No warrant, no problem: How the government can get your digital data

From subpoenas to secret court orders, the US government has an arsenal of legal tools for sweeping up your personal data

Update, July 22, 2013:
This post has been updated to include the New Jersey Supreme Court’s recent ruling on location data. It was originally published on Dec. 4, 2012.
 

The government isn't allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI to the Internal Revenue Service, to snoop on the digital trails you create every day. Authorities can often obtain your emails and texts by going to Google or AT&T with a simple subpoena that doesn’t require showing probable cause of a crime. And recent revelations about classified National Security Agency surveillance programs show that the government is regularly sweeping up data on Americans’ telephone calls and has the capability to access emails, files, online chats and other data — all under secret oversight by a special federal court.
 

The breadth of and justification for the surveillance are the subjects of ongoing debate in Washington. President Obama and others have defended the programs as necessary to identify terrorists and stop attacks before they happen, but privacy advocates and several U.S. lawmakers have questioned them.

Here's a look at what the government can get from you and the legal framework behind its power:
 

Stuff They Can Get

How They Get It

What the Law Says

Listening to your phone calls without a judge's warrant is illegal if you're a U.S. citizen. But police don't need a warrant — which requires showing "probable cause" of a crime — to get just the numbers for incoming and outgoing calls from phone carriers. Instead, police can get courts to sign off on a subpoena, which only requires that the data they're after is relevant to an investigation — a lesser standard of evidence. The FBI can also request a secret court order for phone records related to an international terrorism or spying investigation without showing probable cause. A recent order obtained by the Guardian newspaper shows that the FBI in April requested all phone records over a three-month period from Verizon Business Network Services. Director of National Intelligence James R. Clapper said in a statement that such orders are renewed by the court every 90 days. And similar ordersreportedly exist for other phone companies, including AT&T, Sprint and Bell South. The phone records being collected are for what’s called “metadata” — time, duration, numbers called — but not the content of calls, which President Obama, in defending the surveillance, said would require a judge’s consent.

 

Police can get phone records without a warrant thanks to a 1979 Supreme Court ruling, Smith v. Maryland, which found that the Constitution's Fourth Amendment protection against unreasonable search and seizure doesn't apply to a list of phone numbers. The New York Times reported last November that New York's police department "has quietly amassed a trove" of call records by routinely issuing subpoenas for them from phones that had been reported stolen. According to the Times, the records "could conceivably be used for any investigative purpose." The Foreign Intelligence Surveillance Act, which Congress expanded in 2001 when it passed the Patriot Act, also allows the FBI to apply for a FISA court order to get “any tangible things (including books, records, papers, documents, and other items).” The FISA court ruled on May 24, 2006, that this provision applied to a phone company’s entire call database, according to the Washington Post. (The phone companies had previously handed over the data voluntarily, the Post reported, but grew nervous after The New York Times published a story on the Bush administration’s warrantless wiretapping program in 2005.) The court order for Verizon obtained by the Guardian — which covers all records from April 25 to July 19 — is much more expansive than a typical warrant or subpoena, said Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation. It covers “telephone metadata … for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.” In a statement, Clapper’s office said the government can’t query the metadata it has collected unless there is a “reasonable suspicion” it is associated with a specific foreign terror group. That happened fewer than 300 times last year, the statement said, adding that the data is destroyed after five years.

 


Many cell phone carriers provide authorities with a phone's location and may charge a fee for doing so. Cell towers track where your phone is at any moment; so can the GPS features in some smartphones. The major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests for cell phone locations, text messages and other data in 2011. Internet service providers can also provide location data that tracks users via their computer's IP address — a unique number assigned to each computer. In addition, the NSA has the authority to collect location data from phone companies, along with other “metadata,” according to the statement from Clapper’s office, but the agency chooses not to do so.

 

Many courts have ruled that police don't need a warrant from a judge to get cell phone location data. They only have to show that, under the federal Electronic Communications Privacy Act (EPCA), the data contains "specific and articulable facts" related to an investigation — again, a lesser standard than probable cause. In July, Maine became the second state, after Montana, to require police to obtain a warrant for location data; Gov. Jerry Brown of California, a Democrat, vetoed a similar measure last year. Sens. Patrick Leahy, a Vermont Democrat, and Mike Lee, a Utah Republican, introduced a bill in March that would have updated the ECPA but would not change how location data is treated. Rep. Zoe Lofgren, a California Democrat, introduced a separate bill in the House that would require a warrant for location data as well as emails. The New Jersey Supreme Court also ruled in July that police needed a warrant for location data, and the United States Court of Appeals for the Fourth Circuit in Richmond, Va., is currently weighing a similar case.


Google, Yahoo, Microsoft and other webmail providers accumulate massive amounts of data about our digital wanderings. A warrant is needed for access to some emails (see below), but not for the IP addresses of the computers used to log into your mail account or surf the Web. According to the American Civil Liberties Union, those records are kept for at least a year. The NSA also runs a program called Marina designed to sweep up Internet “metadata,” or “digital network information,” according to the Washington Post. Whether that includes IP addresses is unclear.

 

Police can thank U.S. v. Forrester, a case involving two men trying to set up a drug lab in California, for the ease of access. In the 2007 case, the government successfully argued that tracking IP addresses was no different than installing a device to track every telephone number dialed by a given phone (which is legal). Police only need a court to sign off on a subpoena certifying that the data they're after is relevant to an investigation — the same standard as for cell phone records. FISA also allows the FBI to apply for a secret court order to get “any tangible things (including books, records, papers, documents, and other items)” relevant to an international terrorism or spying investigation.


There's a double standard when it comes to email, one of the most-requested types of data. A warrant generally is needed to get recent emails, but law enforcement can obtain older ones with only a subpoena. Google says it received 16,407 requests for data — including emails sent through its Gmail service — from U.S. law enforcement in 2012. And Microsoft, with its Outlook email service, disclosed in March that it had received 11,073 requests for data last year. Other email providers, such as Yahoo, have not made similar statistics available. In January, Google said that it would lobby in favor of greater protections for email. The National Security Agency also obtains emails from companies such as Microsoft, Google, Yahoo and AOL under a program called Prism, as revealed by The Washington Postand the Guardian. Clapper has said the program does not target U.S. citizens or anyone in the country.

 

This is another area where the ECPA comes into play. The law gives greater protection to recent messages than to older ones, based on a 180-day cutoff. Only a subpoena is required for emails older than that; otherwise, a warrant is necessary. This extends to authorities beyond the FBI and the police. I.R.S. documents released in April by the American Civil Liberties Union suggest that the I.R.S.’ Criminal Tax Division reads emails without obtaining a warrant. The ECPA update bills introduced by Leahy and Lee in the Senate and Lofgren in the House would require a warrant for the authorities to get all emails regardless of age. The Justice Department, which had objected to such a change, said in March that it doesn’t any longer. Clapper has said the Prism program is legal under Section 702 of the FISA Amendments Act of 2008, which lays out how intelligence agencies may spy on non-U.S. citizens abroad. Under “limitations,” the section says the surveillance “may not intentionally target a United States person reasonably believed to be located outside the United States” and “shall be conducted in a manner consistent” with the Fourth Amendment’s protections against unreasonable search and seizure.

 


Communicating through draft emails, à la David Petraeus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent emails because the law treats them differently. Under the NSA’s Prism program, drafts presumably would be accessible along with other emails and files kept by companies such as Google, Microsoft, Yahoo and AOL.

 

The ECPA distinguishes between communications — emails, texts, etc. — and stored electronic data. Draft emails fall into the latter, which get less protection under the law. Authorities need only a subpoena for them. The bills introduced by Leahy and Lee in the Senate and Lofgren in the House would change that by requiring a warrant to obtain email drafts. In defending the Prism program, President Obama has said it does not target email accounts of U.S. citizens or permanent residents.

 


Investigators need only a subpoena, not a warrant, to get text messages more than 180 days old from a cell provider — the same standard as emails. Many carriers charge authorities a fee to provide texts and other information. For texts, Sprint charges $30, for example, while Verizon charges $50.

 

The ECPA also applies to text messages, according to the EFF’s Fakhoury, which is why the rules are similar to those governing emails. But the ECPA doesn't apply when it comes to actually reading texts on someone's phone rather than getting them from a carrier. State courts have split on that issue. Ohio's Supreme Court has ruled that police need a warrant to view the contents of cell phones of people who've been arrested, including texts. But the California Supreme Court has said no warrant is needed. The U.S. Supreme Court in 2010 declined to clear up the matter.

 


Authorities typically need only a subpoena to get data from Google Drive, Dropbox, SkyDrive and other services that allow users to store data on their servers, or "in the cloud," as it's known. The NSA is also gathering “stored data” from companies like Google, according to an NSA PowerPoint briefing obtained by the Washington Post and the Guardian. Clapper has said only non-U.S. citizens abroad are targeted.

 

The law treats cloud data the same as draft emails — authorities don't need a warrant to get it. But files that you've shared with others — say, a collaboration using Google Docs — might require a warrant under the ECPA if it's considered "communication" rather than stored data. "That's a very hard rule to apply," says Greg Nojeim, a senior counsel with the Center for Democracy& Technology. "It actually makes no sense for the way we communicate today." If cloud data is covered by FISA — which seems likely, as the law specifically states that “documents” are included — it would let the FBI request a secret court order for data deemed relevant to international terrorism or spying investigations.

 


When it comes to sites like Facebook, Twitter and LinkedIn, the social networks' privacy policies dictate how cooperative they are in handing over users' data. Facebook says it requires a warrant from a judge to disclose a user's "messages, photos, videos, wall posts, and location information." But it will supply basic information, such as a user's email address or the IP addresses of the computers from which someone recently accessed an account, under a subpoena. Twitter has reported that it received 1,494 requests for user information from U.S. authorities in 2012. The company says it received 60 percent of requests in the second half of 2012 through subpoenas, 11 percent through other court others, 19 percent through search warrants and 10 percent through other means. Twitter says that "non-public information about Twitter users is not released except as lawfully required by appropriate legal process such as a subpoena, court order, or other valid legal process." The NSA is also gathering data from social media from companies such as Facebook, YouTube and Paltalk as part of its Prism program, according to the NSA PowerPoint briefing. Clapper has said only non-U.S. citizens abroad are targeted.

Courts haven't issued a definitive ruling on social media. In September, a Manhattan Criminal Court judge upheld a prosecutor's subpoena for information from Twitter about an Occupy Wall Street protester arrested on the Brooklyn Bridge in 2011. It was the first time a judge had allowed prosecutors to use a subpoena to get information from Twitter rather than forcing them to get a warrant; the case is ongoing.

 


Courtesy: ProPublica.org

  • User

    When Detroit, the world's traditional auto capital, files for bankruptcy

    Detroit's bankruptcy, the largest municipal bankruptcy filing in the US followed a declaration of financial emergency in March 2013. New York Times call Detroit as 'home to 700,000 people, as well as to tens of thousands of abandoned buildings, vacant lots and unlit streets'

    Detroit city, better known as the world's traditional automotive centre, has become the largest city ever in the US to move for bankruptcy, with a liability running into $18 billion.

     

    Detroit, which at one time had a population of about two million, has now reduced to just 70,000. However, the city's debt and unfunded liabilities has grown to over $18 billion. Detroit does not have the revenues to meet those obligations and provide an adequate level of services to its people, who pay the highest taxes per capita in Michigan.

     

    In a video message posted on a website, Michigan Governor Rick Snyder said, “Today I authorised Detroit’s emergency manager to seek federal bankruptcy protection for the City of Detroit. This is a difficult, painful step, and it is one I would not be authorising if I felt any other viable option remained”. 

     

    In 2010, the city had a population of 713,777, more than a 60% drop down from a peak population of over 1.8 million at the 1950 census, indicating a serious and long-running decline of Detroit's economic strength.

     

    “The fiscal realities confronting Detroit have been ignored for too long. I’m making this tough decision so the people of Detroit will have the basic services they deserve and so we can start to put Detroit on a solid financial footing that will allow it to grow and prosper in the future,” the Governor said.

     

    The decision allowed Detroit Emergency Manager Kevyn Orr to make a filing under Chapter 9 of the Federal Bankruptcy Law.

     

    Chapter 9 protects financially distressed municipalities from creditors while their debts are resolved under the direction of a bankruptcy judge.

     

    The ongoing decline has left its mark on the city, most notably in severe urban decay and thousands of empty homes, apartment buildings, and commercial buildings around the city.

     

    More than half of the owners of Detroit's 305,000 properties failed to pay their 2011 tax bills, exacerbating the city's financial crisis.

     

    The resulting elevated unemployment was compounded by white flight and middle-class flight to the suburbs (and in some cases to other states), and the city was left with a reduced tax base, depressed property values, abandoned buildings, abandoned neighbourhoods, high crime rates, and a pronounced demographic imbalance.

     

    The state governor declared a financial emergency in March 2013, appointing an emergency manager.

     

    “Bankruptcy is the only feasible option to fix the city’s finances and do what is right for the 700,000 people of Detroit,” Snyder said.

     

    A White House spokeswoman said, “the US President and members of the President’s senior team continue to closely monitor the situation in Detroit.”

  • User

    Using outdated data, FEMA is wrongly placing homeowners in flood zones

    Homeowners in the US have to bear the cost of fixing the Federal Emergency Management Agency or FEMA's mistakes

    When Donna Edgar found out that new flood maps from the Federal Emergency Management Agency (FEMA) would place her house in a high-risk flood zone, she couldn’t believe it.
     

    Her home, on the ranch she and her husband own in Texas hill country about 60 miles north of Austin, sits well back from the nearby Lampasas River.
     

    “Her house is on a hill,” said Herb Darling, the director of environmental services for Burnet County, where Edgar lives. “There’s no way it’s going to flood.”
     

    Yet the maps, released last year, placed the Edgars in what FEMA calls a “special flood hazard area.” Homeowners in such areas are often required, and always encouraged, to buy federal flood insurance, which the Edgars did.
     

    FEMA eventually admitted the maps were wrong. But it took Edgar half a dozen engineers (many of whom volunteered their time), almost $1,000 of her own money and what she called an “ungodly number of hours” of research and phone calls over the course of a year to prove it.
     

    Edgars is far from alone.
     

    From Maine to Oregon, local floodplain managers say FEMA’s recent flood maps — which dictate the premiums that 5.5 million Americans pay for flood insurance — have often been built using outdated, inaccurate data. Homeowners, in turn, have to bear the cost of fixing FEMA’s mistakes.
     

    “It’s been a mess,” Darling said. “It’s been a headache for a lot of people.”
     

    Joseph Young, Maine’s floodplain mapping coordinator, said his office gets calls “almost on a daily basis” from homeowners who say they’ve been mapped in high-risk flood areas in error. More often than not, he said, their complaints have merit. “There’s a lot of people who have a new map that’s unreliable,” he said.
     

    Maps built with out-of-date data can also result in homeowners at risk of flooding not knowing the threat they face.
     

    FEMA is currently finalizing new maps for Fargo, N.D., yet the maps don’t include any recent flood data, said April Walker, the city engineer, including from when the Red River overran its banks in 1997, 2009 and 2011. Those floods were the worst in Fargo’s history.
     

    Fargo has more recent data, Walker said, but FEMA hasn’t incorporated it.
     

    It’s unclear exactly how many new maps FEMA has issued in recent years are at least partly based on older data. While FEMA’s website allows anybody to look-up flood maps for their areas, the agency’s maps don’t show the age of the underlying data.
     

    FEMA’s director of risk analysis, Doug Bellomo, said it was “very rare” for the agency to digitize the old paper flood maps without updating some of the data. “We really don’t go down the road” of simply digitizing old maps, he said.
     

    FEMA did not respond to questions about the maps for Fargo or other specific areas.
     

    State and local floodplain officials pointed to examples where FEMA had issued new maps based at least in part on outdated data. The reason, they said, wasn’t complicated.
     

    “Not enough funding, pure and simple,” Young said.
     

    Using new technology, FEMA today is able to gather far more accurate elevation data than it could in the 1970s and 1980s, when most of the old flood maps were made. Lidar, in which airplanes map terrain by firing laser pulses at the ground, can provide data that’s 10 times more accurate than the old methods.
     

    Lidar is also expensive. Yet as we’ve reported, Congress, with the support of the White House, has actually cut map funding by more than half since 2010, from $221 million down to $100 million this year.
     

    With limited funding, FEMA has concentrated on updating maps for the populated areas along the coasts. In rural areas, “it’s sort of a necessary evil to reissue maps with older data on them,” said Sally McConkey, an engineer with the Illinois State Water Survey at the University of Illinois at Urbana-Champaign, which has a contract with FEMA to produce flood maps in the state.
     

    When old maps are digitized, mapmakers try to match up road intersections visible on them with the ones seen in modern satellite imagery (similar to what you can see using Google Earth). But the old maps and the new imagery don’t always line up correctly, leading to what Alan R. Lulloff, the science services program director with the Association of State Floodplain Managers, called a “warping” effect.
     

    “It can show areas that are actually on high ground as being in the flood hazard area when they’re not,” he said. “That’s the biggest problem.”
     

    When FEMA issued new maps last year for Livingston Parish in Louisiana, near Baton Rouge, they included new elevation data. But the flood studies, said Eddie Aydell III, the chief engineer with Alvin Fairburn in Denham Springs, La., who examined the maps, were “a conglomeration of many different ancient engineering studies” dating from the 1980s to 2001. The mapmakers did not match up the new elevation data with the older data correctly, he said, making structures in the parish seem lower than they really are.
     

    “It’s going to be a nightmare for the residents of our parish,” he said.
     

    Bonnie Marston’s parents, Jim and Glynda Childs, moved to Andover, Maine, where Marston lives with her husband, in 2010 with the intention of building a house. But when they applied for a loan the bank told them that FEMA’s new flood maps for the county, issued the year before, had placed the land on which they planned to build in a special flood hazard area. The cost: a $3,200 annual flood insurance bill, which the Childs had to pay upfront.
     

    Marston spent about $1,400 to hire a surveyor, who concluded her parents did not belong in a special flood hazard area. FEMA eventually removed the requirement for them to buy flood insurance — though it didn’t actually update the map. The bank refunded the flood insurance premium, but Marston said FEMA wouldn’t refund the cost of the survey.
     

    “In my mind it’s a huge rip-off,” Marston said.
     

    Edgar, 68, a retired IBM software developer, said she couldn’t understand why FEMA thought her house was suddenly at risk of flooding. When she called FEMA and asked, she said the agency couldn’t tell her.
     

    “They just said, ‘You need to buy flood insurance,’” she said, and told her she could apply for what’s known as a letter of map amendment if she thought she’d been mapped into a special flood hazard area in error. She worried that being in a high-risk flood area would diminish the value of her home.
     

    Her husband, Thomas, a professor of chemical engineering at the University of Texas at Austin, knew David R. Maidment, a civil engineering professor there who is an expert on flood insurance mapping. While she hired a surveyor and wrangled with FEMA, Maidment and several of his Ph.D. students drove up to the ranch to study it as a class project.
     

    The experience, Maidment said, showed him “in a very small microcosm” the importance of using up-to-date elevation data in new maps. The Texas state government paid to map Burnet County, where the Edgars’ ranch is located, in 2011 using lidar. But FEMA’s new maps for the county don’t include the lidar data.
     

    FEMA removed the Edgars from the special flood hazard area in March, but again it hasn’t actually changed the maps. Letters of map amendment acknowledge that FEMA’s maps were incorrect without actually changing them. While the Edgars don’t have to buy flood insurance, the new, inaccurate maps remain.
     

    Darling, the county’s director of environmental services, said he had gotten calls from dozens of homeowners with similar complaints about the new flood maps.
     

    “We’ve still got ‘em coming in,” he said.
     

    The contractor that created the new maps appeared to have taken shortcuts in drawing them, Darling said. Without new lidar data, he added, issuing a new map is “just a waste of money.”
     

    The experience, Edgar said, had left her feeling deeply frustrated, as a both homeowner and a taxpayer. FEMA hasn’t reimbursed her for the surveying costs or for the flood insurance premium she and her husband paid. “It falls to the homeowner to hire a professional engineer and pay” hundreds, even thousands, “to disprove what I would call their shoddy work,” she said. “I don’t think that’s fair.”
     

    Courtesy: ProPublica.org

  • Like this story? Get our top stories by email.

    User

    COMMENTS

    nagesh kini

    6 years ago

    QED -
    Even the Yankees can goof!
    In Mumbai you'd find the high and distant Malabar Hill in the High Risk Flood Zone.
    Thank God our BMC and Disaster Mgmt. Authorities still work on British era manual mapping, many of which 'go missing' as the Mumbai Mun. Com. found recently after the Mahim Altaf Mansion crash, even Taj Hotel plans are not traceable!

    We are listening!

    Solve the equation and enter in the Captcha field.
      Loading...
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email

    BUY NOW

    online financial advisory
    Pathbreakers
    Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
    online financia advisory
    The Scam
    24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
    Moneylife Online Magazine
    Fiercely independent and pro-consumer information on personal finance
    financial magazines online
    Stockletters in 3 Flavours
    Outstanding research that beats mutual funds year after year
    financial magazines in india
    MAS: Complete Online Financial Advisory
    (Includes Moneylife Online Magazine)
    FREE: Your Complete Family Record Book
    Keep all the Personal and Financial Details of You & Your Family. In One Place So That`s Its Easy for Anyone to Find Anytime
    We promise not to share your email id with anyone