What could be worse than the IRS’s grubby hands? Its spying eyes

Just in time for Tax Day 2013 (better known in the Cringely household as Tequila for Breakfast, Lunch, and Dinner Day) comes news that the IRS is even a bigger snoop than you suspected — or at least it might be.

Nathan Freed Wessler, staff attorney for the ACLU, penned a blog post earlier today that has twisted the blogosphere’s collective knickers into tiny little knots. In it he writes of a Freedom of Information Act request the ACLU sent to the IRS last year and the 247 pages of bureaucratese it received in response.

[ Cash in on your IT stories! Send your IT tales to offtherecord@infoworld.com. If we publish it, we’ll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

The ACLU wanted to know if the IRS requires a warrant before it reads the emails, texts, and other private communications of someone who is, presumably, undergoing an audit (better known in the Cringely household as an anesthetics-free colonoscopy). The answer? No, perhaps, we think, but we’re not 100 percent sure. Per Wessler:

So does the IRS always get a warrant? Unfortunately, while the documents we have obtained do not answer this question point blank, they suggest otherwise. This question is too important for the IRS not to be completely forthright with the American public. The IRS should tell the public whether it always gets a warrant to access email and other private communications in the course of criminal investigations. And if the agency does not get a warrant, it should change its policy to always require one.

Don’t let the facts get in the way of a good story

Well, that certainly clears things up, don’t it? But that was all it took to get the blogger engines revving. Take SlashGear’s Brian Sin, who penned a quickie summary post titled “IRS believes it can read your emails, chats, and more without a warrant.” Or this quasi-double negative headline from TechCrunch’s Gregory Ferenstein: “IRS doesn’t deny snooping emails without a warrant.” Then there’s the Daily Finance’s Matt Brownell, who apparently feels quite certain that “Yes, the IRS can read your emails if it wants” — no lawyerly shades of gray for old Matt B.

Kudos to our friends over at PC Mag, who at least get the story right with “ACLU questions whether IRS is reading email without a warrant.” It’s a reasonable question, because of two things: One is rather shoddy legal advice provided in a 2009 IRS handbook that pretty much says all email is fair game to IRS investigators.

The Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because Internet users do not have a reasonable expectation of privacy in such communications.

The enigma of the Electronic Communications Privacy Act

The other has to do with the strange provisions of the rapidly putrefying Electronic Communications Privacy Act (ECPA) of 1986, which holds that email messages older than 180 days could be considered “abandoned” and, thus, have a lower expectation of privacy under the law.

As the ACLU’s Wessler notes, that provision was overturned by a Sixth District Court in 2010, which held that the government requires a probable cause warrant to read anyone’s emails, no matter how old they are. The question the ACLU wanted answered: Is the IRS following the misguided advice in its old handbook, the Sixth District’s decision, or something in between?

The answer is, we still don’t really know. The current IRS handbook essentially follows the rules outlined in the ECPA, which state that older emails can be accessed using court orders, subpoenas, or administrative summons — which require a lower standard of proof and less judicial oversight than a warrant. What we also don’t know is a) whether the IRS has actually requested any older emails using the lower standards, or b) if any Internet service providers have complied.

Google leads the oppposition

Google, for one, has already told any feds trying to pry loose emails from them to get a warrant or go home. It’s not clear what other ISPs have followed Google’s lead, but there’s a growing coalition of tech and libertarian groups that agree with the company’s stance.

The real lesson here, of course, is that the ECPA desperately needs a makeover. It’s so obvious even Congress agrees; the Senate passed an improved version of the ECPA last fall, and a House subcommittee is taking up the matter now.

The other lesson, also obvious: Don’t believe everything you read on the Webbernets, especially if it comes from knicker-twisting, boxer-bunching bloggers.

Is the IRS spying on your emails? Post your tales of tax-induced paranoia below, or email me: cringe@infoworld.com.

This article, “What could be worse than the IRS’s grubby hands? Its spying eyes,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.