Excerpt:
......In response, the email service provider returned two CDs containing the full content of all emails in the accounts. The FBI eventually (and properly) sequestered the CDs, notified the email provider of the overproduction, and re-issued an NSL for the originally requested header information; but, in response to the second NSL, the email provider again provided the FBI with the full content of all emails in the accounts.
Compounding the service providers’ problematic over-disclosure, the scope of the FBI’s authority to issue NSLs for electronic transactional records rests on unsettled and unclear legal grounds. The FBI’s NSL authority under the Electronic Communications Privacy Act (ECPA) allows the government to issue NSLs to traditional telephone service providers for non-content subscriber information and toll billing records — essentially, the name, address, length of service, and local and long distance call records.30 ECPA also provides the authority to issue NSLs for "electronic communications transactional records." However, the exact scope of this remains unclear: according to the DOJ, "electronic communications transactional records" include "those categories of information parallel to . . . toll billing records for ordinary telephone service."31 What, exactly, "those categories of information" constitute — possibly including, for example, email "header" information, IP addresses, URLs, or other information — remains unclear.
Third-parties not only willingly cooperated with FBI NSLs when the legal justification was unclear, however: they responded to NSLs without any legal justification at all. In one instance, when requesting financial records from a bank under the Right to Financial Privacy Act, the FBI used language and statutory citations from ECPA — a statute entirely unrelated to financial records — for its legal authority; nevertheless, the financial institution complied with the FBI’s legally deficient request........
Read Full Article
