* FBI used subpoenas, other means to identify email sender
* Thousands of emails eventually turned over
* U.S. says no judicial approval needed for opened emails
* Google, Facebook resisting warrantless snooping
By Joseph Menn
SAN FRANCISCO, Nov 17 The scandal surrounding
the sudden resignation of an adulterous CIA director has stunned
the American public not just for its prominent cast of
characters, but also because of the ease with which authorities
appeared to have traipsed through personal email accounts.
Technology has transformed communications much faster than
the law, giving U.S. authorities at all levels the power to
routinely search reams of intimate emails, texts and instant
messages, with much lower burdens of proof as far as the
relevance to a criminal case.
Often, the subjects of electronic searches never know that
they've been hit, let alone why.
Recently, big tech companies including Google Inc
and Facebook Inc are pushing back, refusing to disclose
even old communications without a warrant and effectively daring
the government to press its policy in court.
The issue has been thrust into the spotlight by the
still-unfolding scandal that started with the revelation that
General David Petraeus, while serving as CIA director, had an
extramarital affair with his biographer, Paula Broadwell.
The relationship was discovered because Jill Kelley, a Tampa
socialite and family friend of Petraeus, complained to the FBI's
Tampa office about anonymous harassing emails.
Kelley herself didn't realize how badly an electronic
inquiry could mushroom beyond control. She wrote an email on
Wednesday to Tampa Bay's mayor that said her family had been
"put through the ringer," in part because police released 911
phone call transcripts with her home address and cell phone
number. That email, in turn, was among those released Friday
after public-records requests to city hall from the media.
In the initial probe, the FBI was disturbed that Kelley's
anonymous emailer had confidential information about Petraeus'
whereabouts. It issued an administrative subpoena empowering
agents to examine the email accounts from which the messages
came, a law enforcement source told Reuters.
Investigators learned that the harassing messages were sent
to Kelley by Broadwell. The FBI eventually got reams of emails,
most likely with a warrant or the consent of the correspondents.
The agency declined to comment.
In another twist, Marine General John Allen, commander of
NATO and U.S. forces in Afghanistan, is now also under
investigation for allegedly inappropriate communication with
Kelley that was discovered during the course of the same FBI
probe. Allen has denied that the two had a sexual relationship,
officials said on condition of anonymity.
PUTTING LIVES ONLINE
Authorized snooping has quietly but rapidly reached an
unprecedented level in the United States, and the disgrace of
senior military officials not accused of any crime provides a
rare opportunity to reflect on that transformation, privacy
rights advocates said.
"If they subpoena you for your evidence, you can say `buzz
off.' That's why all these are being served on third parties,"
said George Washington University law professor Orin Kerr, a
former Justice Department trial attorney. "It's hidden
information, and the service providers can comply cheaply and
Subpoenas for business records have been commonplace for
decades, but as individuals move more of their lives online, the
services they adopt are subject to the same scrutiny.
"It has become so easy, the standard is so low, the delivery
mechanism is so easy, that all the friction has been removed
from the system and it now basically becomes a very standard
investigative technique," said Jim Dempsey, vice president of
the Center for Democracy & Technology, a nonprofit that gets
funding from big technology companies.
The FBI, which has broad authority over cybercrimes from
identity fraud to online stalking, can gather technical
information about private citizens' email accounts with only a
The subpoena in theory must not be overly burdensome on the
recipient, but otherwise has few limits. Subpoenas can be
drafted by a senior FBI agent or equivalent and do not require a
judge's approval. They are common in grand jury investigations
and other probes of crimes involving multiple parties.
The only potential hurdle comes when agents want the actual
text contents of the emails.
Under the Justice Department interpretation of the
Electronic Communications Privacy Act (ECPA), emails that are
more than 180 days old are deemed "stored" and also can be
turned over with just a subpoena.
The act was passed in pre-Web 1986, when electronic
communications were rare and users often relied on
bulletin-board services that deleted messages after users logged
on and downloaded them.
The government argues that even much more recent undeleted
emails -- those even sent the day prior -- are "stored" and fair
game once they've been read. For years, law enforcement
officials have had access to these too, with recipients often
left in the dark.
Privacy groups, along with some technology companies that
have long sought a rewrite of the ECPA, have contended that
emails should not be subject to free-rein rummaging just because
such third parties as Google, Microsoft Corp and Yahoo
Inc are involved.
The 9th U.S. Circuit Court of Appeals, which covers
California and other parts of the West, has agreed, saying that
prosecutors need a probable-cause warrant for opened mail less
than six months old.
The Ohio-based 6th Circuit went further, ruling in 2010 that
much of ECPA conflicted with the Constitution's Fourth Amendment
prohibition on unreasonable searches. That ruling is only
binding in a handful of states.
Rather than appeal to the Supreme Court, law enforcement
authorities have applied for more warrants but also have just
sought out service providers in other jurisdictions.
To some extent, the big tech companies are fighting back.
The 6th Circuit ruling "reflects the right reading of the
law and is the appropriate standard for protecting privacy of
user-generated content," Facebook Chief Security Officer Joe
Sullivan told Reuters.
He and a spokesman for Google said each company now demands
a warrant for emails, even ones older than 180 days.
Google said this week it received requests by U.S.
government entities for data on more than 16,000 users during
the first six months of this year, up from 12,000 in the prior
half-year, and at least partially complied with 90 percent of
That total includes warrants, subpoenas, criminal and
intelligence wiretap orders and secret "national security
letters," which have become much more common under the 2001