Gen. Petraeus scandal raises questions about online privacy

Published:

Gen. David Petraeus' bizarre fall from grace over a mistress' threatening emails has raised a crucial question: Under current law, does the federal government have too much access to Americans' online activities?

At present, it is unclear whether the FBI had a warrant to connect the dots that led them to the scandal that brought about Petraeus' resignation as CIA director. But the situation has brought into focus the fuzzy legalities surrounding digital privacy.

U.S. citizens are protected from unreasonable search and seizure under the Fourth Amendment to the Constitution. However, when that principle shifts into the digital world, the boundaries blur.

For instance, the government needs a warrant, an order approved by a judge, to read a mailed letter. But to read most emails, it only needs a subpoena -- which can be secured from a grand jury or a district attorney, not a judge, and can be sealed so the subjects never knows the government peered into their lives.

The Electronic Communica-tions Privacy Act covering online privacy was designed to protect consumers' rights in digital mediums. But it became law in 1986, years before the world was full of email and smartphones.

The courts are still grappling with exactly where the boundary lies regarding search and seizure when it comes to digital fingerprints.

A mailed letter is sent and received, but there's really no record in between. An email or a Facebook message can be stored in a remote server for a century.

Jim Dempsey, vice president of public policy at the Center for Democracy and Technology in Washington, D.C., said he's confident that the FBI didn't break any laws uncovering the Petraeus scandal -- but only because it didn't have to.

"There's no need for them to," he said. "With a little effort and a subpoena, you can uncover the ID of the average Internet user."

And there is nothing that confines digital forensics to only suspected criminals, notes Chris Soghoian, principal technologist for the American Civil Liberties Union's Speech, Privacy and Technology Project. "The amount of information the government can get without talking to a judge is really shocking," he said.

Government investigators can now go directly to Google and Facebook or Internet service providers Comcast and Verizon and ask for customer records. While obtaining the exact content of an email is a little trickier, the FBI can access these companies' logs -- to learn when, where and by whom an electronic event occurred -- to build a case.

Google makes public how often the government makes requests about its users. In the first half of 2012, it reported Tuesday, governments made requests for personal information on 34,614 Google accounts. The total number of requests was up 15 percent from the second half of 2011, the company said.

There are grassroots online movements like the Tor Project, free software designed to help people remain completely anonymous online. But without more protections of personal online data, the same tactics used to find Petraeus' mistress, Paula Broadwell, could be used to track those critical of the government, for example.

"You have to get every detail right to hide online," Soghoian said. "You only have to screw up once."

The Petraeus scandal unfolded after Broadwell allegedly sent threatening e-mails to a woman named Jill Kelley when she thought Kelley also was having an affair with Petraeus. Broadwell tried to disguise her identity by sending the emails from anonymous accounts. Kelley then turned over the emails she'd received to the FBI. How exactly the agency determined that the sender was Broadwell has not been explained.

While observers so far can only guess at what really unfolded in the FBI probe, digital privacy advocates say they hope the incident might help lead to a rethinking of current law.

Jennifer Granick, director of civil liberties at Stanford's Center for Internet and Society, is hopeful the outdated law will be rewritten soon.

"Even when there is a warrant, (Internet companies) are turning over too much information," she said. "There's a problem here, with the relationship with probable cause and resulting disclosures."

(Reach Caleb Garling at cgarling@sfchronicle.com Distributed by Scripps Howard News Service, www.shns.com)

SHNS

Want to leave your comments?

Sign in or Register to comment.