recommended reading

What the AP Subpoena Scandal Means for Your Electronic Privacy


The Justice Department’s snooping on journalists working for the Associated Press is an abuse of power in the broadest sense. But one reason the whole episode is controversial at all is because the Obama administration technically broke no rules.

By law, companies that cooperate with government investigations—such as the telecom operators the AP concludes gave up its phone logs—are protected from lawsuits. The immunity is built into a 2008 revision of the Foreign Intelligence Surveillance Act—which President Obama, then a senator, opposed before backtracking and endorsing it.

“I support the compromise, but do so with a firm pledge that as president, I will carefully monitor the program,” Obama said shortly after the legislative update passed the House.

The flip-flop enraged civil libertarians at the time, but Monday's revelation from DOJ reveals how far the government has come since the days when going after journalists meant subpoenaing them head-on and causing a public spectacle in the process.

As recently as 2011, Attorney General Eric Holder was still plugging leaks the hard way, ordering New York Times reporter James Risen to show up in court to burn his own source. (Risen refused, and is still resisting the court.) It was all part of an aggressive Obama policy to pursue leakages that continues today. But now it seems as though the Justice Department is trying a different strategy. Rather than haul a resistant reporter before the court, it’s instead circumventing that circus altogether by going straight to the phone companies. That the telcos are able to deflect lawsuits under FISA only inflates the incentive to ask for their data. As Edward Wasserman, dean of the journalism school at UC-Berkeley, wrote in The Miami Herald last May:

... prosecutors aren’t hassling reporters as they once did. Thanks to the post-9/11 explosion in government intercepts, electronic surveillance, and data capture of all imaginable kinds — the NSA is estimated to have intercepted 15-20 trillion communications in the past decade — the secrecy police have vast new ways to identify leakers.

So they no longer have to force journalists to expose confidential sources. As a national security representative told Lucy Dalglish, director of the Reporters Committee for Freedom of the Press, “We’re not going to subpoena reporters in the future. We don’t need to. We know who you’re talking to.”

The government’s supposed to make a reasonable effort to get the forensic information it’s looking for without resorting to press-related subpoenas. Whether those reasonable efforts were made this time is going to be an important question moving forward. But even more important is whether they’ll make the efforts next time. Whatever you believe about the morality of prosecuting leakers—and even if the Obama administration really did exhaust its other options before turning to the telecom operators—the temptation to seize phone logs as a first resort rather than the last is only growing in proportion to the amount of data that carriers are collecting and storing on us all.

It’s not just journalists and their sources who stand to suffer from an erosion of the legal barriers between government and businesses. Here’s a short list of your personal information companies can hand over to the feds without repercussion, and on little more than a subpoena: geolocation data, the PCs you’ve accessed, emails you’ve sent and text messages and content you’ve placed on cloud services like Dropbox.

Some companies have taken steps to counteract this trend. Dropbox, Twitter and LinkedIn have all promised to tell you when the government asks for data about you. Every year, the Electronic Frontier Foundation grades major tech firms along these lines.

But even this approach requires businesses to put the users’ interests before the government’s (or their own) which is a lot to ask of firms that often face heavy regulation. It's hard to be defiant to the Department of Justice while you beg the Federal Communications Commission for a favor. Meanwhile, the costs of compliance sink to remarkably low levels when FISA is there to give you cover.

Now it’s fallen to the nation’s least-functioning body to address the problem. The Senate’s working on a bill that would require at least a warrant for some types of electronic data and would close a loophole that currently lets law enforcement access your emails if they’re more than 180 days old. It might pass, and it might not. But you can expect the Obama administration to drag its feet the whole way.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.