The law may not be an ass, as Charles Dickens put it, but it often moves as slowly as one.
The global economy is now powered by computers. The transfer of information from one place to another in nanoseconds is the life blood of commerce. Much of that information is, however, private – or would be considered such if it only remained on paper.
The rules governing the treatment of the zeroes and ones left behind as digital footprints or stored on servers located outside the United States have still to be decided. This is because the various interests represented in such a discussion cannot agree (and that puts it mildly) on what they should be.
On June 15 the House Judiciary Committee under the leadership of Virginia GOP Congressman Bob Goodlatte will be holding a hearing, “Data Stored Abroad: Ensuring Lawful Access and Privacy Protection in the Digital Era.” Hopefully, he and others in attendance will come away from it with an understanding of the need to update current law to respect individual privacy.
The current law, which was transformational when it was written, is now 30 years old. That may or may not seem like much, but in the world of computing, it’s several lifetimes ago.
The reason that’s important is the development of some new technologies like cloud computing – which relies on servers located around the globe – have created a loophole certain U.S. government agencies are trying to exploit to do an end run around the protections we all enjoy under the fourth amendment.
As I’ve previously written, the United States Second Circuit Court of Appeals upheld Microsoft’s contention. The federal government could not compel it to turn over customer emails stored on servers in Ireland just because they were outside the United States.
The case hinged on the question of whether Section 2703(a) of the Stored Communications Act – under which the federal government sought and received a search warrant allowing it to obtain the emails it sought – applied outside the United States or, to use the applicable legal term, extraterritorially. The court ultimately ruled in July 2016 it does not, reversing the federal district court in the Southern District of New York but instead upheld traditional conceptions of privacy, the applicability of warrants, and the protections against unlawful search and seizure.
One would expect the liberty-minded members of the committee like Ohio Rep. Jim Jordan, Florida’s Ron DeSantis, and Idaho’s Raul Labrador – who wants to be the next governor of his state – would understand the implications of the case and act accordingly during the hearing. Even a former prosecutor like Colorado’s Ken Buck should be expected to see, in plain and simple terms, how the founders intended for there to be limits on the government’s ability to obtain our private information and for there to be explicit structures governing the how, why, and when it was to be allowed.
Unfortunately, the rest of the committee may not be as fully enlightened. They may not understand how the threat to the privacy of data stored overseas should be just as big a concern as whether that information may include evidence of criminal behavior. A change in the law making it easier for the federal government to seize data stored in a foreign nation stretches the reach of a warrant beyond the territory of the United States in a way that is revolutionary.
It’s as plain as the ink on a subpoena that warrants only work when the ability exists for the government to seize what it’s seeking. It is impossible to seize data stored overseas without the cooperation of another country if that country refuses to respect the warrant.
There are alternatives of course: the Justice Department or the NSA or some other government agencies could get it by hacking or bullying a company, giving up an American citizen’s information without their knowledge.
The Obama Justice Department pushed to extend the reach of warrants overseas, and in the process threw the balance between privacy and law enforcement out of whack. For some time the U.S. intelligence community has been given as much power as they can be trusted with – as we’ve seen in the unmasking for political purposes of Trump campaign officials swept up in monitored conversations with the representatives of other countries being monitored.
A bad decision by Congress in these matters will lower privacy standards for all Americans and a diminution of our constitutionally-protected right to privacy. Allowing the U.S. government more power to go to foreign nations with demands for data can only lead to reciprocal demands from other countries for information about their own people stored here. Do we really want to let the Chinese have access to emails sent by dissidents who find ways to go around the official internet firewalls maintained by the government in Beijing?
The upcoming hearing, and any new legislation that flows from it, must lead to the right to privacy being strengthened. If it doesn’t, it won’t only adversely influence how data is stored worldwide but could strike a blow against freedom on the internet, which it will be hard to recover from.