Those who are regular readers of International Man are familiar with the ever-increasing intrusions by the State into all aspects of life, including digital life. What some people may not be aware of, however, is that many governmental intrusions into the digital realm are not new but are innovative applications of pre-existing laws.
Corporations such as Apple, Google, etc. are constantly creating new devices and software that improve our lives and ability to communicate. One drawback of such innovations is that governments are applying archaic communications laws designed for a previous technological era to spy on the activities of citizens today.
This is particularly apparent in the United States where the U.S. government is actively collecting vast amounts of private data that are both stored and transmitted – all legally without warrant or reasonable cause.
That's why it is important to not only diversify oneself politically but also to seek “cyber” diversification. Otherwise you could have Uncle Sam reading your emails…
How to Avoid an Electronic Privacy “Time Bomb”
What would you say if I told you that someone in the U.S. Congress was trying to pass a law allowing authorities to access your e-mails or documents stored online for longer than 6 months WITHOUT A WARRANT?
Now what if I told you that you were too late, that it was already signed into law 25 years ago?
The year was 1986. The same year as the Iran-Contra scandal, the Space Shuttle Challenger disaster, and the Chernobyl meltdown. Little did anyone know that a privacy disaster was being signed into law by Ronald Reagan, ironically titled the Electronic Communications Privacy Act (ECPA).
The ECPA was created as an amendment to the Wiretap Statute written in 1968. The purpose was to extend the government's restrictions on wire taps of telephone calls to electronic data transmitted via computer. In many ways the law was very forward thinking and protected a medium of communication that was not yet widespread.
However, this law had a fatal flaw that has come back to haunt us. When the law was written, the Justice Department argued that e-mail residing on a server for long periods of time should be considered “abandoned” and no longer private. This assumption was made because in 1986 e-mail was not stored on the servers for long periods of time due to storage costs. Congress agreed, and set the limit for privacy protections in the ECPA to 180 days. E-mail stored on servers for longer than 180 days could be made available to the authorities with a subpoena issued without the approval of a judge.
Fast forward to 2011. People have GMail accounts with 5+ years of e-mail stored online with an ever-expanding availability to keep even more. The same is true with Hotmail, Yahoo Mail, and even Facebook. Many people do not even bother to download their e-mail at all, reading it via webmail interfaces.
Further, people have information stored online beyond just e-mail. Their calendars, contacts, business documents, personal diaries and more are all stored online. New services like Dropbox and Apple's iCloud encourage automated synchronization of the files on your computer with their servers online. Much of your data is stored in the cloud and therefore is open for the government to grab without a warrant once it has been online for more than 180 days.
At this point, you might feel powerless to escape the privacy hole created by this law, especially with so much of your data being pushed online and into “the cloud”. Fortunately, however, there are proactive steps that you can take to get more privacy and protect your data.
Options to Protect Your Data
Now that you've been made aware of the problem, let's discuss some ways you can protect yourself from the provisions of this law:
- Get off the cloud: You can get all your data off “the cloud”. Download 100% of your e-mail and never store anything online. Use POP (which downloads then deletes your e-mail from the server) instead of IMAP (which synchronizes your local e-mail store with that on the remote server). Stop using Facebook, Twitter, Picasa, Flickr, iCloud, Dropbox or any other online service. And certainly stop using Google for online searches. This is a plausible option for some, though potentially inconvenient and nearly impossible if you hope to use a mobile device with your data. Android phones, for example, require you to have a Google account and synchronize your data with Google cloud-based services by default.
- Get your data outside of the U.S.: For many of the same reasons that it is recommended to diversify your financial assets out of the U.S., we would advocate doing the same for your electronic assets, i.e. your data. There is no harm in keeping your Hotmail account to talk to Aunt Sue. But when communicating with a foreign lawyer or broker, or sharing information with a business partner outside of the US, using an e-mail account based outside the US makes a lot of sense. The case for e-mail diversification along with recommendations on how to find a good provider was made in my previous piece, “The Case for Email Diversification“.
- Get political: You can donate money to and work with organizations like the Electronic Frontier Foundation or the Digital Due Process Coalition to get laws like the ECPA changed, and to prevent new laws like this from being passed. It is a good idea to get to know and support these organizations if you care about digital privacy in the United States. However, these options take time and will NOT protect your data today.
- Get a lawyer: The ECPA was recently used in a court case involving a fraudulent mail order company. The government used the Act to gain access to e-mail that resulted in a guilty judgment for the plaintiff. On appeal, the Sixth Circuit Court of Appeals ruled that the warrantless access to e-mail provided by the ECPA violated the Fourth Amendment protections against unreasonable search and seizure. This is great news… if you happen to live or own a business in Ohio, Kentucky, Michigan, or Tennessee. The Sixth Circuit's decisions are only valid in those states. If you live elsewhere in the US the full provisions of the ECPA still apply to you and your data.
The Next Steps
Take a look at the online services you use today. If you have services that are rarely used or perhaps abandoned, remove all of the data from that service, and cancel your account. For other online services, check the data held in the account and remove anything that you feel is sensitive or private. Finally, if you have a service that you use for sending and receiving important and/or private data, you may want to look at acquiring a new account in another jurisdiction where you will receive more privacy protection.
[If you don't have a strategy for dealing with the dangers of the online world, download our Online Privacy report, which will share some common sense steps you can take to protect yourself and your family from the dark side of the Internet. Available to International Man Network Members. For more information, click here.]
About the Author: Kyle Gonzales is a self-taught, self-made business professional with 13 years of experience in the IT industry. Over that time, he has assumed leadership positions ranging from corporate networking to technical sales. In 2011 he launched JumpShip Services, a firm that offers “multi-flagged” e-mail solutions that offer enhanced security, privacy and peace of mind for your digital communications.