To most Americans (and other countries that have laws to protect citizens from search and seizure without warrant), it may come as a surprise that a search warrant is not required for the American government to access private emails. This is due to the ‘Electronic Communications Privacy Act’ (ECPA), a law passed in the United States in 1986 that allows the authorities to get warrant-free access to emails stored on a server for more than 180 days.
In 1986 the law wasn’t seen as a threat to protection against search and seizure without warrant because, back then, most emails were either retrieved or deleted a few days after being sent/received because the technology back then didn’t allow for cheap, large storage. So the logic behind ECPA was that any email left on a server after 180 was no longer considered private and the authorities should be able to access it without a warrant. (Note: If authorities want access to an email that is younger than 180 days, they have to legally obtain a warrant.)
The issue is today technology allows for cheap storage. Inboxes are getting bigger and bigger and, as such, people are no longer deleting emails once they have been read. Many people, including myself, simply leave emails as-is because we don’t have to worry about storage space. So most emails today end up being older than 180 days and ECPA allows authorities to legally access the emails without a search warrant. Not with Gmail, however.
As it turns out, Google is standing up for the rights of its Gmail users and demanding the American government — and related law enforcement agencies — provide a warrant if they want access to Gmail emails. In other words, if the authorities want access to the content of emails, they need to provide Google with a search warrant. It isn’t entirely clear if this is Google’s stance in the United States only or in other countries it operates in, too.
Now, it should be mentioned that Google has given up some user data (such as registration name, IP address, ‘to’ and ‘from’ email addresses, dates, etc.) to the authorities with just a ECPA subpoena (i.e. without a search warrant). However, according to Google spokesperson Chris Gaither, email content is where Google draws the line:
In order to compel us [Google] to produce content in Gmail we require an ECPA search warrant. If they come for registration information, that’s one thing, but if they ask for content of e-mail, that’s another thing.
The difference between a search warrant and a subpeona is that the latter is easier to obtain by law enforcement. For a subpeona, there only needs to be “reasonable grounds” whereas for a search warrant there needs to be “probably cause”.
It should also be mentioned that this no-email-without-search-warranty policy of Google’s is relatively new. No one knows exactly when Google started asking for search warrants from authorities but it is know that Google did follow ECPA demands without asking for a search warrant in the past (as it is required to, by law).
Of course the only way to fix this whole don’t-need-search-warrant-for-email fiasco is for Congress to get off their arses and revoke or amend ECPA. (There was an attempt in the Senate last year, but the bill never passed.) However, until such a time, I personally feel better knowing that Google won’t turn over my emails to the government and related agencies without probable cause.