Drug War Using American Phone Records More Than Terror War

Prism ain't got nothin' on the Hemisphere Project.

DEA-raid

Prism ain’t got nothin’ on the Hemisphere Project.

NYT (“Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.’s“):

For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans’ phone calls — parallel to but covering a far longer time than the National Security Agency’s hotly disputed collection of phone call logs.

The Hemisphere Project, a partnership between federal and local drug officials and AT&T that has not previously been reported, involves an extremely close association between the government and the telecommunications giant.

The government pays AT&T to place its employees in drug-fighting units around the country. Those employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987.

The project comes to light at a time of vigorous public debate over the proper limits on government surveillance and on the relationship between government agencies and communications companies. It offers the most significant look to date at the use of such large-scale data for law enforcement, rather than for national security.

The scale and longevity of the data storage appears to be unmatched by other government programs, including the N.S.A.’s gathering of phone call logs under the Patriot Act. The N.S.A. stores the data for nearly all calls in the United States, including phone numbers and time and duration of calls, for five years.

Hemisphere covers every call that passes through an AT&T switch — not just those made by AT&T customers — and includes calls dating back 26 years, according to Hemisphere training slides bearing the logo of the White House Office of National Drug Control Policy. Some four billion call records are added to the database every day, the slides say; technical specialists say a single call may generate more than one record. Unlike the N.S.A. data, the Hemisphere data includes information on the locations of callers.

At first blush, this seems like an outrageous violation of the rights of American citizens. Unlike the NSA program, this is aimed primarily at conversations between American citizens, not foreign nationals. And, whatever one might think of the wars on drugs and terror, it’s easier to make a case for pushing the envelope for the latter; al Qaeda is actively trying to kill Americans. (Also: Note the start date. It began under the previous, Republican administration and has continued under the present, Democratic administration.)

The Obama administration acknowledged the extraordinary scale of the Hemisphere database and the unusual embedding of AT&T employees in government drug units in three states.

But they said the project, which has proved especially useful in finding criminals who discard cellphones frequently to thwart government tracking, employed routine investigative procedures used in criminal cases for decades and posed no novel privacy issues.

Crucially, they said, the phone data is stored by AT&T, and not by the government as in the N.S.A. program. It is queried for phone numbers of interest mainly using what are called “administrative subpoenas,” those issued not by a grand jury or a judge but by a federal agency, in this case the D.E.A.

Brian Fallon, a Justice Department spokesman, said in a statement that “subpoenaing drug dealers’ phone records is a bread-and-butter tactic in the course of criminal investigations.”

Mr. Fallon said that “the records are maintained at all times by the phone company, not the government,” and that Hemisphere “simply streamlines the process of serving the subpoena to the phone company so law enforcement can quickly keep up with drug dealers when they switch phone numbers to try to avoid detection.”

I must plead ignorance here: I had not previously been aware that there was such a thing as an administrative subpoena. The very concept is alien to me, in that the whole point of the 4th Amendment is to provide a judicial check on the power of the executive. How can an agency grant itself a subpoena? And recall that even the NSA can’t do that; it has to go to the FISA Court, which is staffed by sitting Article III judges.

But, in fact, Congress granted DEA authority to issue administrative subpoenas under the Comprehensive Drug Abuse Prevention and Control Act of 1970 and gave the FBI the same power when investigating health care fraud cases under the Health Insurance Portability and Accountability Act of 1996.  A 2006 Congressional Research Service report, “Administrative Subpoenas in Criminal Investigations: A Sketch,” [PDF] explains,

Administrative subpoena authority is the power vested in various administrativeagencies to compel testimony or the production of documents or both in aid of the agencies’ performance of their duties. Both the President and Members of Congresshave called for statutory adjustments relating to the use of administrative subpoenas in criminal investigations. One lower federal court has found the sweeping gag orders andlack of judicial review that mark one of the national security letter practices constitutionally defective. Proponents of expanded use emphasize the effectiveness ofadministrative subpoenas as an investigative tool and question the logic of its availability in drug and health care fraud cases but not in terrorism cases. Critics suggest that it is little more than a constitutionally suspect “trophy” power, easily abused and of little legitimate use.

Traditionally, administrative subpoenas have been used in non-criminal cases, i.e. by regulatory agencies:

Administrative agencies have long held the power to issue subpoenas and subpoenas duces tecum in aid of the agency’s adjudicative and investigative functions. There are now over 300 instances where federal agencies have been granted administrative subpoena power in form or another. The statute granting the power ordinarily describes the circumstances under which it may be exercised: the scope of the authority, enforcement procedures, and sometimes limitations on dissemination of the information subpoenaed. In some instances, the statute may grant the power to issue subpoena duces tecum, but explicitly or implicitly deny the agency authority to compel testimony. The statute may authorize use of the subpoena power in conjunction with an agency’s investigations or its administrative hearings or both. Authority is usually conferred upon a tribunal or upon the head of the agency. Although some statutes preclude or limit delegation, agency heads are usually free to delegate such authority and to authorize its redelegation thereafter within the agency. Failure to comply with an administrative subpoena may pave the way for denial of a license or permit or some similar adverse administrative decision in the matter to which the issuance of the subpoena was originally related. In most instances, however, administrative agencies
ultimately rely upon the courts to enforce their subpoenas. Generally, the statute that grants the subpoena power will spell out the procedure for its enforcement.

[…]

In an early examination of the questions, the Supreme Court held that the Fourth Amendment did not preclude enforcement of an administrative subpoena issued by the
Wage and Hour Administration notwithstanding the want of probable cause. Neither the Fourth Amendment nor the unclaimed Fifth Amendment privilege against self incrimination were thought to pose any substantial obstacle to subpoena enforcement. Soon thereafter a second case echoed the same message — the Fourth Amendment does not demand a great deal of administrative subpoenas addressed to corporate entities; a governmental investigation into corporate matters may be of such a sweeping nature and so unrelated to the matter properly under inquiry as to exceed the investigatory power. But it is sufficient if the inquiry is within the authority of agency, the demand is not too indefinite and the information sought is reasonably relevant. The gist of the protection is in the requirement that the disclosure sought shall not be unreasonable.

This strikes me as perfectly reasonable. There’s no obvious reason to get the judiciary involved in routine regulatory matter and there are numerous oversights built into the system.  The Fourth and Fifth Amendments are primarily about protecting citizens from government power in criminal matters, where life, liberty, and property are at risk.

The earliest of the three federal statutes (21 U.S.C. 876) used extensively for criminal investigative purposes appeared with little fanfare as part of the 1970 Controlled
Substances Act, and empowers the Attorney General to issue subpoenas “in any investigation relating to his functions” under the act. In spite of its spacious language, the
legislative history of section 876, emphasizes the value of the subpoena power for administrative purposes — its utility in assigning and reassigning substances to the act’s
various schedules and in regulating the activities of physicians, pharmacists, and the pharmaceutical industry — rather than as a criminal law enforcement tool. Nevertheless, the Attorney General has delegated the authority to issue subpoenas under section 876 to both administrative and criminal law enforcement personnel, and the courts have approved its use in inquiries conducted exclusively for purposes of criminal investigation. Section 876 authorizes both testimonial subpoenas and subpoenas duces tecum. It provides for judicial enforcement; failure to comply with the court’s order to obey the subpoena is punishable as contempt of court; it contains no explicit prohibition on disclosure.

This is much more obviously problematic. David Kravets, writing for Wired a year ago (“We Don’t Need No Stinking Warrant: The Disturbing, Unchecked Rise of the Administrative Subpoena“), explains,

With a federal official’s signature, banks, hospitals, bookstores, telecommunications companies and even utilities and internet service providers — virtually all businesses — are required to hand over sensitive data on individuals or corporations, as long as a government agent declares the information is relevant to an investigation. Via a wide range of laws, Congress has authorized the government to bypass the Fourth Amendment — the constitutional guard against unreasonable searches and seizures that requires a probable-cause warrant signed by a judge.

In fact, there are roughly 335 federal statutes on the books (.pdf) passed by Congress giving dozens upon dozens of federal agencies the power of the administrative subpoena, according to interviews andgovernment reports. (.pdf)

[…]

Anecdotal evidence suggests that federal officials from a broad spectrum of government agencies issue them hundreds of thousands of times annually. But none of the agencies are required to disclose fully how often they utilize them — meaning there is little, if any, oversight of this tactic that’s increasingly used in the war on drugs, the war on terror and, seemingly, the war on Americans’ constitutional rights to be free from unreasonable government trespass into their lives.

That’s despite proof that FBI agents given such powers under the Patriot Act quickly began to abuse them and illegally collected Americans’ communications records, including those of reporters. Two scathing reports from the Justice Department’s Inspector General uncovered routine and pervasive illegal use of administrative subpoenas by FBI anti-terrorism agents given nearly carte blanche authority to demand records about Americans’ communications with no supervision.

[…]

But the administrative subpoena doesn’t just apply to utility records and drug cases. Congress has spread the authority across a huge swath of the U.S. government, for investigating everything from hazardous waste disposal, the environment, atomic energy, child exploitation, food stamp fraud, medical insurance fraud, terrorism, securities violations, satellites, seals, student loans, and for breaches of dozens of laws pertaining to fruits, vegetables, livestock and crops.

[…]

Some of the stranger statutes authorizing administrative subpoenas involve the Agriculture Department’s power to investigate breaches of the Floral Research and Consumer Information Act and the Fresh Cut Flowers and Fresh Cut Greens Promotion and Information Act. The Commerce Department has administrative subpoena power for enforcing laws relating to the Atlantic tuna and the Northern Pacific halibut. It also has those powers when it comes to enforcing the National Weather Modification Act of 1976, requiring “any person to submit a report before, during, or after that person may engage in any weather modification attempt or activity.”

In a 2002 government report, the Commerce Department said it had not used its administrative subpoena powers to enforce the National Weather Modification Act “in the recent past.” (.pdf) Susan Horowitz, a Commerce Department spokeswoman, urged Wired to send in a FOIA in a bid to obtain data surrounding how often it issues administrative subpoenas.

Lacking in all of these administrative subpoenas is Fourth Amendment scrutiny — in other words, judicial oversight. That’s because probable cause — the warrant standard — does not apply to the administrative subpoena. Often, the receiving party is gagged from disclosing them to the actual targets, who could, if notified, ask a judge to quash it.

And even when they are challenged in court, judges defer to Congress — the Fourth Amendment notwithstanding.

That’s maddening but, alas, not completely surprising. The courts have in recent years been exceedingly deferential to Congress—and to the Executive, for that matter—on matters of public safety.

Back to the NYT report on the Hemisphere Project:

Daniel C. Richman, a law professor at Columbia, said he sympathized with the government’s argument that it needs such voluminous data to catch criminals in the era of disposable cellphones.

“Is this a massive change in the way the government operates? No,” said Mr. Richman, who worked as a federal drug prosecutor in Manhattan in the early 1990s. “Actually you could say that it’s a desperate effort by the government to catch up.”

But Mr. Richman said the program at least touched on an unresolved Fourth Amendment question: whether mere government possession of huge amounts of private data, rather than its actual use, may trespass on the amendment’s requirement that searches be “reasonable.” Even though the data resides with AT&T, the deep interest and involvement of the government in its storage may raise constitutional issues, he said.

Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said the 27-slide PowerPoint presentation, evidently updated this year to train AT&T employees for the program, “certainly raises profound privacy concerns.”

“I’d speculate that one reason for the secrecy of the program is that it would be very hard to justify it to the public or the courts,” he said.

Mr. Jaffer said that while the database remained in AT&T’s possession, “the integration of government agents into the process means there are serious Fourth Amendment concerns.”

You think?

FILED UNDER: Law and the Courts, US Politics
James Joyner
About James Joyner
James Joyner is a Security Studies professor at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Tony W says:

    I wonder how this ties into the confiscation laws put on the books in recent years. Local police departments have done very well.

  2. steve says:

    I fail to see why these do not need judicial review. The number of agencies that can use these has clearly grown too large. Mostly, I think this just demonstrates how much we need to stop having wars, especially the War on Drugs.

    Steve

  3. Ben says:

    Unfortunately, the thing that enables all of this insanely invasive data collection is the third-party doctrine. That doctrine means that you have no interest of privacy in any information you store with a third-party, or that a third-party collects about you. So a simple subpoena to the company is all that is needed, since the government doesn’t recognize any right to privacy in that data. The third-party doctrine is a horrible, horrible ruling, that is completely out-of-touch with modern technology. It should be abolished immediately, however it would severely limit the government’s ability to spy on you and go on fishing expeditions to build criminal cases without any oversight or warrants, which of course means that it will never be overturned.

  4. OzarkHillbilly says:

    @Ben: That doctrine means that you have no interest of privacy in any information you store with a freely and willingly give to a third-party, or that allow a third-party to collects about you.

    FTFY. I sympathize with your position Ben, but it is hard to argue that one has privacy rights after one has surrendered their privacy rights.

  5. James Joyner says:

    @OzarkHillbilly: I don’t understand that argument. If I email another party, I expect the other party to have the email. If that party subsequently passes on the email to a third party, that’s a breach of trust but a known risk. But, if that party is trustworthy, they’ll only turn it over to the government with a warrant. Moreover, they’ll notify me that they’ve been served and forced to turn it over.

    I don’t, however, expect my ISP to turn that information over to a third party. That should be prima facie illegal as a breach of fiduciary trust.

  6. Ben says:

    @OzarkHillbilly:

    I completely disagree with you. The whole point of my argument is that one does not “surrender their privacy rights” just because they choose to share certain info with a private entity in order for them to perform some sort of service. I should be able to grant certain people access to my private info without surrendering all privacy rights to it.

    Companies can’t throw me in jail and strip me of all my rights, the government can. There is no parallel between sharing info with a company and then them sharing it with the government. They are wholly different.

  7. OzarkHillbilly says:

    @James Joyner: @Ben:

    You both bring up good points. Facebook is what I was thinking about.

    There is no parallel between sharing info with a company and then them sharing it with the government. They are wholly different.

    On this Ben, you and I wholly disagree. The company is the government. This is the socialist coming out in me, so I will leave it at that.

  8. mantis says:

    @James Joyner:

    I don’t understand that argument. If I email….

    Stop right there, you’re already in trouble. If you email anything, you are sharing the contents of that email with many third parties under no obligation or expectation to keep it to themselves. Your problem is thinking email is in any way a “private” form of communication. It is not.

    It’s as if you had a conversation with a person across a crowded room, shouting every word, and expected the people who overhear it not to repeat anything because you thought it was “private.”

  9. @mantis:

    It’s as if you had a conversation with a person across a crowded room, shouting every word, and expected the people who overhear it not to repeat anything because you thought it was “private.”

    No, it isn’t like that. I will grant that e-mails are hardly secure insofar as they are very easy to share. But so is a written note. Yes, once you have released information from yourself in any form it might be shared, but the issue is what are the chances of it being shared and by what mechanism. If I write my mother a hand-written note, I should have a fairly high probability that that note would remain private, even if I let the US Postal Service deliver it for me. If the government wants it, they should have to go to court to get it. E-mails should work the same ways even given the fact that it is technologically possible to intercept it and it is easier to share.

    When I write an e-mail, it does not leak into other people’s inboxes the way the words of a conversation held in public leak into the space of other patrons at a restaurant. You aren’t going to encounter my e-mail by accident or happenstance.

    Yes, the ISP can look at the e-mail, but so, too, could the post office read my letter. We don’t let the post office read my snail mail on behalf of the government, why should we let them read my e-mail?

    Now, FB posts, Tweets, blog entries, and comments on blogs are very much like shouting in a common space.

  10. Woody says:

    How long until a CalTech student creates an algorithm that will enable both the Federal Government and Important Third Parties to interpret every phone call, e-mail, snailmail, and Internet post and determine that certain citizens can be lawfully detained – by Important Third Parties – under Congressionally-approved administrative statutes because Terror. Of course, this unchecked, shadowy power would never ever ever be used for anything but National Security.

    J. Edgar must be very angry in Hades for being born too soon.

  11. Bob @ Youngstown says:

    @ mantis:
    completely agree.

    How much do you pay for your “free” email service? If I actually paid for private communication, I might expect it to be private. As it is I do not pay for private email service, hence I have no expectation of privacy.

  12. @Bob @ Youngstown: This has little to do, however, with whether one is using free or paid e-mail services.

  13. JohnMcC says:

    @James Joyner: “I don’t…expect my ISP to turn turn (my e-mail) over to a third party…”

    Well, expectations may be realistic or unrealistic. Yours turned out to be unrealistic. Expectations can change when new information is available. I bet yours have changed.

    And anyone who thinks anything on the internet is private, needs to adjust their expectations. Or get angry and pound on the wall, stamp on the floor or similar useful activities to make themselves feel better.

    Because whether we like it or not, we have no privacy on the internet.

  14. Matt Bernius says:

    @Steven L. Taylor:

    Now, FB posts, Tweets, blog entries, and comments on blogs are very much like shouting in a common space.

    With the important caveat that Facebook and Twitter both have “private” messaging capabilities built into the platform. Though it’s noteworthy that neither company calls those messaging platforms “private.”

    And while the comment space on blogs is akin to shouting in a common space, there’s still *slight* assumptions of privacy. For example here at OTB commenters largely control how much identifying information to share. James or any of the other authors could chose to release everyone’s email addy’s (some of which are admittedly spoofs) and IP addresses, but doing so would be seen as a violation of assumed privacy (and perhaps even the site’s TOS).

  15. Mikey says:

    @James Joyner:

    I don’t, however, expect my ISP to turn that information over to a third party.

    The ISP itself is already a third party, to which you voluntarily conveyed the information.

  16. Ben says:

    @mantis:

    @JohnMcC:

    I know you guys think that you’re the internet-savvy tech experts that are schooling a bunch of luddite rubes about the internet, but these statements are idiotic. To compare sending an email to shouting across a crowded room or saying things like “we have no privacy on the internet” show that you don’t actually know what the hell you’re talking about. I’d give you my credentials, but arguments from authority are rubbish and I’m not going to engage in it.

    There are myriad ways to secure internet communications (and email, for that matter). True, a large portion of people use the internet and email in an insecure way, but that doesn’t mean that security and privacy are impossible.

    But that’s all entirely beside the point. The argument here is whether people who engage in a service with an ISP is turning over their data to said ISP with the expectation that the contents of that data is going to be treated as private/confidential and not turned over to other parties (absent a warrant), and whether that expectation is reasonable. Most ISPs have privacy policies that state that they will not turn over your data absent a court order. Administrative subpoenas make that guarantee worthless.

    That is what I am primarily upset with. If the cops suspect me of a crime and go to court and get a warrant, I have no problem with the ISP turning over all of my info to them. But if an administrative agency can issue itself a subpoena and just take everything without having to prove any sort of suspicion at all, I find that perverse and contrary to the fourth amendment. I understand that under current fourth amendment precedent, those business records do not need a warrant. And I think that’s wrong.

  17. @Ben: Exactly.

  18. James Pearce says:

    I’d much prefer we use these phone records to look for terrorists than black market profiteers.

    @Ben:

    Companies can’t throw me in jail and strip me of all my rights, the government can. There is no parallel between sharing info with a company and then them sharing it with the government. They are wholly different.

    While I understand how one can believe this philosophically, I think current events pretty much exposes it to be BS.

    Yes, it’s true, a company cannot jail you. They cannot send commandos to your house to kill your dog and put you in zip ties. However, they will always cooperate with the government. They will even send their employees to work in the same “drug-fighting units,” hand-in-hand, no matter who’s signing the paychecks.

    This distinction that works so well on paper is easily blurred in the real world. When AT&T employees are working in DEA offices, you can pretty much consider it moot.

  19. bill says:

    well, there are more drug dealer than terrorists in America – i think/hope! maybe the decriminalization of weed will slow this down? in any event it’s just tracking calls, not conversations. i dropped at&t a few years ago anyway, although i’m sure someone else is tracking them now.

  20. Davebo says:

    @Ben:

    Forget the ISP. When you send unsecured email (as 99% of people do) you’re sending it without encryption over a public network.

    Only storage, bandwidth and processor limitations prevent anyone from scooping up petabytes of data by the minute.

  21. swearyanthony says:

    Isn’t it easier to just say “if its in any way going to be used in a criminal case, there has to be an untainted chain of evidence” that is, proper warrants the whole way thru. Sure, administrative subpoenas for someone spilling pig shit into a waterway, or a dentist not keeping up hygiene standards. But for drug investigations?

  22. JohnMcC says:

    @Ben: Anyone who knows me would roll on the floor laughing madly out loud to think I could pretend to be tech-savvy. The cell phone is a ‘track-phone’ and the only ‘tech’ device I own is the one I’m pecking away on. My comment was about expectations. If you, Mr Ben, ‘expect’ your Internet Service Provider to keep your email private — in the 4th Amendment sense of ‘private’ — take it away. I’ll bet reality will be a terrible shock to you as it apparently was to Dr Joyner but I don’t really know nearly as much as you do.

  23. mantis says:

    @Ben:

    There are myriad ways to secure internet communications

    I never said otherwise.

    (and email, for that matter).

    Would you send your bank account numbers over your encrypted email? I wouldn’t, though I agree it’s better than nothing. Thing is, no one uses it.

    True, a large portion of people use the internet and email in an insecure way, but that doesn’t mean that security and privacy are impossible.

    Again, I never said otherwise. I encourage the adoption of real secure communication media. I’m glad you’re all impressed with yourself, but if you really know what you’re talking about you know that no one who really needs secure data transmission uses email for it.

  24. Bob @ Youngstown says:

    @Steven L. Taylor:

    This has little to do, however, with whether one is using free or paid e-mail services.

    All I’m saying is that MY expectation of privacy is associated to the effort I expend (by encryption for example) to establish that privacy

    If I want a completely private “communications” with another party, I feel it is my responsibility to take the appropriate measures to ensure that privacy.

    In other words, it’s my personal responsibility .

  25. @Bob @ Youngstown: Yes, but my point on the free v. paid e-mail service issues is that the paid e-mail is not especially secure from a technological point of view.

  26. Ben says:

    @James Pearce:

    Yes, it’s true, a company cannot jail you. They cannot send commandos to your house to kill your dog and put you in zip ties. However, they will always cooperate with the government. They will even send their employees to work in the same “drug-fighting units,” hand-in-hand, no matter who’s signing the paychecks.

    Which is why I want to take away the government’s ability to do that. Then the company is no threat me anymore.

  27. Ben says:

    @Davebo:

    Forget the ISP. When you send unsecured email (as 99% of people do) you’re sending it without encryption over a public network.

    Only storage, bandwidth and processor limitations prevent anyone from scooping up petabytes of data by the minute.

    This is actually harder than you think it is. Unless you have a keylogger on the PC on one side or the other, or you have direct access to the mail servers or relays at either end, you are probably not going to be able to intercept even an unsecured email. Spoof attacks are incredibly unlikely to occur on the public internet due to several measures that ISPs take when peering with other ISPs. They really only occur on LANs.

  28. Ben says:

    @JohnMcC:

    If you, Mr Ben, ‘expect’ your Internet Service Provider to keep your email private — in the 4th Amendment sense of ‘private’ — take it away. I’ll bet reality will be a terrible shock to you as it apparently was to Dr Joyner but I don’t really know nearly as much as you do.

    Yes I most certainly do. The ISP I worked at certainly did. It was actually pretty difficult for employees to get at the content of customer emails (yes, I could do searches on the “metadata”). Every law enforcement request I ever got was part of a judicial warrant. I never saw one of these “administrative subpoenas”, and I’ve glad I didn’t, because I would have been sick to see us comply with it.

  29. Ben says:

    @mantis:

    Would you send your bank account numbers over your encrypted email? I wouldn’t, though I agree it’s better than nothing. Thing is, no one uses it.

    If I ever had a reason to, sure. I’d make sure it was actually GOOD encryption, but yes.

    if you really know what you’re talking about you know that no one who really needs secure data transmission uses email for it.

    Sure, you’re right, most people who need to have an ongoing series of data transfers securely would probably set up a VPN to do it. But you and John made pretty sweeping generalizations implying that it was impossible to expect privacy on any internet communication (or email in your case), and I was taking umbrage with that.

  30. Todd says:

    I personally think the “war on drugs” is stupid, and we’d be better off if we legalized most drugs.

    That said, until we do so, I don’t have a problem with the government exploiting technology in an effort to catch those who are breaking the current laws.

  31. Matt says:

    One of many examples as to how the war on drugs has eroded our freedoms.

  32. TastyBits says:

    @Todd:

    I personally think the “war on drugs” is stupid, and we’d be better off if we legalized most drugs.

    These are two separate issues. The “War on Drugs” is a federal initiative to fight drug usage. It was begun under Nixon, but drugs had been illegal prior to this.

    Eliminating the DEA, stopping federal money going to local enforcement agencies, ending local agencies ability to profit from confiscated property, and modifying the federal laws concerning drugs would immediately decrease the negative outcomes of the “War on Drugs”.

  33. anjin-san says:

    The “War on Drugs” is a federal initiative to fight drug usage. It was begun under Nixon, but drugs had been illegal prior to this.

    It goes back much further than that. When prohibition was coming to an end, the people working in the criminal justice/prison industry realized that a lot of funding/power was about to go away. Voila – “Marijuana, Assassin of Youth” was born. Nixon did coin the term, “War on Drugs”, but it was a continuation & escalation of a decades old policy.

  34. john personna says:

    Mantis is correct that the real technical history is that email was open and unencrypted and could be read by every intermediary *between* sender and recipient. It really was, in historical context, the post card scenario.

    Hypothetically, yes, we could have had a secure and encrypted system, but historically we did not.

    (Other than that, I believe I warned of this level of snooping here a month or two ago, I faced some disbelief. Not everyone, but some believed that courts were preventing it.)

  35. Ben says:

    @john personna:

    Mantis is correct that the real technical history is that email was open and unencrypted and could be read by every intermediary *between* sender and recipient. It really was, in historical context, the post card scenario.

    Except that the “intermediaries” consist of: your ISPs SMTP server (ostensibly a trusted 3rd party), the recipient’s SMTP server (ditto), and a series of cisco and juniper ISP backbone routers, which almost to a rule, do not do any deep inspection on the contents of the packets they are transmitting. So unless an ISP turns on some sort of inspection for some reason, or your ISP (or the recipient’s) sends the mail through a spam filter relay, there really isn’t anyone in the chain who is going to see the contents of your email in the normal course of business. It’s not really like a postcard at all. It’s much more like a re-sealable envelope that you have to open to see the contents. Most ISP systems I am familiar with do not even have a mechanism for their employees to see the contents of a customer’s email except for special circumstances when they receive a court order.

    The main way that plain old SMTP email is compromised is via a packet sniffer on your LAN or wifi, a keylogger installed on your machine via malware, or someone has your password.

  36. john personna says:

    @Ben:

    What you have done there is overlay on email protocols much newer expectations of business behavior.

    My first internet account was with Cerfnet. And I knew my email was sent plain across the net. It was a feature. We read our mail with full headers and saw where it had been.

  37. Ben says:

    @john personna:

    If by “newer” you mean in the last 18-20 or so years, sure. Personally, I don’t think it’s terribly relevant how email was handled in the 80s. I’m talking about what is practically going to happen in the recent past and going forward. Random people are almost certainly not going to read your email unless they gain access to your PC/LAN or the recipient’s.

    And if you disagree, I’m very interested to hear the mechanism by which it’s going to happen.

  38. john personna says:

    @Ben:

    How can it not be relevant, when it is the origin of this 3rd party rule?

    Since then we have had, as I say in the other thread, a proliferation of individual privacy agreements between parties, but as I say none of these is or can be an end-to-end email guarantee.

    Your argument reduces to “if you chose the right provider, and path, and the right recipient, you might have security.”

    That’s not much of an argument.

  39. john personna says:

    @Ben:

    And if you disagree, I’m very interested to hear the mechanism by which it’s going to happen.

    I can illustrate this and the lack of end-to-end agreements at the same time. Let’s say that I am on Cox cable, and have signed a privacy agreement with them. I’ll assume they are honoring it, and keeping an eye on their interns.

    I send 4 emails:

    – one to my friend on TimeWarner
    – one to my friend at Apple Computer
    – one to my friend in the Air Force
    – one to my friend at school or university

    What happens is my provider honors their agreement until the email leaves their hands, and then it is not their business. We hope that the backbones have good privacy rules and controls, but look at the endpoints. Every one of those has a very different legal environment and a very different expectation of privacy for their user, who is receiving my email.

    I’d expect every one of those *except* the other end-user ISP to allow access to the mails for various reasons. Corps like Apple have declared that they own their employee’s mail, even if it came from me. Of course the Air Force scans mail. The university does as well (to at least see if I am sending copyrighted songs).

    Basically my expectation of privacy only went as far as end- …. with getting to the other end.

  40. Ben says:

    @john personna:

    I actually agree with everything you said. But it’s all about customer expectations. If I send an email to a friend at their work email, then OF COURSE it’s going to be read and scanned by that company. Ditto with the military, with a gov’t employee, etc. However, if I send an email to another end-user at the same or a different ISP, then you’re damned right that I expect that no one’s going to read it, barring a warrant. Because that is what is in the privacy policy of every ISP I’ve ever seen. All other types of recipients, obviously all bets are off. But private consumer ISP accounts ARE expected to be private communications, because that’s what the ISPs have been telling us for the last 20 years. And largely they’re correct and have developed infrastructures that keep that promise, at least when it comes to ISP to ISP communications.

    However, now we are learning that the gov’t (or you could say the ISPs at the behest of the gov’t) have been breaking that agreement for criminal investigative purposes, and handing over data both to the NSA and the DEA. The NSA pursuant to FISA orders that are still considered secret, and the DEA pursuant to administrative subpoenas, which have no oversight, and no requirement for even suspicion, let alone probable cause.

  41. john personna says:

    @Ben:

    Like many people, I don’t actually use my ISP for a direct email service. I happen to use gmail, by a https connection, which gives me “google level privacy.” Someone else might choose a better or worse service with a better or worse privacy agreement.

    The Electronic Communications Privacy Act made some guarantees about mails in transit, but again we are assuming some sort of privacy expectation coupled with some expected use cases.

    I personally expect that the cops (of various sorts) have found the gaps between various privacy protections and are effectively exploiting them, rather than explicitly breaking them.

  42. Pharoah Narim says:

    @john personna:

    “I personally expect that the cops (of various sorts) have found the gaps between various privacy protections and are effectively exploiting them, rather than explicitly breaking them.”

    This exactly. There is no privacy once you send the packets out in the cloud. If they want the information…they can get it. Encrypted, un-ecrypted…no difference. What providers offer you is private communication your peers and social aquaintences have no way of getting their hands on. So your co-worker and enemies will never discover your partner and you exchanging emails about your S&M fantasies. If the governement wants to know what you’re up too however–all bets are off. They have SuperUser privleges in th cloud ceeded to them by providers.

  43. Franklin says:

    While there are also sorts of problems here, the thing that continues to amaze me is how much effort we put into the drug war with no real results.

  44. Barry says:

    What this article has done for me is to make me a 100% opponent of both the War on Drugs and the DEA. It’s clear that the standard libertarian argument that the War on Drugs *had* to lead to massive police state tactics is correct, pure and simple.