Matthew Henry, Author at

The Texas Court of Criminal Appeals, which is the state supreme court for criminal cases, issued its long-awaited ruling in Texas v. Granville today. The wait was well worth it. The CCA ruled that Texas police can no longer search someone’s cell phone without a warrant after they’ve been arrested. Eight of the court’s nine justices held that the content of an arrestee’s cell phone is protected by the Fourth Amendment, even when it’s in the possession of the police, because that information constitutes the modern-day equivalent of a citizen’s “papers and effects.”

Judge Cathy Cochran wrote for the court:

Our most private information is now frequently stored in electronic devices such as computers, laptops, iPads, and cell phones, or in “the cloud” and accessible by those electronic devices. But the “central concern underlying the 11 Fourth Amendment” has remained the same throughout the centuries; it is “the concern about giving police officers unbridled discretion to rummage at will among a person’s private effects.”12 This is a case about rummaging through a citizen’s electronic private effects–a cell phone–without a warrant.

…

Searching a person’s cell phone is like searching his home desk, computer, bank vault, and medicine cabinet all at once. There is no doubt that the Fourth Amendment protects the subjective and reasonable privacy interest of citizens in their homes and in their personal “papers and effects.”

In reaching this historic conclusion, the court sided with the amicus brief filed by EFF-Austin, the Electronic Frontier Foundation, the ACLU of Texas, and the Texas Civil Rights Project.

Until now, Texas police have claimed the right to search someone’s cell phone after an arrest and when the phone was placed in the jail’s inventory. This exception to the Fourth Amendment for inventory searches usually allows police to search an arrestee’s clothing and possessions for contraband. But the CCA held that searching someone’s cell phone is a very different matter because cell phones contain a vast array of private information. The CCA recognized that Texans have a reasonable expectation of privacy in the contents of their cell phones, even when in a jail inventory, and police violate the Fourth Amendment when they fish through someone’s cell phone without a warrant.

What this means is that Texas police must now get a warrant based on probable cause from a judge before searching the cell phones and electronics of anyone they arrest. No longer can they casually read every text message and peer at every photo on the cell phones in the jail inventory. More fundamentally, this means that the constitutionally-protected zone of Texans’ lives has been expanded. The government has one less tool to invade Texans’ private lives without probable cause.

This decision is in keeping with the notions that Americans are innocent until proven guilty and that the Fourth Amendment secures “the right to be let alone.”

Last night, I represented EFF-Austin on a panel discussion hosted by America’s Future Foundation and Google. The topic for the evening was the Electronic Communications Privacy Act of 1986 and a good time was had by all. Fonda San Miguel proved itself a wonderful location for technology and privacy enthusiasts to congregate and discuss the important issues of the day. Kudos to all who came and made their contribution to a lively and important discussion.

As these things go, we did not gather to discuss this law because everyone agrees it’s working perfectly. In fact, quite the opposite; there’s general consensus that this federal statute is working terribly and not protecting the privacy of Americans’ electronic communications. The primary problem with ECPA is that it is old. In the context of the Internet, it’s nearly pre-historic. It may have been an effective and important statute for 1986, but today it no longer represents the privacy expectations of the American public.

Two of the most obvious problems with ECPA deal with the privacy protections for email. First, ECPA protects the content of email from government searches with a warrant requirement only when it is less than 180 days old. Second, the warrant requirement only applies when the email is unopened (except in the western states of the Ninth Circuit). These distinctions are anachronisms from the mid-80s and they make no sense for the way that people use email today. With free services offering multi-GB accounts, people customarily keep their email on their servers long past 180 days. Any why should unopened email receive extra protection when the only messages that most of us leave unopened are spam? The practical result of these now-nonsensical distinctions is that ECPA only requires law enforcement to get a warrant to search Americans’ spam. Virtually every other email message can be obtained with a mere subpoena.

There are other wide-ranging problems with ECPA that are a direct result of the fact that the statute is ancient in comparison to the technologies that it covers. The geolocation information produced by our cell phones creates a detailed map of our daily lives, but this can also be seized by law enforcement with a subpoena or a court order not based on probable cause. Perhaps that wasn’t much of a problem in 1986, but it is today. ECPA also allows the files we save in the cloud to be seized without a warrant, even though those same files would be protected by the Fourth Amendment if they were saved in a home file cabinet. Americans expect more privacy than this and ECPA is in desperate need of modernization.

To that end, the Digital Due Process Coalition is leading the charge for reform. They’ve gathered a wide spectrum of public interest groups and tech industry leaders to advocate for an update to the law. DDP is backing the Leahy-Lee bill in the Senate and the Yoder-Polis bill in the House. Both of these bills would require that law enforcement get a warrant based on probable cause before searching Americans’ email, no matter how old any message is and regardless of whether it’s been opened. With these bills garnering broad bipartisan support, it looks like ECPA might finally get the fixes it needs to properly do its job in the 21^st century.

Unfortunately, both bills have hit a road block. The Securities and Exchange Commission has demanded that federal regulatory agencies receive an exemption. The SEC wants the ability to search and seize Americans’ online communications and location records without a warrant. In fact, it’s even worse than that. Most regulatory agencies already have the ability to get these records directly from the people they’re investigating through the civil discovery process. The SEC wants the power to search and seize the online communications and location records of Americans without a warrant and without them knowing about it!

No way the SEC could get away this power grab, you say? Think again. Many senators and congressmen are lining up with the SEC. The DDP and Senators Leahy and Lee, for their part, are not budging and both bills appear to be stalled. Where does the White House come down? We don’t know, but we should soon. A We the People petition demanding ECPA reform without a loophole for regulatory agencies recently hit the 100,000 signature mark, which requires a response form the Obama administration.

If you’d like to help get ECPA reform passed so that America’s primary Internet privacy law contains the type of protections that Americans expect, then get on the phone and call your congressmen and senators. Tell them to support either Leahy-Lee or Yoder-Polis without any loopholes.

Last week, Lawrence Lessig gave a fantastic presentation on how government policies for broadband, cybersecurity and copyright have been corrupted by special interest lobbying. Lessig does a great job explaining why reclassification caused American broadband to fall so far behind the rest of the developed world. This video is well worth your time.

Matthew Henry is an EFFA board member and a partner at McCollough|Henry, PC