In February 2014, the attorney general for the state of Utah did something remarkable, something that law enforcement officials hardly ever do: He willingly gave away some of his power. The power was too great, he said, and the potential for abuse too serious. Furthermore, the AG argued, the broad, unaccountable power was not needed to protect the public.

The Salt Lake Tribune reports:

Utah Attorney General Sean Reyes has discontinued his office’s use of administrative subpoenas, a controversial law-enforcement tool that lets investigators gather certain Internet or cellphone records without getting a warrant, raising serious privacy concerns. Instead, investigators in the attorney general’s office are now required to go to a judge and get an order allowing them to obtain the information they are seeking. "I have halted all use of administrative subpoenas," Reyes said in an interview Friday. "No one can execute one without my permission, and I don’t anticipate using them unless there was an emergency situation, like an Amber Alert with a predator whose information we absolutely had to access." Reyes, who was sworn in as attorney general in December, said giving up the tool might make the job of his investigators a little harder, but he has been assured that "it won’t in any way curtail or hinder our ability to prosecute the bad guys.”

The attorney general announced that his office would stop using administrative subpoenas (except in true emergencies) after a Utah state legislator filed a bill that would require prosecutors to obtain judicial approval before subpoenaing records from phone companies, banks, internet service providers, or other third-party data holders.

The administrative subpoena standard grants state and local prosecutors access to any and all metadata about anyone, without any judicial approval or external oversight. A bill filed in Massachusetts would repeal our state’s administrative subpoena statute altogether, and require judicial oversight for all metadata access.

Massachusetts’ high court ruled in February that investigators must get a warrant before obtaining cell site location information from telecommunications companies, carving out a location tracking sized hole in the notorious third-party doctrine. Established in two (old) Supreme Court cases—one pertaining to phone records, and the other to banking records—the third-party doctrine says that individuals have no privacy right to defend information from government seizure if it is held by a third-party. The NSA and FBI use this outdated legal precedent as the basis for their dragnet phone surveillance program.

But while the federal government seems stuck in the big hair era when it comes to privacy law, states are moving in the right direction.

Kudos to the Utah state attorney general. Let’s hope other states take note, and act accordingly. If cops and prosecutors want to invade our privacy, they should be required to get a warrant.

Crossposted from the ACLU of Massachusetts's Privacy SOS blog.