For years, the Securities and Exchange Commission (SEC) has been seeking an administrative agency exception that would enable it to use a subpoena to access email content stored remotely by third parties. But under current legal precedent, per a 2010 Sixth Circuit decision, United States v. Warshak, it has been precedent that this material should only be accessible with a search warrant.
The SEC continues to seek expanded authority, and they question the application of this warrant requirement to civil agencies. In February, they issued a subpoena to Yahoo to access a user’s email, where the account was owned by a defendant in a securities fraud case. Yahoo has rightly challenged this action, and the case, Securities and Exchange Commission v. North Star Finance LLC, represents a landmark dispute regarding the government efforts to obtain email content in a civil case with just a subpoena to an email service provider.
Unlike a warrant based upon probable cause, a subpoena only requires requested documents that are “relevant” to an investigation, a standard which is incredibly broad. Consequently, providing government agencies access to such a wide range of stored content according to this lower threshold presents not only an obvious privacy violation, but also an operational concern for U.S. cloud providers whose customers expect a level playing field for access to remotely stored information.
To make an old-world analogy, this would be akin to the SEC providing merely a subpoena to a landlord requiring them to enter into a tenant’s apartment to obtain and turn over personal documents stored inside. We wouldn’t stand for that in the physical world, so there’s no reason we should enable this over-reach in the digital world.
Fortunately, Representative Kevin Yoder (R-KY) today offered an amendment to the Financial Services Appropriations bill under consideration in the House that would ensure that the SEC and other agencies (like the IRS) obtain a warrant to access the content of communications held by 3rd parties. Of course, this is just one small piece of reform that would be accomplished by the Email Privacy Act (H.R. 387), authored by Reps. Yoder and Jared Polis (D-CO), which was passed by the House unanimously earlier this year. This amendment is an important effort, but more urgently the Senate needs to take action to pass the Email Privacy Act to establish a warrant for content requirement, without exceptions.
David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.