Most Active Stories
- WHQR Announces NPR and ABC's Cokie Roberts as Guest at Fundraising Luncheon
- CoastLine: Science Panel Weighs in on Potential Impacts of Seismic Testing off NC Coast
- 9 Films: Wilmington Jewish Film Fest Expands
- Governor McCrory Fights 50 Mile Buffer Zone for Oil & Gas Exploration and Drilling
- CoastLine: Bringing Human Trafficking out of the Shadows
All Tech Considered
Wed July 10, 2013
Utah Internet Firm Defies State's Warrantless Subpoena Law
Originally published on Wed July 10, 2013 9:51 am
Utah's oldest Internet service provider, XMission, has refused to give up customer information to law enforcement, reports The Salt Lake Tribune. Specifically, the company says it won't comply with administrative subpoenas.
People tend to confuse these with warrants, but unlike warrants, administrative subpoenas don't require police officials to show they have "probable cause" of a crime. They also don't need approval from a judge — and that's the real problem, says company founder Pete Ashdown, a two-time unsuccessful candidate for the U.S. Senate and outspoken Democrat in an overwhelmingly Republican state. The Tribune reports:
"It's not that he wants to enable suspects of child pornography or exploitation, vowing he would gladly comply when presented with a warrant. But the president and founder of XMission calls the subpoenas 'unconstitutional' — an invasion of the Fourth Amendment guarantee against unreasonable search and seizure — because they bypass the courts."
The courts tend to disagree. These administrative subpoenas are for connection data, not content. In other words, investigators are looking for evidence that person X connected to website Y at time Z. Courts have held that this kind of information is akin to the address written on the outside of an envelope; people don't have an expectation of privacy about connection data, and so it doesn't enjoy the protection of the Fourth Amendment.
But the courts may change their minds, especially now, as powerful analytics tools have made it possible to use connection data to draw a detailed portrait of a person's private life. That kind of analysis is the business model for much of Silicon Valley. Now police are getting into the act. The tech-savvy agencies have learned to use connection data earlier in their investigations — not just to prove the case against a suspect, but also to identify suspects to begin with.
A lot of privacy advocates want to see a good test case of whether a subpoena is really enough. Ashdown's company seems to be begging for a showdown, as it lists the subpoenas it has refused. But so far, Ashdown says, no dice.
"I've been kind of hoping that they would challenge [the policy], that we would go to court, and we could get a proper warrant for that information, or they would challenge my challenge and we could find out whether this law was constitutional at all," Ashdown told a legislative committee last month. "But it never happens."
There may be a tactical reason the subpoena-refuseniks haven't been dragged into court. Over the years, prosecutors have told me that they worry that a judge might rule against them and that the case could become precedent — which would deprive them of a powerful investigative tool. As long as the vast majority of ISPs continue to comply with the subpoenas for connection data, it may be smarter for law enforcement not to risk creating a case that could go up the ladder to the Supreme Court, which signaled in 2012 that it has serious reservations about warrantless electronic surveillance.