Your email and text messages aren’t safe

Internal Revenue Service guidelines state that they can access your email, direct message tweets, and even your Facebook chats and cell phone text messages without a search warrant, according to the results of a Freedom of Information Act (FOIA) request initiated by the ACLU.As the ACLU notes, sadly the federal law governing all of this is “hopefully outdated.”  ”It draws a distinction between email that is stored on an email provider’s server for 180 days or less, and email that is older or has been opened,” writes Nathan Freed Wessler, a staff attorney at the ACLU. “The former requires a warrant; the latter does not.”
In other words, the law still treats email as some newfangled gimmick that real people don’t use for serious things.  So if you have an email saved that’s over 180 days old – who would do that? – clearly you intended for the entire world to read it, because no one in the right mind would have email that old.  Right?

Yes, your grandfather wrote the law governing email in 1986

I just got off the phone with the ACLU’s Wessler, and the law governing email, and other electronic communications, was pretty much written in 1986, and not changed much since then.

A new-fangled “cell phone” advertised in 1986, modeled by Duran Duran’s sister. 

Who even had email in 1986?  Or text messaging on their cell phones – or cell phones? Want to see what a cell phone looked like in 1986 (and actually this was rather avant-garde for 1986) – see the photo to the right.  We also didn’t really have online chat on AOL or Facebook or direct messages on Twitter in 1986 either.  But the law covered them, without even knowing what they were.
It’s understandable why the 1986 Electronic Communications Privacy Act thinks that emails, text messages, and online chats older than 180 days should be accessible without a warrant – back then, no one had any of these (text messaging and chatting didn’t even exist), and second, if you did, you downloaded it right away and it didn’t stay on the servers.  Anything on the servers for older than 180 days was likely abandoned property.
When the ACLU asked the IRS if it’s opening people’s emails without a warrant, the agency got awfully vague in response.
The ACLU was not amused. “So does the IRS always get a warrant?,” Wesller asks. “Unfortunately, while the documents we have obtained do not answer this question point blank, they suggest otherwise. This question is too important for the IRS not to be completely forthright with the American public. The IRS should tell the public whether it always gets a warrant to access email and other private communications in the course of criminal investigations. And if the agency does not get a warrant, it should change its policy to always require one.”

How the government compels companies to turn over your emails, text messages, chats without a warrant

So how does the IRS, and the federal government, go about getting your old emails, text messages, and online chats without a warrant?  A few ways.  Let’s compare:
1. Warrant.  If they get a warrant, they need to be able to prove “probable cause.”  That’s not so easy, so instead they use…
2. A magistrate, which is kind of a government judge, who only requires that the requested emails be “relevant and material” to an investigation, rather than their being probably cause that you actually committed a crime.   Another option is…
3. An administrative subpoena or summons, where they don’t even need to go to a government judge – they just issue the summons to your Internet provider or phone company, demanding the information, and only if the company balks do they go to a court to enforce the summons.  And the standard for issuing the summons?  Simple “relevance” to the investigation.
Now you know why government agencies prefer not to get a warrant.

You wouldn’t necessarily know if the government read your email and texts

How would you know if the government did this to you?  Well, you wouldn’t necessarily.  If the government uses a warrant, they don’t have to tell you.  If they don’t use a warrant, they are required to tell you, but can delay it 90s days in the interest of the investigation (i.e., they don’t want to tip you off).  But then, at the end of the 9o days they can delay notification for another 90 days, and so on, and so on, and so on.  So you may never find out.
Google recently told the Feds to stick it.  The email giant told the government they wouldn’t release email or cloud information with a probably-cause court order.
It’s a long document from the ACLU, and worth a read if you’re into the nitty gritty, but their bottom-line conclusion is that the IRA has not changed its position, that it can access your emails that are older than 180 days, without a warrant.

Finally, to the present: has the IRS’s position changed this tax season? Apparently not. The current version of the Internal Revenue Manual, available on the IRS website, continues to explain that no warrant is required for emails that are stored by an ISP for more than 180 days. Apparently the agency believes nothing of consequence has changed since ECPA was enacted in 1986, or the now-outdated Surveillance Handbook was published in 1994.