Late-Night Infomercials: Guaranteed to Extend the 4th Amendment or Your Money Back
TL;DR: Online accounts may now be afforded greater protection following the Sixth Circuit’s ruling in United States v. Warshak. The court, upholding a temporary injunction on e-mail searches extended the fourth amendment’s warrant requirements to messages stored on third-party servers.
Despite some users’ lax approach to safeguarding their identities, online accounts may now be afforded greater protection following the Sixth Circuit’s ruling in United States v. Warshak. The court, which upheld a temporary injunction on a fraud investigation involving the all-too-familiar late-night “Smilin Bob” infomercials, extended the fourth amendment’s warrant requirements to messages stored on third-party servers. The Sixth Circuit wrote:
“The ISP is the functional equivalent of a post office or a telephone company… The police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call—unless they get a warrant, that is.”[^1]
Prior to the ruling, the government could (and regularly did) obtain emails stored on third-party hosts like Gmail, without first needing to obtain a search warrant. In its decision, the district court declared the 1986 Stored Communications Act (SCA)1 unconstitutional on the grounds that it allowed what was tantamount to a traditional search, but without the required showing of probable cause. The court noted, “given the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection.”2
The SCA, written long before GMail’s all-you-can-eat storage was ever dreamed, required a warrant for any message stored on a third-party server for fewer than 180 days, but simply required a subpoena or court order for older messages or messages that had been previously downloaded by the user, thus denying the subject of the investigation both notice and the subsequent opportunity to contest the search itself. 3, 4
For the most part, the decision makes sense. As email moves from download-and-delete POP-based messages stored solely on a user’s computer to the nearly limitless IMAP, Exchange, or Web-based messaging that increasingly lives in the unseen cloud, neither opportunity to download nor time spent on server are very compelling standards to determine the level of privacy that should be afforded to a message or the showing of cause that should be required to compel a host to disclose its contents.
The decision, which tips a circuit split further in favor of extending the fourth amendment, should, at least in theory, lay the groundwork to grant such protections to other forms of information stored in the cloud. Such information may include calendars or contacts on the more obvious end of the spectrum, but may arguable be construed to cover wholesale cloud services like AWS, Salesforce, Rackspace, and Azure, a possibility not to be taken lightly following the WikiLeaks hosting scramble.
Surely the decision does not settle the issue outright, but it is the latest in a long march of much-needed rulings further blurring the legal distinctions between the world online and the world off, and as persuasively written as it is, is likely to prove influential as both law and technology continue to evolve side by side.
If you enjoyed this post, you might also enjoy:
- Will Federal Contracting Officers Soon Have Their Heads in the Clouds?
- Why everything should have a URL
- Why open source
- Everything a government attorney needs to know about open source software licensing
- 15 rules for communicating at GitHub
- 19 reasons why technologists don't want to work at your government agency
- Leaders show their work
- The Files "in" the Computer -- Zoolander and the California Supreme Court
- How I re-over-engineered my home network for privacy and security
- Everything an open source maintainer might need to know about open source licensing
- Five best practices in open source: external engagement
Ben Balter is Chief of Staff for Security at GitHub, the world’s largest software development platform. Previously, as a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development. More about the author →