Experts to Congress: US law should require logs of billions of private text messages, emails

Parker Bunch Contributor
Font Size:

In a hearing before the House Judiciary Subcommittee Tuesday, a panel of technology law experts called on Congress to pass legislation mandating the long-term retention of every American’s text messages and emails in case of a future criminal investigation.

“Billions of texts are sent every day, and some surely contain key evidence about criminal activity,” said Richard Littlehale of the Tennessee Bureau of Investigation and a member of the panel in his written statement. “Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking.”

The hearing was held to discuss potential new provisions of the outdated Electronic Communications Privacy Act (ECPA) of 1986. The panel’s suggestions included longer retention times of interpersonal electronic messages as well as the creation of and expedited federal access to these databases.

Not everyone was pleased with the panel’s recommendations.

“From a consumer privacy perspective, from a network security perspective, let alone the cost perspective of storing the tens of billions of messages that are sent around the various networks … it’s really an unwieldy and unworkable idea,” said a telecommunication executive, providing background information on the proposal.

The executive cited recent worldwide hackings as an example of potential risk to public safety and security when it comes to maintaining such a database.

There are serious consumer privacy [and security] issues around this,” they said.

A 2010 Department of Justice report indicated that text message retention rates varied depending on the wireless company.

In 2010, according to the report, Verizon kept customer text messages on file for three to five days, Virgin Mobile retained them for 90 days and T-Mobile, AT&T/Cingular, Sprint and Nextel did not retain any text-message information at all.

Even if these databases were created, however, the requirements for federal access would have to be updated as well.

According to Elana Tyrangiel, the acting Assistant Attorney General for the Office of Legal Policy, current ECPA regulations regarding access to a citizen’s electronic files — more specifically, the guidelines for filing a subpoena or attaining a search warrant — are in need of an update.

Tyrangiel said in her written testimony that ECPA regulations “may have made sense in the past” but “have failed to keep up with the development of technology, and the ways in which individuals and companies use, and increasingly rely on, electronic and stored communications.”

According to Tryangiel, an email that is older than 180 days — opened or unopened — requires a subpoena. An email that is younger than 180 days and has been opened requires a search warrant. An email that is younger than 180 days and is unopened requires a subpoena.

Retrieving text messages would likely require similar levels of legal authorization.

To obtain a search warrant, probable cause must be established by an independent judge. Search warrants allow investigators to extract desired information directly from service providers’ databases.

Tryangiel said an issue with electronic subpoenas is that authorities gain subscription information from the provider, but directly contact the user for the desired content or records, instead of circumnavigating them and going through the provider and its databases.

By making the users responsible for the submission of their own information, the opportunity is created for them to damage, delete or tamper with any potentially incriminating files.

However, even if the federal government approaches the service provider with a search warrant, ECPA does not set any deadlines for the submission of the information by the provider. Littlehale said this creates an problem as equally large as determining the applicable scenarios for search warrants and subpoenas.

“We’re at the mercy of the service providers to determine how long its going take them to comply with that request,” Littlehale said. “I would suggest whatever the level of standard of proof, the thing that really matters most to us at state and local law enforcement is prompt response.”

Google has been forthcoming with its willingness to cooperate with federal search warrants and other legally viable electronic information requests. Its law enforcement and information security senior counselor Richard Salgado recently authored a report concerning National Security Letters (NSLs) — user information requests sent to Google by the FBI in the name of U.S. security. Salgado said that Google would continue to work with the federal government in shedding light on the information requests.

Salgado said on the panel Tuesday, however, that Google would not offer the federal government a system similar to what it currently offers advertisers, where key words contained within emails allow an automated Google service to discern which ads would be most relevant to the user.

He said Google would not comply with a request by the federal government to screen emails for particular key words and catalog the subscriber information of users who mentioned them. For Google to release that information, the federal government would have to provide a search warrant.

Tags : privacy
Parker Bunch