PORTLAND, Ore. (KOIN) — If you have emails older than six months in your inbox, the federal government can read them all without a warrant.
The reason email users in the United States can’t stop that is a relatively obscure 1986 law — the Electronic Communications Privacy Act — that lets the feds access 180-day old emails, texts and documents stored on a server, like The Cloud, without a warrant.
“After that, if you haven’t downloaded it onto your computer you probably don’t care about it and you’ve abandoned it in a sense,” said Lewis and Clark law professor Tung Yin. “That’s the basis of this idea, that if you don’t care about it there’s no need for search warrants.”
The 4th Amendment protects against unreasonable searches, which includes your electronic communication — but only if it was sent or received fewer than 6 months ago.
“So, it’s not whether I think my emails are actually being scoured by the government, but the possibility of it without a warrant, is that something that would seem unreasonable, and I think that’s the level people should be concerned about,” Tung Yin said.
Ken Westin, a real life cyber criminologist for Tripwire, said, “If you need secure communication, sometimes the best way to do that is through a phone call or direct face to face conversation.”
He said the high-profile hacks in the news are driven by financial gain. North Korea likely paid hackers $30,000 for stolen information it leaked to the media in retaliation over Sony’s movie, “The Interview.”
Other breaches, like Anthem, Target and Home Depot, keep happening.
“There’s information that’s available about you that you don’t even realize is being collected and it’s either being aggregated and stored in marketing databases or data is being compromised left and right, even government, banks,” Westin said. “All these places where you expect your information to be safe, it isn’t.”
Westin is one of 440 employees at Tripwire, a company founded in 1997 that services Fortune 500 and utility companies as well as every major cabinet agency of the US government.
“We’ve gotten to a position where there’s not a whole lot we can do retroactively to protect our privacy, but moving forward we’re seeing a lot of companies are taking security and privacy to heart,” he told KOIN 6 News. “If consumers demand privacy and they start voting for privacy with their wallet, then businesses are going to follow.”
People should save their email to an external, encrypted hard drive, he said, and then delete them from your computer. But your ISP could still archive them to a back-up server. He also said people could pay for private email, like Hush Mail or Thunderbird.
“I don’t think anyone envisioned the Internet to be what it is now, and as a result of that, now we’re, like, we need to go back and revisit some things and make them more secure,” Westin said.
Laughing, he added, “There is job security in security, I can tell you that.”
Kansas Rep. Kevin Yoder introduced a bill to update the Communications Privacy Act. Four Oregon representatives are co-sponsors.
In a statement to KOIN 6 News, Yoder said, “We will continue to press on in trying to find ways to get the bill considered by the House, as it has more than a majority of members co-sponsoring. Should it get to the floor, it would most certainly pass.”