Last week we learned that the Department of Justice, in an unprecedented intrusion on the work of journalists, had obtained records for twenty telephone numbers belonging to the Associated Press or its reporters, spanning April and May 2012. The telephone records obtained do not include the content of phone calls, but they likely reveal the phone number of each and every caller on those lines for a period of weeks and, therefore, the identity of scores of confidential media sources.

The seizure of these records came to light only because the government has a special set of guidelines that require it to notify any media organization of a subpoena for its records within (at most) 90 days. The AP appears to have learned of the seizure of its phone records, albeit after the fact, only because of this special policy.

The notice given to the AP has generated a healthy debate over the limits on the government’s authority to acquire our telephone and internet records. But what if you aren’t a media organization and, therefore, do not benefit from the special government policy entitling you to notice when the government obtains your telephone or internet records? What information can the government get about you, and is it even required to tell you when it does so? The short answer is: it can learn a great deal about your communications, often without even getting a warrant, and it is generally not required to tell you it’s done so at all.

Today, the government has many different tools to seek phone records or personal electronic data from your phone company or internet service provider. And, in many cases, current law does not require the government to provide you with notice at all, even after the fact. As an example, take a look at two of the most significant tools at the government’s disposal, including those it may have relied upon in seeking the AP’s phone records:

The Electronic Communications Privacy Act of 1986 (ECPA) permits the government to obtain exactly the kind of telephone records and other subscriber information that it likely seized from the AP. Under this statute, the government can require a telephone company to turn over: a subscriber’s local and long distance telephone connection records; records of session times and durations; telephone number or other subscriber number or identity; and means and source of payment for service, including any credit card or bank account number. ECPA also permits the government to seek parallel information from an internet service provider, including the IP address assigned to a subscriber and the IP addresses of the websites he or she has visited.

National Security Letters (NSLs) authorize the FBI to compel a wire or electronic communication service provider to turn over “subscriber information and toll billing records information, or electronic communication transactional records in its custody or possession.” No court is required to approve an NSL and, since 9/11, the FBI has issued tens of thousands of NSLs each year. Documents previously obtained by the ACLU show that the FBI often uses NSLs to demand email header information, which includes the “to” and “from” lines of individual email messages.

To obtain subscriber information using either ECPA or an NSL, the government need not go to a judge for a warrant. Both statutes make it far easier for the government to obtain this information. Under ECPA, it can use a secretive grand jury subpoena, an administrative subpoena, or a court order showing that the records sought are simply “relevant and material” to an ongoing criminal investigation. For NSLs, the FBI can simply certify, unilaterally, that the records are “relevant” to an intelligence or terrorism investigation. In either case, it is a very low bar, particularly for records as extensive and revealing as those seized from the AP—likely hundreds of phone calls covering a period of weeks or even months.

Remarkably, neither ECPA nor the NSL statute require the government to give any notice whatsoever when it acquires someone’s telephone or internet records. Even more, these statutes permit the government to obtain a gag order prohibiting the telephone company or internet service provider from notifying its subscriber of the intrusion. The AP learned about the demand for its records only because of the special DOJ guidelines that give added protection to media organizations. But in most cases, and for most individuals, there is simply no right to notice and no opportunity to challenge the government’s demand for personal information held by one’s telephone company or internet service provider. In short, if the government goes after this information and you are not a member of a media organization, you may well never know.

This lack of notice is one crucial element of the growing gap between our privacy rights and our personal information. By necessity, we depend on telephone companies and internet service providers to transmit our private phone calls and email messages. Based on a decades-old decision, the courts and the government believe that who we call or who we email is not private because our telephone and internet companies store records capable of revealing this information. But that does not match our reasonable expectations of privacy in today’s world. Nor does it diminish our interest in knowing when the government demands records that would reveal our personal communications and contacts to law enforcement.

This interest in notice is, in part, practical: individuals cannot depend on telephone companies and internet service providers to challenge government efforts to seize personal information, even where the government may have overreached or exceeded its authority. As large corporations enmeshed in a host of government relationships, the interests of these companies are not necessarily aligned with the privacy rights of their individual subscribers. A proper defense of these rights begins with notice to the individual whose information is at stake.

The AP’s experience is a reminder of how much of our private information the government may demand—including the phone numbers we call, the email addresses we contact, and the websites we visit—and how easy our current laws make it for the government to get this information without our ever knowing.