How the government can get your computer data without a warrant

Listening to your phone calls without a judge's warrant is illegal if you're a U.S. citizen. But police don't need a warrant — which requires showing "probable cause" of a crime — to get just the numbers for incoming and outgoing calls from phone carriers. Instead, police can get courts to sign off on a subpoena, which only requires that the data they're after is relevant to an investigation — a lesser standard of evidence.
The FBI can also request a secret court order for phone records related to an international terrorism or spying investigation without showing probable cause. A recent court order obtained by the Guardian newspaper shows that the FBI requested all phone records over a three-month period from Verizon Business Network Services in April. The order was signed by Judge Roger Vinson of the Federal Intelligence Surveillance Court, which operates in secrecy.
“This has been going on for seven years under the auspices of the FISA authority, and every member of the United States Senate has been advised of this,” said Sen. Saxby Chambliss, a Georgia Republican and the vice chair of the Senate Select Committee on Intelligence. Director of National Intelligence James R. Clapper said in a statement that such orders are renewed by the court every 90 days. The records do not include the content of calls, which President Obama, in defending the surveillance, said would require a judge’s consent.
Many cell phone carriers provide authorities with a phone's location and may charge a fee for doing so. Cell towers track where your phone is at any moment; so can the GPS features in some smartphones. The major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests for cell phone locations, text messages and other data in 2011. Internet service providers can also provide location data that tracks users via their computer's IP address — a unique number assigned to each computer. In addition, the FBI has applied for court orders from the FISA court that direct phone companies to release location data — along with other “metadata” such as the time and duration of calls — deemed relevant to an international terrorism or spying investigation.
Google, Yahoo, Microsoft and other webmail providers accumulate massive amounts of data about our digital wanderings. A warrant is needed for access to some emails (see below), but not for the IP addresses of the computers used to log into your mail account or surf the Web. According to the American Civil Liberties Union, those records are kept for at least a year.
There's a double standard when it comes to email, one of the most-requested types of data. A warrant generally is needed to get recent emails, but law enforcement can obtain older ones with only a subpoena. Google says it received 16,407 requests for data — including emails sent through its Gmail service — from U.S. law enforcement in 2012. And Microsoft, with its Outlook email service, disclosed in March that it had received 11,073 requests for data last year. Other email providers, such as Yahoo, have not made similar statistics available. In January, Google said that it would lobby in favor of greater protections for email. The National Security Agency also obtains emails from companies such as Microsoft, Google, Yahoo and AOL under a program called Prism, as revealed by The Washington Postand the Guardian. Clapper has said the program does not target U.S. citizens or anyone in the country.
Communicating through draft emails, à la David Petreaus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent emails because the law treats them differently. Under the NSA’s Prism program, drafts presumably would be accessible along with other emails and files kept by companies such as Google, Microsoft, Yahoo and AOL.
Investigators need only a subpoena, not a warrant, to get text messages more than 180 days old from a cell provider — the same standard as emails. Many carriers charge authorities a fee to provide texts and other information. For texts, Sprint charges $30, for example, while Verizon charges $50.
Authorities typically need only a subpoena to get data from Google Drive, Dropbox, SkyDrive and other services that allow users to store data on their servers, or "in the cloud," as it's known. The NSA is also gathering “stored data” from companies like Google, according to an NSA PowerPoint briefing obtained by the Washington Post and the Guardian. Clapper has said only non-U.S. citizens abroad are targeted.
When it comes to sites like Facebook, Twitter and LinkedIn, the social networks' privacy policies dictate how cooperative they are in handing over users' data. Facebook says it requires a warrant from a judge to disclose a user's "messages, photos, videos, wall posts, and location information." But it will supply basic information, such as a user's email address or the IP addresses of the computers from which someone recently accessed an account, under a subpoena.
Twitter has reported that it received 1,494 requests for user information from U.S. authorities in 2012. The company says it received 60 percent of requests in the second half of 2012 through subpoenas, 11 percent through other court others, 19 percent through search warrants and 10 percent through other means. Twitter says that "non-public information about Twitter users is not released except as lawfully required by appropriate legal process such as a subpoena, court order, or other valid legal process." The NSA is also gathering data from social media from companies such as Facebook, YouTube and Paltalk as part of its Prism program, according to the NSA PowerPoint briefing. Clapper has said only non-U.S. citizens abroad are targeted.
Police can get phone records without a warrant thanks to Smith v. Maryland, a 1979 Supreme Court ruling, which found that the Constitution's Fourth Amendment protection against unreasonable search and seizure doesn't apply to a list of phone numbers.
The New York Times reported last November that New York's police department "has quietly amassed a trove" of call records by routinely issuing subpoenas for them from phones that had been reported stolen. According to the Times, the records "could conceivably be used for any investigative purpose."
The Foreign Intelligence Surveillance Act, which Congress expanded in 2001 when it passed the Patriot Act, also allows the FBI to apply for a FISA court order to get “any tangible things (including books, records, papers, documents, and other items),” including phone records. For example, the court order obtained by the Guardian covers all records from April 25 to July 19, which Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, said was much more expansive than a typical warrant or subpoena. “I’ve never seen a subpoena that broad,” he said. The Verizon order covers “telephone metadata … for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.”
Many courts have ruled that police don't need a warrant from a judge to get cell phone location data. They only have to show that, under the federal Electronic Communications Privacy Act (EPCA), the data contains "specific and articulable facts" related to an investigation — again, a lesser standard than probable cause.
Delaware, Maryland and Oklahoma have proposed laws that would require police to obtain a warrant for location data; Gov. Jerry Brown of California, a Democrat, vetoed a similar measure last September. Last year, the Senate Judiciary Committee approved a bill championed by Sen. Patrick Leahy, a Vermont Democrat, which would have updated the ECPA but wouldn’t have changed how location data was treated. Leahy and Sen. Mike Lee, a Utah Republican, have introduced a similar bill in March. And Rep. Zoe Lofgren, a California Democrat, introduced a separate bill in the House that would require a warrant for location data as well as emails. Alarmed by recent disclosures of Vinson’s order, some members of Congress have called for hearings or briefings on the phone surveillance program.
Police can thank U.S. v. Forrester, a case involving two men trying to set up a drug lab in California, for the ease of access. In the 2007 case, the government successfully argued that tracking IP addresses was no different than installing a device to track every telephone number dialed by a given phone (which is legal). Police only need a court to sign off on a subpoena certifying that the data they're after is relevant to an investigation — the same standard as for cell phone records.
FISA also allows the FBI to apply for a secret court order to get “any tangible things (including books, records, papers, documents, and other items)” relevant to an international terrorism or spying investigation. It is unclear whether IP addresses are considered “tangible things.” The FISA court has issued legal opinions on how to interpret the law, but those opinions are classified secrets.
http://www.propublica.org/special/no-warrant-no-problem-how-the-government-can-still-get-your-digital-data