SEC Boss Can't Keep Her Story Straight On Whether Or Not SEC Snoops Through Your Emails Without A Warrant

from the let's-get-this-straight-now... dept

"What concerns me, as the head of a... law enforcement agency, is that we not put out of reach of lawful process... what is often, sometimes the only, but critical evidence of a serious securities fraud.... And we use that authority quite judiciously, but it's extremely important to law enforcement."

"While these discussions have been going on, to try to sufficiently balance the privacy and the law enforcement interests, we've not to date to my knowledge proceeded to subpoena the ISPs . But that, I think, is critical authority to be able to maintain -- done in the right way and with sufficient solicitousness and it's very important to the privacy interests which I do think can be balanced.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

For many years now, we've been writing about the need for ECPA reform . ECPA is the Electronic Communications Privacy Act, written in the mid-1980s, which has some frankly bizarre definitions and rules concerning the privacy of electronic information. There are a lot of weird ones but the one we talk about most is that ECPA defines electronic communications that have been on a server for 180 days or more as "abandoned," allowing them to be examined without a warrant and without probable cause as required under the 4th Amendment. That may have made sense in the 1980s when electronic communications tended to be downloaded to local machines (and deleted), but make little sense in an era of cloud computing when the majority of people store their emailon servers. For the past few years, Congress has proposed reforming ECPA to require an actual warrant for such emails, and there's tremendous Congressional support for this.And yet... it never seems to pass. The story that we keep hearing is that two government agencies in particular really like ECPA's outdated system: the IRS and the SEC . Since both only have administrative subpoena power, and not the ability to issue warrants like law enforcement, the lower standards of ECPA make it much easier for them to snoop through your emails without having to show probable cause. Last year, in a Congressional hearing, the SEC's boss, Mary Jo White, was questioned about this by Congressman Kevin Yoder, who has been leading the charge on ECPA reform. As we reported at the time, in the conversation, White clearly said that the SEC needed this ability or it would lose "critical" information in its investigations. You can see the conversation from 2014 below, where White (starting around 2:30) explains how vital this process is to the SEC:Here's the key line:What struck us as interesting last year was White admitting that the SEC appeared to regularly use this process, since she noted that it was "extremely important" and provided "critical evidence."Fast forward to this week, and the same two players were involved in yet another Congressional hearing. You can see that conversation here as well , with the critical point being made after about four and a half minutes, where White says some of the same stuff, about the privacy protections, and how even if the SEC used this process it still notifies the subscribers to give them a due process right to protest the subpoena... but also, oddly, seems to claim that the SEC never actually makes use of this process:Here's the key line this time (the full response is a jumble of half sentences and unfinished thoughts, so it's a bit of a mess):As I said, if you watch her entire response, it's a complete mess of half-finished thoughts, which seems rather typical of someone trying to sound like they're answering a question but not actually doing so. Later in the same answer, she insists that taking away this authority might take away an important tool.So, we know that the SEC really wants to keep this tool. But last year it said it was "extremely important" and provided "critical evidence." This year, she's saying that the SEC isn't even using the tool. So, uh, which is it? Is this tool absolutely necessary for critical evidence, or is it not even being used by the SEC?And, through all of this, the SEC: why can't it treat email the same way it has to treat paper documents under the 4th Amendment? That is, if it wants the document it canfor those documents. It does not get to route around the end user and subpoena a third party for those documents. So why can't it treat email in the same way?

Filed Under: ecpa, ecpa reform, emails, irs, kevin yoder, mary jo white, sec, subpoenas, warrants