In response to the remarkable news that the National Security Agency was routinely cataloging the metadata of millions of Verizon customers, many Americans simply shrugged their shoulders and carried on. Sadly, they readied their bromides too. On HBO’s Real Time with Bill Maher last week, the comedian Dana Gould revealed that when he sends an e-mail, he presumes that “it’s just gone.” The audience nodded knowingly.
In truth, neither Gould nor anybody else should assume any such thing. “I have read and agree to the Terms and Conditions,” is, the joke has it, the biggest lie of the modern era. But that you didn’t bother to take note of the regime does not mean that you did not acquiesce to it. Whether you were aware of it or not, when you clicked “Accept” you entered yourself into a legal contract. Unless you have a particularly disreputable e-mail provider, your missives have certainly not “just gone” into the ether. Their fate is strictly governed.
“We do not share personal information with companies, organizations and individuals outside of Google,” the company says. Although,
for legal reasons we will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request.
Were the United States a banana republic, this would not be a greatly reassuring proviso. Indeed, in much of the world one could presumably read this as a guarantee that the government had unlimited access to your data. But this is not a banana republic. In America, the state comes with terms and conditions, too, and those conditions have engendered certain expectations among the citizenry.
We may disclose information that individually identifies our customers or identifies customer devices in certain circumstances, such as:
to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law;
“Authorized by law” is a term of extreme latitude; its meaning depends entirely on what the law says. But in the context of modern American law, almost nobody reading Verizon’s T&Cs would reasonably expect that the National Security Agency would end up tapping their records, because they understand what “court order” and “search warrant” mean. They also know that the NSA is a body established to spy on foreigners who are not protected by the Fourth Amendment, and that by law it is allowed to acquire “information concerning the domestic activities of United States persons” only if a FISA court agrees that the target of surveillance is “a foreign power or agent of a foreign power.” When, as has apparently happened, the definitions of “search warrant,” “foreign power,” and “court order” are stretched so far as to include millions or hundreds of millions of people for whom there is no probable cause of wrongdoing, these words become meaningless — and the trust breaks down. As Orin Kerr wrote at the Volokh Conspiracy recently:
It turns out that the FISA court order disclosed yesterday — the one forcing Verizon to turn over all telephone metadata — was just the latest renewal of a court order that the government first obtained seven years ago. So I gather that every 90 days, they go back and say, “yes, getting the entire database of all call records is still relevant,” and they get a new 90-day order.
Whether this is technically legal or not is a matter of debate. But if it is, it changes the expectations game considerably. As Jonathan Turley wrote in USA Today last week:
Even accepting that ill-conceived decision in Smith v. Maryland, the Court was addressing government seizure of numbers to individuals who become material to investigations. The government previously used “national security letters” to get such information. What the Obama administration has done is effectively issue a national security letter for every citizen in America.