July 6, 2022

Updating an E-Mail Law From the Last Century

But a federal appeals court in Ohio later found that the government had violated Mr. Warshak’s constitutional right to privacy. The court said investigators should have convinced a judge that there was probable cause and obtained a search warrant, as though his messages had been stashed in a desk drawer. Although the court let the conviction stand, the case highlighted the conflicting legal rules that govern electronic privacy.

Congress is now set to clarify those rules, bringing that quarter-century-old law, the Electronic Communications Privacy Act, or E.C.P.A., in line with the Internet age.

On Thursday, the Senate Judiciary Committee will start deliberating a measure that would require the government to get a search warrant, issued by a judge, to gain access to personal e-mails and all other electronic content held by a third-party service provider.

The current statute requires a warrant for e-mails that are less than six months old. But it lets the authorities gain access to older communications — or bizarrely, e-mails that have already been opened — with just a subpoena and no judicial review.

The law governs the privacy of practically everything entrusted to the Internet — family photos stored with a Web service, journal entries kept online, company documents uploaded to the cloud, and the flurry of e-mails exchanged every day. The problem is that it was written when the cloud was just vapor in the sky.

Silicon Valley companies as well as advocacy groups from the political left and right have been lobbying for change for many years, and reform legislation seems to be gaining broad political support. Even the Justice Department appears to have approved one major change: requiring law enforcement to get a search warrant for all kinds of electronic content, no matter how long it has been in electronic storage or what exactly electronic storage means.

“Changing the law has become more of an imperative because of the growth of cloud computing, because everyone including members of Congress are storing sensitive info with third-party providers and they want it to be protected,” said Greg Nojeim, senior counsel at the Washington-based Center for Democracy and Technology, which is financed partly by Silicon Valley companies and which is part of a coalition pushing for reform. “The technology is advancing and people realize the law has to keep pace.”

Updating the bill could have a broader impact on civil cases as well, clarifying who can gain access to e-mails, photos and Facebook posts in corporate litigation and divorce court.

And it could lay out clearer rules for government agencies like the Internal Revenue Service to follow to gain access to private citizens’ e-mails. The agency told Congress recently that it seeks search warrants before reading taxpayer e-mails, though its written policy says otherwise, according to an information request filed by the American Civil Liberties Union.

Courts across the country, apparently baffled by how to apply the existing law, which applies to content held in “electronic storage,” have ruled in sometimes contradictory ways over the privacy of electronic material in both civil and criminal cases.

In one prominent case, Lee Jennings sued a relative of his wife who had broken into his Yahoo account and ferreted out e-mails describing an extramarital affair that were later used as incriminating evidence in divorce proceedings.

Mr. Jennings claimed a violation of his privacy under the electronic privacy act, but the highest court in his home state of South Carolina held that his e-mails, which sat on Yahoo’s servers, were not held in “electronic storage,” and therefore were not covered by the statute. A federal court in California years earlier had ruled differently in another case, interpreting “electronic storage” far more broadly.

Article source: http://www.nytimes.com/2013/04/25/technology/updating-an-e-mail-law-from-the-last-century.html?partner=rss&emc=rss

Jobs Says Apple Made Mistakes With iPhone Data

“We haven’t been tracking anybody,” Mr. Jobs said in an interview on Wednesday. “Never have. Never will.”

Mr. Jobs said that Apple would fix the mistakes in a free software update that it would release in the next few weeks.

Mr. Jobs, who is currently on medical leave, addressed the issue along with two Apple executives — Philip W. Schiller, the senior vice president of worldwide product marketing, and Scott Forstall, the senior vice president of iPhone software. A week ago, two researchers reported that they had discovered a file in Apple’s devices containing what appeared to be data of the locations visited by users over the previous 12 months. The discovery raised fears that Apple was tracking its users and prompted investigations by various European governments and demands for explanations from United States lawmakers.

Earlier on Wednesday, Apple posted a statement on its Web site explaining how its system used the file to pinpoint a phone’s location.

Mr. Jobs defended the timing of Apple’s response to the controversy, saying that “rather than run to the P.R. department,” it set out to determine exactly what happened.

“The first thing we always do when a problem is brought to us is we try to isolate it and find out if it is real,” he said. “It took us about a week to do an investigation and write a response, which is fairly quick for something this technically complicated.”

He added, “Scott and Phil and myself were all involved in writing the response because we think it is that important.”

Some privacy advocates who were harshly critical of Apple last week praised the company’s response, saying they were steps in the right direction.

“Apple acknowledged a mistake and they fixed it,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, said in an interview. “That’s a good thing.”

Mr. Rotenberg said the industry still had to address issues about collecting and using location data.

Confirming speculation from some security researchers, Apple said in the statement posted on its Web site that the file in people’s iPhones was not a log of their location but rather “the locations of Wi-Fi hot spots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone.”

Apple said it used the data, which it called a cache, to calculate a device’s location more quickly than through GPS satellites.

But Apple acknowledged that it had made mistakes, which it attributed to programming errors, in storing the data for a long time, keeping the file unencrypted and storing the data even when users had chosen to turn off location services.

“The system is incredibly complex,” Mr. Forstall said. “We test this carefully but in such a complex system there are sometimes places where we could do better.”

Apple said it would reduce the location cache on the iPhone to no more than seven days. The company also said it would stop backing up the cache onto people’s computers and would delete the cache entirely when users turned off location services.

Apple also said that it updated its database of Wi-Fi hot spots and cell towers by using its customers’ phones as sensors. But it said that it could not locate users based on the file on the phone, and that it collected the information in an anonymous and encrypted form. The company cannot identify the phone user from the data, it said.

While some security experts have known about the existence of the file for some time, the issue made headlines last week after the researchers reported their findings at a technology conference in San Francisco. Apple came under heavy criticism for its silence after the discovery.

The location report attracted attention from some government officials, including Senator Al Franken, Democrat of Minnesota, who sent a stern letter to Apple asking why it was “secretly compiling” the data and what it would be used for. Congressman Edward Markey, a Democrat from Massachusetts, and Lisa Madigan, the Illinois attorney general, also sent letters to Apple asking for an explanation of the issue.

Google acknowledged last week that it, too, collected data about the location of Wi-Fi hot spots and cell towers from its users.

Apple’s statement contained a tidbit about possible future product plans. The company said it also was collecting traffic data from its phones and tablets to build a crowd-sourced traffic database. That would enable Apple to provide real-time traffic information along with navigation advice. Google already uses Android phones to collect real-time traffic information.

Mr. Jobs declined to answer questions about his health or about any plans to return to Apple. Last week, during the company’s quarterly financial report, Timothy D. Cook, the chief operating officer, said, “He continues to be involved in major strategic decisions, and I know he wants to be back full time.”

Nick Bilton contributed reporting from New York.

Article source: http://www.nytimes.com/2011/04/28/technology/28apple.html?partner=rss&emc=rss