Better Legal Protection for Emails?—My Fault That It’s Needed

A bill moving through Congress would require a warrant to access the contents of an email, even an email more than six months old.

Wait-what?

You read that right. Today's law says the police need a warrant to read your newer emails. But as soon as one has been on the server for 180 days, they can use alternative procedures. There's no need for a judge to find probable cause.

Who would ever write such a stupid law?

Uh, that was me. Quoting the father of Star Trek's Mr. Spock, when asked why he, a hyper-rational Vulcan, had married a human woman: "At the time, it seemed the logical thing to do."

Here's what happened.

The current law, the one I worked on, was enacted in 1986. There was, as yet, no public Internet. Specifications for the World Wide Web did not appear until 1989, and the first successful browser came in 1993. In the mid-1980s, though, businesses were transmitting fast-increasing amounts of data. When modems over voice lines became inadequate, AT&T and its long-distance competitors built packet-switching networks to move more data more quickly.

Then-current laws, not tweaked since 1968, required a warrant for tapping into wireline voice calls, but were silent about data communications, those not having been significant in 1968. Government, industry, and consumer groups all wanted to fix this, and to add requirements for listening in on cell phones, cordless phones, satellite communications, and lots more.

In the mid-1980s I was fresh out of law school and working for a downtown D.C. firm. One of our clients was a big computer manufacturer that took the long view: if people knew their computer communications would be protected from eavesdropping, they might buy more computers. They asked the firm to participate in updating the law with their interests in mind. I was on the team because twenty years earlier I had trained as an electrical engineer and was presumed to know something about how communications technology actually worked.

Our first impulse was simply to require a warrant for all interception, whether data or voice. But data communications over packet networks differed from voice calls in an important respect: the system often had to store data content temporarily before, during, or after transmitting it. Storage usually lasted a few seconds or less, but could extend for hours or even days. Storage for backup might last longer.

Law-enforcement wanted access to the stored communications; carriers and public interest groups wanted to protect the whole transaction. We negotiated a compromise: police would need a warrant for a transmission in actual progress and during the first six months of storage, but not after that. It was actually not much of a compromise because few, if any, communications were stored that long. Most data communications were urgent, and because storage facilities were expensive, long-term backup was not routine. The after-six-months part of the statute would have little application.

As low man on the org. chart, I had the job of coordinating the negotiations and writing up the agreed-upon version in statutory language. (I did the same for many other sections of the bill.) The final draft applied the six-months rule to "electronic communications," which were defined to cover pretty much everything except "wire communications"-wireline voice calls. Those remained governed by the old law.

Both houses of Congress passed my language unchanged, and President Reagan signed it into law. (This is not unusual.) The lawyers and staffers who worked on the bill had a small celebration, boxed up their files, and moved on to other things.

You know where this is going.

Time passed. The Internet appeared. Email became one of its most popular applications. Wrongdoers used email to further their unlawful activity. Police departments asked their lawyers if they could tap into suspects' emails. The lawyers looked up the statute. They found that emails fit squarely into the definition of "electronic communications," despite having been nonexistent when we wrote the definition. But that didn't matter. The six-month rule applied. And now it really did apply, because people often left their emails sitting on providers' servers for months and years. After six months they became easy for law enforcement to access.

That was twenty years ago. People have been complaining about the law's application to email ever since. Congress has been in no hurry to fix it, maybe law enforcement likes things the way they are. But change may finally be in the works.

A court construing a statute tries to grasp the "intent of Congress" from the wording of the law and sometimes from other sources. I can't speak to the intent of Congress in the judicial sense. But I can say for sure that those of us who worked on the 1986 language had no intention of making six-month-old emails easily available. I, for one, would like to see this fixed.