In yesterday’s post, I explained how the government can get access to stored email communications. As the promised follow-up, today I thought I would explain how the government can get access to emails on a forward-looking or real-time basis as well as commenting on the effectiveness of using a “draft” email folder in a shared email account to hide communication with others from law enforcement.
As to forward-looking surveillance, federal law enforcement can get authorization to access all future emails that will be sent and received from an email account using a “Title III Order”—the same type of order long used to tap suspected telephones (Title III refers to the Wiretap Act, 18 U.S.C. § 2511, which was first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968). Getting a Title III order requires the Government to do more than just meet the probable cause requirements for a search warrant. In addition to showing that there is probable cause that a crime has been committed and that evidence of that crime will be found in the email, it must describe the communications sought to be intercepted, the identity of the persons committing the crime (if known), the facility where the interception is to take place, and the persons whose communications are to be intercepted. The government must also explain whether other investigative procedures have been tried and have failed or why they appear unlikely to succeed or are too dangerous, and limit the duration of time for which the interception is to be maintained. The government must also have a plan to “minimize” or disregard the communications that may be obtained which do not qualify for interception.
With such a Title III order, the government can require an ISP to provide real-time or near real-time feeds of the emails sent, received, or even stored as drafts, by a user’s email account, provided the email provider has the capability to do so. And despite the FBI’s rhetoric over the “Going Dark” initiative, many providers do have this capacity when it comes to email. Is it therefore just a “myth” that if two users log into the same email account and communicate by overwriting the same message and storing it in a drafts folder (and never sending the message), it is impossible to track them? Yes and No. Where the government has obtained a Title III Order, and the provider has the capability to record the user’s changes to the drafts folder, such a technique does not work. But where the government is only using legal process that is sufficient to obtain previously stored emails (search warrant), or to review email transaction records (a 2703(d) Order), the “drafts” folder technique does matter. With regard to a search warrant, only the emails in the account at the time the warrant is executed are produced. This means that prior iterations of the draft email would not likely be provided to the government if they were overwritten by the subsequent draft because most email providers do not store prior versions of overwritten draft emails. And as to email transaction logs – the logs that show whether an email was sent and who the email was sent from and to – such logs will have no records of a user’s constant revisions to his her own draft folder, even if two users are sharing the account. Might there be records that show two different users are logging into the same account? Sure. But that’s not the same as seeing the content of their communications.
Whether any of this has relevance to the Petraeus-Broadwell-Allen-Kelley investigation is unclear, but that investigation is certainly helping shine a brighter light on the legal process used to investigate all sorts of alleged criminal activity online, and the potential need for reform of these criminal procedural statutes as applied to online activity.