How the US Government Secretly Reads Your Email

Secret orders forcing Google and Sonic to release a WikiLeaks volunteer's email reveal the scale of US government snooping

Somewhere, a US government official is reading through a list of those who sent or received an email from Jacob Appelbaum, a 28-year-old computer science researcher at the University of Washington who volunteered for WikiLeaks. Among those listed will be my name, a journalist who interviewed Appelbaum for a book about the digital revolution.

Appelbaum is a spokesman for Tor, a free internet anonymizing software that helps people defend themselves against internet surveillance. He's spent five years teaching activists around the world how to install and use the service to avoid being monitored by repressive governments. It's exactly the sort of technology Secretary of State Hilary Clinton praised in her famous "Internet Freedom" speech in January 2010, when she promised US government support for the designers of technology that circumvented blocks or firewalls. Now, Appelbaum finds himself a target of his own government as a result of his friendship with Julian Assange and the fact WikiLeaks used the Tor software.

Appelbaum has not been charged with any wrongdoing; nor has the government shown probable cause that he is guilty of any criminal offense.

That matters not a jot, because, as the law stands, government officials don't need a search warrant to access our digital data. Searching someone's home requires a warrant that can only be obtained by proving probable cause, but digital searches require no such burden of proof. Instead, officials essentially "self-certify" to a judge that the information they seek is, in their opinion, relevant to an ongoing criminal investigation. On this basis, Google and a small ISP called Sonic were made to hand over to the government all Appelbaum's email headers from the past two years.

Most people are not aware of the ease with which governments - free, open and so-called democratic - can access and peruse our private communications. This is because these court orders are commonly sealed. What is uncommon is for internet service providers to request the orders be unsealed so they can inform their customers, as Sonic and Google did in Appelbaum's case.

Privacy researcher Chris Soghoian estimates there are likely tens of thousands of these 2703(d) orders made annually by the federal government under the Electronic Communications Privacy Act. He bases this on the number of pen registers granted to the federal government annually: 12,000. These allow officials to intercept telephone and internet meta-data in real time.

"There's far more data to be had after the fact, so probably these 2703(d) orders are even more common," Soghoian says.

The fourth amendment of the US Constitution should protect against unwarranted search and seizure. Its inclusion in the Bill of Rights was a result of colonialists' anger at abuse suffered at the hands of British officials using writs of assistance. Writs were general warrants issued by the British Parliament to allow customs officials to search for smuggled goods, but in the American colonies, they were used by agents of the British state to interrogate people and raid their homes on the pretext of searching and seizing any "prohibited and uncustomed goods", which often meant "seditious" publications that criticized government policies or the King.

The colony of Massachusetts banned these general warrants in 1756 and when the governor overturned the ban, it was one of the sparks for the American Revolution. It's ironic then to see how, under the guise of "patriotism", these court orders have stripped away fourth amendment protections and granted to US officials the same unlimited powers of search and seizure that so aggravated the American revolutionaries.

Today, the privacy law surrounding our emails is woefully outdated, as it is based on the technology of the first email services of the 1980s. Back then, people dialed up their provider to download email onto their home computer. Mail left for over 180 days was considered in storage, so was not subject to the wiretap protections which were for information in transmission. This means email older than 180 days doesn't require a warrant whereas anything newer does. Now, with cloud services and extensive storage available through services such as Gmail, our primary archive of email is held more or less indefinitely. Ironically, this means the most important or sensitive emails receive the lowest legal protections. (The law is also weighted to protect unread mail over read mail so, strangely, spam that remains unopened because it goes straight to your junk folder has more privacy protections than read mail in your archives.)

Few citizens of the world will be adequately clued up on US surveillance laws, yet information stored on Facebook, Twitter, Google or any other American companies is subject to them. Unwarranted search and seizure by the government officials was unacceptable to the American revolutionaries. Shouldn't it be unacceptable in the digital age, too?

© 2023 The Guardian