are personal property

Oh, wait... http://wiki.answers.com/Q/Are_emails_personal_property

when/where does it end?

Re:Fourth Amendment

[CanHasDIY]

And the entirety of the 4th amendment is eliminated by storing your data on somebody else's system since it's no longer considered part of YOUR "persons, houses, papers, and effects"

Still like "the cloud"?

Bullshit - my papers and effects are my papers and effects, regardless of where I keep them.

Could you imagine how hard it would be for banks to sell safety deposit space, if there was no guarantee other people weren't able to rifle through your shit?

Yes, but...

[Zcar]

Yes, those all apply to email in your possession. But, not necessarily to those stored with third parties. It's called the Third Party Doctrine.

http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/ [abajournal.com]

In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.

Re:Anonymous

[homey of my owney]

Really. Carnivore [wikipedia.org] has been around for 15 years.

Re:Fourth Amendment

[anagama]

Bullshit - my papers and effects are my papers and effects, regardless of where I keep them.

This should not be labeled informative because it is likely to get people into serious shit.

Under the third-party records doctrine, a person cannot assert a Fourth Amendment interest in information knowingly provided to a third party. If strict application of the doctrine ever served us well, it no longer does, leading to absurd results. This is particularly true in an age where so much more information is communicated through intermediaries. ....

http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/ [abajournal.com]

The doctrine holds that law enforcement does not need a warrant to search and seize information lawfully held by third parties, such as online file hosting services like Dropbox or online email providers like Gmail. Nojeim argues that the third-party records doctrine is outdated and an ill-suited legal standard for today's digital world. For example, people can use physical storage lockers rented out to them by a third party -- that is, a locker rental company -- and retain a warrant protection for their property stored in the lockers. However, if people use an online storage service provided by a third party, their warrant protection is lost.

https://www.cdt.org/blogs/suchismita-pahi/0108whats-wrong-third-party-doctrine-and-einstein-30 [cdt.org]

Re:Fourth Amendment

[netwarerip]

Coming from a former bank guy, they don't have keys to the customer's lock. They do, however, have a maintenance guy with a powerful drill.

Re:Fourth Amendment

[blueg3]

So, by you, police do not need a warrant to search your apartment? After all, your apartment is not YOURS.

Not true, actually. In the US, a renter has the right of possession of his apartment but not the right of ownership. Thus your apartment is "yours" in a legally meaningful sense. (It is also, in another sense, the owner's.) The owner has the right of ownership but not of possession (he's rented that right out to the renter). As such, in many states, it's illegal for the owner to enter the apartment without the renter's permission.

Re:Second Amendment

[Anonymous Coward]

Yes. And there's no violation of the 4th Amendment if you willingly wave that right and say, "Come right on in and look around!" The 4th is only about coerced searches.

This was modded up?

The searches in Boston weren't "consensual" by any definition of the word. Luckily, people took videos of the police, even if in their disarmed state they couldn't stand up to them. The police were showing up with a SWAT team, banging on the door, holding the person who answered outside at gunpoint, and searching the houses. On the street even more SWAT team members waited in a tank with guns aimed at people visible through windows - including the person taking the video.

But go ahead, explain to me how that's not a "coerced" search.

And then the people cheered the police over this behavior - literally, there were people in the streets thanking the police for stripping them of their Constitutional rights. It's absolutely sickening and a perfect example of why the OP is absolutely right. People need to stand up for their rights against a police force that does not hesitate to use excessive force against their own population.

Key management

[Anonymous Coward]

All we need is email programs that perform a Diffie-Hellman key exchange during the first few emails you exchange with anybody

As always, the hardest part of practical cryptography is key management. What you are talking about is opportunistic encryption [wikipedia.org]. It won't actually prevent decryption but it will force the attacker to do an active Man-In-The-Middle attack, which can be detected after the fact.

This should be the default mode of operation for PGP mail. Whenever you send an email it should append your public key into the headers. As soon as your interlocutor responds, he can encrypt his reply and sign with his own public key, so all messages but the first one are encrypted. It should just work, nothing should be exposed to the user except a small keylock, which he can click if he's so inclined and verify things like key thumbprint etc. to detect tampering and/or explore full PGP functionality.

For an environment such as webmail, this still offers zero security: you either keep the private key on the server, or you do the encryption operations on the clients's side. Since Javascript run-time a href=http://www.matasano.com/articles/javascript-cryptography/>is malleable it's very easy to retrieve the private key or the plain text back from the user when the government asks you.

Re:Fourth Amendment

[PhxBlue]

Because the government hates competition.

Re:Fourth Amendment

[Zcar]

Because they don't have access to the contents as part of the ordinary course of maintaining it, thus it's still protected. In fact, many of the procedures around safety deposit boxes are, at least in part, designed such that they keep the bank from being a third party under the doctrine. They never see what you put in it, etc.