The Legal Tangles Of Data Collection

By Ellen Nakashima
Washington Post Staff Writer
Tuesday, January 16, 2007

When it comes to data collection, federal laws often have been outpaced by technology, critics say. And sometimes, the executive branch carves out its own exception.

Take eavesdropping.

U.S. law requires that law enforcement officials obtain a warrant to tap someone's phone or intercept e-mail. But President Bush, drawing on decades-old precedent, asserts that he has "inherent authority" to authorize agents to intercept electronic communications without a warrant in the interest of national security.

That is the rationale underpinning the National Security Agency's warrantless-wiretapping program. The new Democratic-run Congress has vowed to renew scrutiny of this program and others that involve collection and analysis of Americans' personal data.

Under the 1978 Foreign Intelligence Surveillance Act and Title III of the 1968 Omnibus Crime Control & Safe Streets Act, if the government wants to listen in on phone calls, it must have a warrant or wiretap order showing probable cause that the target is involved in criminal activity or in foreign intelligence or terrorist activity. A later law extended that standard to electronic communications.

But months after the Sept. 11, 2001, attacks, Bush secretly issued an executive order authorizing warrantless electronic intercepts for national security purposes -- even on U.S. citizens, as long as one party is suspected to be outside the country. This action is at the heart of several lawsuits against the government and telecommunications companies alleged to be collaborating with the government, charging that such eavesdropping is unlawful.

E-mail is a slightly different matter. The law makes a distinction between intercepting e-mail in transit and obtaining stored e-mail from a service provider's servers. The distinction made sense in the 1980s and early 1990s when downloaded e-mail often sat only on the user's computer. If the government wanted the records, it had to go to the e-mail recipient.

These days, most e-mail is held and stored by third parties. So the government claims the authority to read someone's most intimate communications, including stored chat sessions, by serving a subpoena -- no probable cause required. A person may never even know that this has been done, as there is no legal requirement for an Internet service provider to provide notice. In most cases where the government subpoenas the e-mail, it demands that the third party keep that fact confidential, at least for a while.

The same holds true for virtually any information held by a third party: phone company records that indicate who called you, when they called and how long the call lasted; Internet service provider records on what Web sites you visited, when and for how long; tollbooth records; security camera footage; records of emergency calls made from a car; supermarket purchase records. All that and more can be requested by the government with a search warrant, or sometimes with an administrative subpoena or other demand, frequently without judicial review.

Since the Sept. 11 attacks, the government also has vastly increased its power to obtain Americans' private financial, phone-call and Internet-transaction data using national security letters, which do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The FBI issues more than 30,000 a year, The Washington Post reported in 2005. And the Pentagon issues its own version, the New York Times reported on Sunday.

Such data can be helpful to law enforcement agents, but sometimes mistakes are made. Last fall, an Internet provider mismatched a customer and an IP address, resulting in a guns-drawn raid by a child-porn squad on a farmer in rural Virginia.

The bottom line, privacy experts say, is that more and more personal data are being stored on the Internet and in databases over which individuals have little or no control. Increasingly, the government, the private sector and criminals are looking for ways to exploit those data. And the laws, the experts say, are not squarely on the citizens' side.

© 2007 The Washington Post Company