In civil and criminal cases, Internet subpoenas are business as usual
Every day, a lawyer of some flavor asks an Internet search company for user information. And, usually, they get it, writes Saul Hansel in Saturday's Times.
[E]ven though these companies promise to protect the privacy of their users, they routinely hand over the most intimate information in response to legal demands from criminal investigators and lawyers fighting civil cases.
Such data led directly to a suspect in a school bombing threat; it has also been used by the authorities to track child pornographers and computer intruders, and has become a tool in civil cases on matters from trade secrets to music piracy. In St. Louis, records of a suspect's online searches for maps proved his undoing in a serial-killing case that had gone unsolved for a decade.
In short, just as technology is prompting Internet companies to collect more information and keep it longer than before, prosecutors and civil lawyers are more readily using that information.
The actual stories of how government prosecutors have used this information can be impressive. For instance:
The break in the St. Louis murders came in 2002, when a reporter received an anonymous letter with a map generated by Microsoft's MSN service — marked with the location where a body could be found.
The F.B.I. subpoenaed Microsoft for records of anyone who had searched for maps of that area in the days before the letter was sent. Microsoft discovered that only one user had searched for precisely that area and provided the user's Internet Protocol address. That address, in turn was provided by a unit of WorldCom, which identified the user as Maury Troy Travis, a 36-year-old waiter. (Mr. Travis was arrested and hanged himself in jail without ever admitting guilt.)
While the Electronic Communications Privacy Act is supposed to provide some privacy protections, the bar is lower for searches than emails and much lower than for first-class mail. Explains Hansel:
[The law] generally requires a court order for investigators to read e-mail, although the law is inconsistent on this, treating unopened items differently from those previously read. The standard to compel an Internet service provider to provide identifying information about an Internet user is lower — in general, an investigator needs a subpoena, which can be signed by a prosecutor, not a judge. (And the USA Patriot Act allows some of these procedures to be waived when lives are at risk.) By comparison, domestic first-class mail requires a search warrant to be opened.
"The big story is the privacy law that protects your e-mail does not protect your Google search terms," said Orin S. Kerr, a professor at the George Washington University Law School and a former lawyer in the computer crime section of the Justice Department.