FBI says it doesn't need a warrant to snoop on private email, social network messages

FBI says it doesn't need a warrant to snoop on private email, social network messages

Summary: An FBI guidance manual says the law enforcement agency is able to access U.S. residents' email, Facebook and Twitter messages, and private documents, without breaching the Fourth Amendment.


The U.S. Federal Bureau of Investigation is able read your emails, Facebook chats, Twitter messages and other private documents without the need for a search warrant, according to its own guidance.

The bureau insists this policy does not breach the Fourth Amendment to the U.S. Constitution, which protects citizens from "unreasonable searches and seizures." Others aren't so sure.

Government documents reviewed by CNET's Declan McCullagh show that prosecutors and investigators at the U.S. Department of Justice believe they do not need a court-ordered search warrant to access sensitive and private citizen data. Instead, a subpoena signed by a federal prosecutor can be enough to obtain nearly "all records from an ISP."

Read this

Yes, the FBI and CIA can read your email. Here's how

Yes, the FBI and CIA can read your email. Here's how

"Petraeus-gate," some U.S. pundits are calling it. How significant is it that even the head of the CIA can have his emails read by an albeit friendly domestic intelligence agency, which can lead to his resignation and global, and very public humiliation? Here's how.

A search warrant signed by a judge can compel a company into handing over all of a user's data, while a subpoena often grants investigators access to "communications data," such as who a person was communicating with, when, on what day, and at which computer or location based on their IP address.

The FBI guidance, written and published internally after the 2010 ruling, said field agents are able to subpoena email records "without running afoul" of the Fourth Amendment.

The Justice Department's move to issue subpoenas internally rather than taking the matter to a court appears to go against a 2010 ruling that compelled federal authorities and police to obtain search warrants before accessing Internet users' email accounts.

On Saturday, The Guardian published a transcript by former FBI counterterrorism agent Tim Clemente, who stated: "[Federal authorities] certainly have ways in national security investigations to find out exactly what was said in that conversation," hinting that the FBI is able to access any phone call recordings or email.

It also comes only a few weeks after the FBI were denied a request to install spyware on a suspects' computer in order to spy on them without their knowledge. The FBI was criticized by the judge for "[making] no attempt to explain" why alternatives would not be as effective.

But the judge also disclosed [PDF] that the federal government "sought and obtained" under the Electronic Communications Privacy Act (ECPA) an unnamed ISP to "turn over all records related to the counterfeit email account, including the contents of stored communications."

How companies like Apple, Google and Microsoft fight back against unwarranted searches is an entirely different matter. Both Google and Microsoft have "transparency reports," which disclose how many requests are made by government authorities around the world, including U.S. authorities. Some companies, such as Twitter, are known to actively fight back against subpoenas and search warrants.

Google also stated that it requires a search warrant for "email content" and other private data. Apple, meanwhile, has been criticized for failing to disclose government requests by the EFF in a recent report.

The FBI's guidance appears to be in conflict with what the Internal Revenue Service said last month. The tax agency said it would no longer access email data without a warrant as part of tax investigations. In an IRS handbook detailing the search warrant process stated that: "emails and other transmissions generally lose… their Fourth Amendment protection."

It's not unlike government departments to have "interpretations" or "guidance" for complicated acts of law. In January, the Electronic Frontier Foundation (EFF) was successful in having a secret interpretation of the controversial Foreign Intelligence Services Act (FISA) unmasked -- at least to some degree. 

Two politicians, Sen. Ron Wyden (D-OR) and Sen. Mark Udall (D-CO), first flagged the secret document in 2011. Though when it was released under a Freedom of Information (FOIA) request, it was all but entirely redacted. 

But CNET noted not all U.S. Attorneys have attempted to gain access to U.S. residents' email and social networking content without a warrant.

The underlying argument is that the authorities believe they have this power, the Fourth Amendment notwithstanding, amid growing sentiments in Congress to change the law, to give email the same protected rights as a physical unopened letter.

Topics: Government US, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Courts have consistently ruled based on expectations

    So what part of *PRIVATE* email does this government think does not lead to expectation of privacy? The social content stuff, I can understand - but private emails???
    • Huh?

      Emails between people are definitely not private, they go through way too many locations to ever be considered private and can definitely be intercepted by the government or others.

      If you are sending encrypted emails, then I could understand an expectation of privacy (and then subject to the 4th amendment), otherwise, I would never expect an email to be private.

      As you say, social media is definitely not private, the whole point is to share with others.

      I'm not saying that I like this, but it's a fact of life that what is posted online is not private.
      • Email is no different than any other electronic communication

        cmwade1977 - by your argument that email can be made public because it crosses transmission points would allow any phone to be tapped freely, and anyone to publish transcripts of your cellphone calls picked up by radio.
        • I have to disagree...

          Land line and and cell phone calls are protected systems. And when you make a connection from one phone to another, while it is on public fibre, you are connecting on a temporary private connection between the phones. While email, or anything sent across the internet without any encryption can't be considered private. TCP-IP just throws the bits out there with an address to it's destination, and takes whatever route it needs to in order to be delivered. There's no way to protect that unless you take steps to protect the contents.
          • Courts rule based on expectation.

            If there is an expectation of privacy, then the courts ought to rule it as private. Unless in the terms of service or privacy statement it explicitly states that you have no expectation of privacy (or in the case of Facebook, the fact that you're publishing content for the intent of other people to see) then you have an expectation of privacy. That's what the privacy statements are for -- to establish whether or not you have a legal expectation of privacy.
            Jacob VanWagoner
          • VOIP call

            So according to your interpretation of this, a VOIP call is also subject to interception/wiretap as an email simply because parts of the transmission are more temporary than a landline call. But by that definition, a cell call should be subject to the same thing if at least one party is moving and switches towers (the path has just changed).
          • Land line and and cell phone calls are protected systems


            I understand your basic premise, that they are protected systems by nature of technology. However they are also protected, by laws.

            When phone technology became mainstream, the Govt. was on the side of protected communications. Laws for email not being "protected" came into being, before email was "internet" email, and networks were in essence private connections.

            An example may be the corporate phone call, vs the corporate email. Phone calls from your desk, using company phone, PBX, network, etc. is protected communications by federal law. Wiretapping or listening in, is a Federal Crime, even by the owners of the equipment and transport mechanisms. Whereas an Email message sent from that same Desk, by the same person, does not have those protections. When email started becoming prevalent, corporations were better at influencing the Govt. Laws went with having no privacy for emails, justified by they were being composed, and sent on "company" equipment, thus the property of the company to open, "eavesdrop" and read at their discretion.

            Different "rights" not based on the nature of the tech, but on laws interpreting, or granting those rights.

            The easiest thing to do, is to listen in on a "regular" phone call. It can be done at multiple junction points all around any city with minimal cheap equipment.

            The point is; is that it is the policy and laws that provide some level of privacy. Technology can also provide additional privacy through encryption and other methods, but if all of these secure (encrypted) communications methods have built in "back doors" as the govt. wants, what is the point?

            So we get back to laws and policy.
          • re: I have to disagree...

            > Land line and and cell phone calls
            > are protected systems ... [w]hile
            > email, or anything sent across the
            > internet without any encryption can't
            > be considered private.

            That just doesn't make any sense. Telephone calls are transmitted as data these days, not analog voice waves. And at no point is your telephone call encrypted. There's no difference, on the wire, between voice data and email data (except maybe QoS), so the only difference between them is how they're treated under the law. Phone data have legal protections. Email data should have them, too.
            none none
          • You don't have any clue how calls are placed on GSM network

          • By that definition

            The government could eavesdrop on unencrypted sip (voip) calls as well. Yet I am sure such evidence would be inadmisable without a court order, so should any email communications. The fact that packets are transported unencrypted over a network, does not mean the government has a right to use it as evidence without a court order. It seems the americans are using the internet as an excuse to violate the civil rights of it's own citizens.

            I am quite dumstruck with the reasoning of some people, who seem to believe privacy should be thrown out for one silly reason or another.
        • Privacy is a right not a technology

          When a information is sent from one private party and addressed to a second private party, it is private. The information becomes the property of the sender and the recipient and anything that interprites that inforation without permission from the owners is wrong.
      • While I don't like it, i have to agree with you here..

        Like you stated, unless our email is encrypted, there is no way to keep it private unless it is from one machine to another on a completely internal network. It is the world we live in.

        Same applies if you go to a website to purchase something, and for some reason they are not running any encryption to protect your data while it's being entered, and you end up getting your identity stolen. Or passing sensitive information on an open wireless connection. You can't expect privacy in an electronic world without taking steps on your own side to ensure that privacy is kept intact.

        Someone later on in this thread commented about treating email like a postal letter. Impossible. A postal letter is sealed(electronically this would be encrypted), and that seal must be broken to read what's inside.(decrypted) Point being, if you want it completely private, encrypt it. Otherwise, anybody, anywhere can see it if they have the right tools and access.
        • mail vs email expectations

          StorageNerd, Tda1: so.... "sealed" mail = encrypted email (protected) and postcards = standard email (not protected.. anyone can read)?
          • sealed mail = unencrypted email

            because anyone who intercepts it can read it and maybe reseal it in the case of snailmail.
            encrypted email = snailmail written in secret code.
            postcards = irc messaging
      • Proper Privacy

        Perhaps we also need a redefinition of what is private and what is not. A personal email between two people can be extremely private, as can a corporate email containing confidential business matters. The point is that to intercept either, notwithstanding the fact they are mailed via 'public' networks requires a certain measure of knowledge and a certain amount of snooping. The chance of anyone accidentally happening on a sensitive email is astronomically small. On this basis I would consider active snooping or fishing for such emails to be a gross intrusion into and a gross invasion of privacy, as defined in The Human Rights Act, where all persons have a right to a private life free from interference and authoritarian oversight.

        As indeed was the case in Boston where military martial law was imposed on a considerable portion of Boston, free movement was curtailed, ordinary unarmed citizens were searched in detail by armed soldiers, and unwarranted seizure of goods was made. I think personally in this circumstance the 4th Amendment is more than in tatters. It simply doesn't exist any more in practice even while it is still 'written on paper'.

        All the Feds have to do if they believe any part of the USA is becoming insurgent is 'contrive' a 'supposed' terrorist attack nearby. The 4th Amendment is totally dead in the water.
      • Incorrect.....

        Even stamped mail goes fro place to before it gets to it's destination. by your definition, any mail, regardless of how it is composed, is public. No email is private, regardless how it is delivered.
        linux for me
      • Two kinds of privacy, similar LEGAL qualifications

        CM, you and Chips are talking about different types of privacy.

        Chips comment is about DIRECTED communication - similar to a phone call or a letter in an envelope. It is sent to one or several NAMED recipients.

        The privacy you are talking about is what is usually mis-equated with "secrecy" - like in the "expectation of privacy." The two are related, but not synonymous.

        Still, as I mentioned above, people employing directed communications of ANY sort have an "expectation of privacy." For someone else to intercept that, in all other directed communication forms, requires a warrant. Why should it not require a warrant for email?
      • Mail?

        I mail in you U.S. mailbox NOT private DESPITE the fact it can be stolen or read by ANYONE who gets to it before you do?
      • Then how is personal correspondence private

        So if you write a letter on paper, hand it over to the U.S. government (post office) for them to deliver, you have an expectation of privacy. But if you send an electronic message, through a private company, you don't have an expectation of privacy? How does that make sense?
  • I am the first Post

    I find this interesting that everyone seems to flame over Android vs iOS vs Windows and all those like but when something actually is important; we say nothing. That is not a a great commentary on America.

    Well since I was pre-law before switching my majour. This is a Rock and a Hard place dilemma. One you have the Protect aspect no one wants to leave any stone un-turned and no one ever wants to be the one that got it wrong (if only we had) then you have the Serve aspect where they must not infringe on the rights our there fellow American and must follow due course (that is what America was founded on period) Now by doing this they are using coercion and leverage of there office (if anyone police or FED comes to your door and flash there badge we comply that's how it works and they know this) this could come back to haunt them if it comes out they did not follow the law, but that is the knife edge we walk these days it seems.