What the AP Subpoena Scandal Means for Your Electronic Privacy

The Justice Department’s snooping on journalists working for the Associated Press is an abuse of power in the broadest sense. But one reason the whole episode is controversial at all is because the Obama administration technically broke no rules.

By law, companies that cooperate with government investigations—such as the telecom operators the AP concludes gave up its phone logs—are protected from lawsuits. The immunity is built into a 2008 revision of the Foreign Intelligence Surveillance Act—which President Obama, then a senator, opposed before backtracking and endorsing it.

“I support the compromise, but do so with a firm pledge that as president, I will carefully monitor the program,” Obama said shortly after the legislative update passed the House.

The flip-flop enraged civil libertarians at the time, but Monday's revelation from DOJ reveals how far the government has come since the days when going after journalists meant subpoenaing them head-on and causing a public spectacle in the process.

As recently as 2011, Attorney General Eric Holder was still plugging leaks the hard way, ordering New York Times reporter James Risen to show up in court to burn his own source. (Risen refused, and is still resisting the court.) It was all part of an aggressive Obama policy to pursue leakages that continues today. But now it seems as though the Justice Department is trying a different strategy. Rather than haul a resistant reporter before the court, it’s instead circumventing that circus altogether by going straight to the phone companies. That the telcos are able to deflect lawsuits under FISA only inflates the incentive to ask for their data. As Edward Wasserman, dean of the journalism school at UC-Berkeley, wrote in The Miami Herald last May:

The government’s supposed to make a reasonable effort to get the forensic information it’s looking for without resorting to press-related subpoenas. Whether those reasonable efforts were made this time is going to be an important question moving forward. But even more important is whether they’ll make the efforts next time. Whatever you believe about the morality of prosecuting leakers—and even if the Obama administration really did exhaust its other options before turning to the telecom operators—the temptation to seize phone logs as a first resort rather than the last is only growing in proportion to the amount of data that carriers are collecting and storing on us all.

It’s not just journalists and their sources who stand to suffer from an erosion of the legal barriers between government and businesses. Here’s a short list of your personal information companies can hand over to the feds without repercussion, and on little more than a subpoena: geolocation data, the PCs you’ve accessed, emails you’ve sent and text messages and content you’ve placed on cloud services like Dropbox.

Some companies have taken steps to counteract this trend. Dropbox, Twitter and LinkedIn have all promised to tell you when the government asks for data about you. Every year, the Electronic Frontier Foundation grades major tech firms along these lines.

But even this approach requires businesses to put the users’ interests before the government’s (or their own) which is a lot to ask of firms that often face heavy regulation. It's hard to be defiant to the Department of Justice while you beg the Federal Communications Commission for a favor. Meanwhile, the costs of compliance sink to remarkably low levels when FISA is there to give you cover.

Now it’s fallen to the nation’s least-functioning body to address the problem. The Senate’s working on a bill that would require at least a warrant for some types of electronic data and would close a loophole that currently lets law enforcement access your emails if they’re more than 180 days old. It might pass, and it might not. But you can expect the Obama administration to drag its feet the whole way.