BEYOND the salacious headlines and troubling breaches of protocol, the one concrete lesson for average Americans out of the David Petraeus scandal may be this: It's fairly easy for law enforcement to go snooping in your email. Federal privacy rules have failed to keep pace in the digital era, and Congress needs to enact clear, modern protections to restrain unreasonable intrusions on people's privacy.
The basic federal law governing digital privacy is the Electronic Communications Privacy Act. It was passed in 1986, long before home computers became common, let alone before email, text messaging and Facebook began to store people's private lives in the cloud. Files in a cabinet in a person's home have more airtight protections than equally private information — email that might contain medical records, legal documents, private correspondence and photographs — stored on servers somewhere in cyberspace.
Earlier this month, in releasing its semiannual transparency report, Google disclosed that the federal government made 7,969 requests for disclosure of user data from Google accounts or services in the past six months alone. Google says it complied "fully or partially" with 90 percent of the requests. That should cause a small shiver the next time anyone checks Gmail or does a Google search.
One example of the antiquated rules: The 1986 law did not anticipate that emails and the like would be stored indefinitely in the cloud — which did not yet exist — so it set a standard that after 180 days email that wasn't on a home computer could be accessed by the government without a judge's warrant but merely by subpoena. There is no reason that a person's privacy suddenly and arbitrarily expires after 180 days. Similar protections are necessary for location-based services on smartphones, which use GPS to provide real-time locations of their owners.
A quarter-century ago, when Robert Bork was up for Senate confirmation to the Supreme Court, a reporter went to the judge's local video store, asked for and received a list of movies he had rented. Though Bork was rejected for the court, there was broad agreement that his privacy had been invaded. Aghast at how casually the information was handed over (none of rentals were controversial, as it turns out), Congress passed the Video Privacy Protection Act, which made it illegal to release such lists without customer consent. In the current age of the app, it seems quaint to harken back to lists of VHS movies. But digital privacy protections have not really progressed since. And it's high time they did.
In the case involving Petraeus, it is clear that the FBI accessed a vast array of private information. But it is not yet known whether and when warrants were obtained for the electronic trail. Whether for the head of the CIA or for the private citizen, law enforcement should have to obtain warrants to access personal records. Now that digital sleuthing is easier than ever, federal rules must be established to make sure it's done only when appropriate, not simply because it is easy.