NOTE: This post was originally published on January 16, 2018
Within the next six months, the U.S. Supreme Court will rule on two cases that will determine whether the U.S. government’s already extensive reach in obtaining the personal information of its, and other countries’, citizens should be limited.
Both cases bring the Stored Communications Act (SCA) into contention, a law so outdated that, shockingly, the U.S. government currently doesn’t need a warrant to sift through any of your old personal messages and searches online.
What is the Stored Communications Act? And how is it outdated?
The Stored Communications Act was introduced in 1986 to extend the reach of the U.S. Constitution’s Fourth Amendment right, which protects the privacy of a U.S. citizen’s “persons, houses, papers, and effects,” to also protect those “papers and effects” online.
The SCA, therefore, requires law enforcement to obtain a search warrant before it can access the contents of any electronic communications stored by service providers (like telecoms and ISPs) in the last 180 days.
But given the speed at which such technology has evolved, the language in the law does not take into account the current machinations of cyberspace. The law came to pass over 30 years ago—before the world wide web existed—and Congress thought communications over 180 days old would be obsolete.
Now such communications are stored indefinitely, meaning any form of communication online that’s over six months old (such as your texts, emails, and Facebook messages) is fair game to the government.
This major loophole in the SCA has brought two cases all the way up to the Supreme Court, regarding its application in conjunction with the Fourth Amendment.
With decisions expected by the end of June this year, ExpressVPN looks at what’s on the line.
1. Carpenter v. United States
This case seeks to answer the question:
Does the government violate the Fourth Amendment when it’s accessing an individual’s cell phone location data without a warrant?
Arrested in 2011, Timothy Carpenter committed a series of armed robberies of smartphones in Michigan. However, he was only successfully convicted two years later after the FBI requested cell phone data with just a court order from a magistrate judge.
Over 127 days worth of records were turned over to the FBI from his cell phone company, giving prosecutors enough information not just to convict Carpenter, but also know where he slept, and whether he went to church on Sundays.
There was no warrant issued for the records, which the American Civil Liberties Union (ACLU) argues violates the Fourth Amendment and makes the data collected by the FBI unconstitutional. However, the data could still be obtained without a warrant under the Storage Communications Act, given that the information was more than 180 days old.
Why this case is important to everyone
If the Supreme Court rules in favor of the United States government, then not only can your cellphone’s location data be acquired by law enforcement, but it will also set a precedent for other data that is available without a warrant.
If the Court finds in favor of Carpenter, then the warrantless acquisition of location data will be ruled unconstitutional, which will partially fix the loophole in the SCA.
2. Microsoft v. United States
This case seeks to answer the question:
With a warrant, is an email provider required to provide the federal government with emails even when the email records are stored exclusively outside the United States?
Microsoft’s web-based email service, now called Outlook.com, stores a lot of its data in overseas data centers—one of which is located in Dublin, Ireland. Microsoft received a U.S. warrant in 2013 for a user’s email communications data stored in Dublin.
While Microsoft gave the responsive communications data that was stored in the U.S., they challenged the warrant for the information stored in Dublin. The courts initially upheld the warrant, but when Microsoft appealed in 2016, it was invalidated. The U.S. Department of Justice responded with a counter-appeal to the Supreme Court, who in October 2017 agreed to hear the case.
Why this case is important to everyone
If the Supreme Court rules in favor of the U.S., the U.S. government gets complete access to the information of both U.S. and non-U.S. citizens stored in U.S. company-owned data centers around the world.
For instance, a German citizen using Microsoft’s Outlook could have their information stored in a data center in Germany, but the U.S. government would still have the ability to get a search warrant to look at their email communications—something that would otherwise lie outside U.S. jurisdiction.
Further complications regarding what counts as a proper search warrant would ensue, as each country almost certainly has different (and possibly contradicting) standards.
But if the Supreme Court rules to invalidate the warrant, this will protect the private stored communications of users of not just Microsoft, but other tech giants like Google and Facebook, both of whom have data centers dotted around the world.
The Supreme Court will hear oral arguments from both sides on February 27, 2018.
Why these cases are so important for digital privacy
If either of these cases rule in favor of the U.S. government, it will provide a legal precedent for the government to obtain even more of your personal information in one of two new ways: cell phone location data after six months without a warrant, or your emails stored on a US company’s server overseas.
The fact that both cases have reached the Supreme Court also calls attention to the glaring holes in the outdated and archaic SCA. The two decisions will indicate whether the erosion of our online privacy by the U.S. government will falter or persist.