There are a wide range of actions Congress can take to make law enforcement more effective, and to improve its relationship with communities.
Unfortunately, it may forgo such action and instead tamper with a rule that works, in the process doing more harm than good.
The Senate will soon take up the Email Privacy Act, commonsense legislation passed unanimously by the House of Representatives to close a loophole that permits warrantless access to Americans’ older emails. It’s a long overdue fix that will both protect our Fourth Amendment rights, and provide clarity to law enforcement. Unfortunately some are using this measure to demand an expansion to “emergency exception” rules for accessing private content. This would be both unwise and unsafe.
Judicial authorization for law enforcement access to private communications is a critical safeguard for a democratic society. Yes, it’s an obstacle for law enforcement investigations, but we know that obstacle is there for good reason – it makes sure that government focuses on the bad guys, and prevents improper invasions of privacy. Of course, law enforcement and civil libertarians alike understand that emergencies are a necessary exception. When a life is on the line and there isn’t time to go to a court, police should be able to immediately ask for access to private communications that could stop a heinous crime.
However, some now say that we should go farther, and not only allow police to ask communication providers for private records, but to demand them, with mandatory compliance whenever law enforcement asserts an emergency situation. The goal of this measure is laudable, but the policy is not. Creating a mandatory emergency exception rule would not reap significant benefits, and would actually risk security harm.
In my 27 year career in law enforcement, the majority of which I spent as a homicide detective with the Metropolitan Police Department of Washington, D.C., I sought and obtained communication records in the majority of my investigations. I encountered no problems obtaining these records under the current law and in the rare, truly emergency situation, the law posed no undue burden. I have found that complying with the requirements to obtain records in a non-emergency situation actually helped me build stronger cases because, by following the rules, the evidence was unassailable in court. Unfortunately, too many of my colleagues, for whatever reason, would try to take the shortcuts that the new law would encourage.
Changing the emergency exception law is unnecessary. The law permits providers to disclose private communications to the government whenever they have a good-faith belief that such disclosure is required to respond to an emergency. Furthermore, emergency exceptions are quite uncommon. For example, in 2014 Google received only 342 emergency requests, compared to 20,280 subpoenas and search warrants, and information was provided in response to the vast majority of those emergency requests. If a provider finds a problem with the request, law enforcement can always revise it to address concerns.
The fact that providers might have concerns about a request actually raises a critical reason why making any emergency request mandatory is unsafe: It would create serious risks for data security. Malicious hackers can pose as law enforcement to steal customer data, demanding that companies provide private information in response to a phony emergency. Providers need to be able to protect their users from fraudulent requests, and mandatory disclosure could limit that. Further, even a legitimate law enforcement emergency request could be made in a manner that would risk unnecessary exposure to cybercriminals (such as an improper method of transfer). A back-and-forth with the provider to correct these could take merely a few minutes and protect users’ information, but mandatory disclosure would close the door on this commonsense response.
The truth is the current system for emergencies works. It protects both public safety and the ever-growing threat of malicious hackers. Rushing to change this rule is unnecessary, and risks creating more problems than it could solve. When the Senate takes up the Email Privacy Act, it would best serve law enforcement and the public by leaving the emergency exception rule its current form.
Trainum is a retired homicide detective who served 27 years with the Metropolitan Police Department of Washington, D.C. He co-chairs The Constitution Project Committee on Policing Reform.