Your snitching cellphone, your tattling texts

Been engaging in illicit texting sessions with your lover, bookie, or international terrorist organizations on your smartphone? Best start deleting those texts now. Better yet, cancel your wireless subscription and bury the phone in the backyard. Things could get ugly.

As I write this, the U.S. Congress is revisiting the Electronic Communications Privacy Act of 1986, a piece of legislation so old it has to take Geritol just to get out of bed each morning. Believe it or not, the ECPA is the primary piece of federal legislation cops look to for guidance on how they can legally spy on our digital lives — despite the fact it was written back when fax machines were newfangled technology, landlines ruled the earth, and things like the World Wide Web, Google, and Facebook did not exist.

[ Cringely argues both sides of law vs. tech in “School for scandal: FBI spyware nabs pervy principal.” | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

This is a good thing. The ECPA is desperately in need of revision. The question is whether it will be revised in a way that is worse for you and me than the law as it exists today.

As Cnet’s Declan McCullagh reports, a law enforcement officers trade group called the Major Cities Chiefs Association wants the new ECPA to require wireless carriers to retain at least two years’ worth of text records for each subscriber, to be used as needed for police investigations.

For some perspective, consider this: According to Forrester Research, more than 2 trillion texts were sent last year via U.S. carriers. Yes, I did say trillion. Little wonder, then, that U.S. carriers rarely keep more than a week’s worth of texts at a time, if they keep them at all.

The current version of the ECPA, which was just approved by the U.S. Senate Judicial Committee last week, actually strengthens privacy by requiring cops to obtain a warrant before accessing data stored in the cloud, including email messages. Of course, that doesn’t mean the law will stay that way — hence the request by the MCC and other police trade groups.

The stalwart folks at Pro Publica, one of the last vestiges of investigative journalism that can found outside a museum, have published a helpful guide as to what types of digital information Johnny Law can obtain about you and what he has to do to get it. The short answer: The cops can access virtually anything they want without having to show much in the way of cause.

To obtain records of who you called and when you called them, the cops merely need a subpoena that indicates the information is relevant to an investigation. That’s much easier to get than a warrant, which requires law enforcement to show probable cause as to why they need all this stuff.

The location of your cellphone? The IP addresses you used to visit certain sites? The data you store in the cloud? Emails or texts more than six months old? All can be accessed via subpoena.

If that doesn’t worry you, it should. Per the Electronic Frontier Foundation:

Subpoenas are issued under a much lower standard than the probable cause standard used for search warrants. A subpoena can be used so long as there is any reasonable possibility that the materials or testimony sought will produce information relevant to the general subject of the investigation….

Subpoenas can be issued in civil or criminal cases and on behalf of government prosecutors or private litigants; often, subpoenas are merely signed by a government employee, a court clerk, or even a private attorney. In contrast, only the government can get a search warrant.

The good news is that a subpoena doesn’t carry the same legal weight as a warrant. It doesn’t allow someone else to paw through your records or enter your home, for example. In fact, the EFF advises people who receive a subpoena to do nothing in response except contact their attorneys. But most people don’t know that. They see the word “subpoena” and they comply with it.

No one is saying the police should be hampered in doing their jobs. On the other hand, offering virtually unfettered access to troves of data about citizens who aren’t necessarily being charged with a crime is an open invitation to legal fishing expeditions, if not outright abuse.

A new improved ECPA is an excellent opportunity to strengthen all of our digital privacy rights without giving a blank check to Johnny Law. Let’s hope Congress sees it that way as well.

What digital privacy laws do you want to see passed? Submit your proposed legislation below or filibuster me at cringe@infoworld.com.

This article, “Your snitching cellphone, your tattling texts,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry withRobert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.