Feds snooping on email activity and social networks, without warrants - and it's on the rise

Filed Under: Facebook, Featured, Law & order, Privacy, Social networks, Twitter

Private investigator, courtesy of ShutterstockCrime-fighting authorities in the United States can snoop upon your email activity, who you are instant messaging, and what you are up to on Facebook, Google Plus and other social networks in real-time, not only without your permission - but without even requiring a warrant.

And, according to the American Civil Liberties Union (ACLU), this real-time access by federal investigators to your online activity is on the rise.

Documents released by the ACLU on Thursday show that law enforcement agencies in the United States have greatly increased surveillance of Americans’ electronic communications, and often the surveillance happens without a warrant or judicial oversight.

The documents were released by the U.S. Department of Justice in response to a February 2012 Freedom of Information Act (FOIA) request (PDF) by the ACLU.

They show a sharp rise in the use of two types of surveillance in the last five years: "trap and trace" and "pen register".

Orders for pen registers and trap and trace devices used to spy on phones increased by 60% between 2009 and 2011, from 23,535 to 37,616. The number of individuals whose communications were the subject of surveillance more than tripled in the same period, from approximately 15,000 to 45,000, ACLU said.

Requests to eavesdrop on electronic communications such as email and network data jumped during the same period, also. Trap and Trace requests for electronic data, for example, increased from just over 100 in 2009 to 800 in 2011, the ACLU found.

Graph from ACLU

Pen registers capture outgoing data from a subject over telecommunications lines. Trap and trace surveillance tools capture incoming data.

Historically, the tools were physical devices attached to telephone lines in order to covertly record the incoming and outgoing numbers dialed. Today, no special equipment is required to record this information, as interception capabilities are built into the call-routing hardware of telecoms firms.

According to the ACLU, the surveillance requests do not require a warrant, because American courts consider the data in question - phone numbers, the "to" and "from" addresses in an email, records about IM conversations, etc - to be "non-content" information, which is not covered by the Constitution’s 4th Amendment protection against unlawful search and seizure.

Man with magnifying glass, courtesy of ShutterstockTo initiate pen register or trap and trace surveillance under the act, therefore, law enforcement can simply request approval from a judge by saying that the information they are likely to obtain is "relevant to an ongoing criminal investigation".

Judges don’t get to weigh the merits of that claim.

The ACLU took the United States Department of Justice (DOJ) to court in May to force the government to release the data about its electronic surveillance activities. The ACLU said that the DOJ is required to release the surveillance statistics to Congress each year, but rarely does so.

Past FOIA requests by the ACLU also document the sharp increase in surveillance requests. A 2010 request covering 2006 to 2009 showed that original requests for pen register and trap and trace doubled in that period, as well, from 11,000 to 24,000.

Together with the data released this week, the evidence suggests that law enforcement surveillance requests have more than tripled between 2006 and 2012.

The ACLU said that legislation is needed to toughen the requirement for the government to regularly update the public about its surveillance activities.

The civil liberties group also said that courts should reconsider the 1979 ruling (Smith v. Maryland) that set a lower standard for pen register and trap and trace monitoring than for traditional wire taps.

ACLU wrote:

The distinction from which these starkly different legal requirements arise is based on an erroneous factual premise, specifically that individuals’ lack a privacy interest in non-content information... Non-content information can still be extremely invasive, revealing who you communicate with in real time and painting a vivid picture of the private details of your life... The low legal standard currently applied to pen register and trap and trace devices allows the government to use these powerful surveillance tools with very little oversight in place to safeguard Americans’ privacy.

You can view the Pen Register and Trap and Trace documents online here.


Private investigator and man with magnifying glass images courtesy of Shutterstock.

, , , , , , , , , ,

You might like

4 Responses to Feds snooping on email activity and social networks, without warrants - and it's on the rise

  1. Trent · 567 days ago

    Why anyone would trust communications via the internet or any other form of digital transmission is beyond me. It's no secret that interception of traffic has been going on for a long time. It should be common sense, that if you have something to say that is for certain ears only, to say it off the grid.

  2. AnotherVictim · 565 days ago

    I knew I should have long ago, but I'm sure I'm not keeping this iPhone anymore. We're all blinded by this 'gotta have it now' mentality and being 'oohed and ahhed' by these devices. If you try, it's not hard to not have everything right that very second. I have no social accounts.

  3. The PoPo · 564 days ago

    This article makes it sound as though as law enforcement officers across the US are engaging in this sort of activity on a daily basis. What this article lacks is the context within which these trap & trace and pen registers are being authorized. This activity is authorized without a supporting probable cause affidavit at the federal level. At the state and local level, the rules and requirements vary from state to state. In Pennsylvania, an affidavit of probable cause is required to be included with the application for a trap & trace or pen register authorization.

  4. Nigel · 564 days ago

    It has long been an incomprehensible fact of life that the overwhelming majority of people are not even aware of secure (encrypted) communication, much less actually use it.

    And it's not just private individuals who are completely blind to the importance of securing their communications. I know of only one company — JUST ONE — that can accommodate a customer's request to communicate with them via encrypted email. The rest of them don't even know what I'm talking about when I request that they send me a message signed with an X.509 certificate so I can securely send them the sensitive information they've requested. It’s always the same response: "Huh...?"

    Translation: "Duh..."

    The classic mindless argument against encrypted email, of course, is that, "Only people who are doing something wrong would want to hide it behind encryption", an assertion so breathtakingly idiotic that one wonders what its proponents use for sense.

    Any credible email client provides encryption capability. It’s easy to find X.509 certs that are free of charge for personal use. Every message I send is signed with one. In my view, communicants who use that capability are more a part of the solution than a part of the problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.