Expectations of Privacy

Charlie Parke April 17, 2013 0

By Charlie Parke
Arizona Community Press | www.azcommunitypress.org

DigitalPrivacyInStory

When is someone reading your email, listening to your cell phone calls, or tracking your location? It is possible someone is doing this right now and they may be doing it legally. The ACLU (American Civil Liberties Association) and others have been fighting to keep information in the digital landscape private.  Ironically, your tax dollars are used by the government in these cases where the ACLU is fighting to keep your private information safe from third parties and illegal government searches.

Many routine activities on government sites are unprotected. A common data security measure is to use the HTTPS version of a website, meaning a secure socket exists for your connection providing a layer of encryption and authentication in your communications. However the ACLU points out that if you try to enter a site like the IRS this way, https://www.IRS.gov, you will likely receive a security warning which will vary depending on your browser and security settings.

ssl

Unsecured site

According to the ACLU “because the IRS does not use HTTPS encryption to protect its website, the specific pages you view on the IRS website can be easily intercepted by others, particularly when you are browsing the web using an open WiFi network.”  There is a cost for the HTTPS encryption, therefore by not using the encryption, the IRS is saving taxpayers money through what seems to be lowered security. Many government sites receive personal information from you as well as host files about you. Even the information you search for may be used to build a profile of your activities for employers or insurance companies such as adoption tax information and programs related to drug or alcohol dependence. Arguably you are protected from search and seizure only when there is a reasonable expectation of privacy.  Will companies believe this applies when using a website that doesn’t use one of the most common web security features?

The ACLU has also been raising questions about the IRS use of data for persecution. A guide by the IRS seems to indicate standards which many find fail to protect your rights and privacy.  On page 5 of the document, information from informants is detailed with hearsay evidence and criminal informants noted as acceptable and usable as the sole basis of probable cause for a warrant. On page 6, agents are instructed to consider obtaining evidence from third parties such as service providers and banks. Page 7 notes that emails and subscriber information are seen as generally having no right to privacy; noted specifically is that the 4th amendment (search and seizure) does not apply to email stored on a server.

Should the 4th amendment, which protects against unreasonable search and seizure, protect your data. Typically, courts have ruled that you are protected when you have a reasonable expectation of privacy. If you use a Wi-Fi network to transmit data, a cell tower and/or store data in a massive offsite server, do you have reasonable expectation of privacy? The main law protecting such communications is the Electronic Communications Privacy Act of 1986 which predates most cellphone and web use.  The protections given under the electronic privacy act require that on communications “in storage for 180 days or less, the government must obtain a search warrant, based on probable cause, to obtain access to the contents.  Notice to the subscriber or customer is not required.” After 180 days the search warrant is no longer required, but a subpoena or court order is still required.  Yet these are considered easier to obtain and do not require even the hearsay evidence needed for probable cause.

The ACLU has become involved in a suit in Phoenix, Ariz. over the use of fake cell towers to capture data, commonly called Stingray devices.   Phoenix FBI agent Richard Murray put together a case based partially on evidence given by a criminal seeking to trade information for a reduced sentence, records provided by a third party e-file provider and data from private businesses like Verizon. Stingray is used on about a monthly basis in the area by Maricopa County Sheriff Joe Arpaio’s office.

spy tower

Tower used to connect to cellphones.

The current suit in Phoenix involves Daniel Rigmaiden, who is accused of participating in an operation defrauding the IRS for millions by filing tax returns with the social security numbers of the deceased. One concern raised in the case is that the Stingray collected data on everyone using a mobile device in the area rather than specifically those sought for the crime.  Does a warrant cover such a wide area and variety of people?  If anything picked up gave suspicion of a criminal activity, is it usable for an arrest even though it was obtained under a warrant for someone else? A recent court ruling noted “The cell-site-location records at issue here currently enable the tracking of the vast majority of Americans. Thus, the collection of cell-site-location records effectively enables “mass” or “wholesale” electronic surveillance.”   Does this type of data collection violate the 1st amendment right to free press (confidential sources) and free speech or the 4th amendment’s guard against unreasonable search and seizure, if the government can track private messages?  Those answers are still to be determined by the courts.

The government is accused of using searches from Stingray to obtain 3rd party information, like bank records or reading emails over 180 days old, often without warrants and trying to keep this secret.  According to the defense, there are often attempts to block even the court finding out these methods where used to obtain evidence.  “Emails written after the stingray search located Mr. Rigmaiden suggest that the government did not wish to disclose its use of the stingray to the court in its subsequent application for a warrant to search Mr. Rigmaiden’s apartment”.   When can you expect privacy?  It seems rarely with the government arguably not doing much to protect your digital information including search and surveillance guidelines that do little to protect you from being included in surveillance.