There has been quite a kerfuffle around the apparent fact that Hillary Clinton solely used her personal email account for government business. This piqued my curiosity, especially since I've been playing with a service called Conspire lately.
Conspire is a startup that analyzes your email and then seeks to provide you with an email chain with which to introduce you to the desired person. So, say I wanted to email my current business crush, Marcus Lemonis, Conspire's system found a path with which I could ask for an introduction. In my case, my friend Espree could email her friend Nathan for an introduction to Marcus. Neat. I can definitely see how Conspire could become a useful tool, albeit one that raises some very interesting privacy questions.
So, I looked for Hillary Clinton's now firstname.lastname@example.org email address in Conspire. No luck. Conspire is still growing, so I suppose it makes sense that none of its members have yet to email Hillary. But then I tried just the clintonemail.com domain in the search, and got one hit. Huma Abedin, Hillary's long-time aide, had an email address with the clintonemail.com domain in Conspire's records. Unfortunately, I have no connection path to Ms. Abedin, so I can't ask the system to facilitate an introduction, but it is fascinating. What other Clinton staffers were using email addresses at the clintonemail.com domain? Seems like at least one was.
To be fair, Abedin not only was Clinton's deputy chief of staff in the State Department, but she also continued to work for Clinton after Clinton left office. It is possible that she only got the email address after leaving the government, but it certainly raises some serious questions about whether or not other State Department staffers were provided private clintonemail addresses to avoid transparency requirements. In fact, Politico is reporting specifically that Abedin and other staffers used non-government email addresses while in the State Department, which suggests the clintonemail address may have come earlier:
Clinton’s personal aide, Huma Abedin, and her communications adviser, Philippe Reines, regularly used unofficial email accounts for work-related email, former colleagues said.
This also makes me wonder what other new communications mediums our government officials are using. Could world leaders be SnapChatting each other? Or perhaps sending international YO's? Or trolling each other on YikYak? And, if they are, are they complying with records retention laws?
Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, State Department officials said, and may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record.
Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.
This is dumb on many, many levels and there appears to be no excuse for it happening. First off, using a personal email as Secretary of State seems like a massive privacy and security risk. While one hopes that there was at least some attempt to better secure her personal account by government security experts, it's still almost certainly less secure. Given how much sensitive information the Secretary of State has to deal with, it seems inexcusable that she was allowed to conduct official business via her personal account. That to me seems like an even bigger deal than the part that everyone else is focused on: the failure to preserve her emails as required by law.
Of course, the failure to preserve the emails is a big deal as well. But here's the really stunning thing: there is simply no way that Clinton and others in the administration didn't know that she was supposed to be using a government email address and preserving those emails. That's because both the previous administration and others in her own administration got in trouble for using personal email addresses. As Vox notes, towards the end of the Bush administration there was a similar scandal involving a variety of high level administration members using personal email to conduct government business and to avoid transparency requirements.
That scandal unfolded well into the final year of Bush's presidency, then overlapped with another email secrecy scandal, over official emails that got improperly logged and then deleted, which itself dragged well into Obama's first year in office. There is simply no way that, when Clinton decided to use her personal email address as Secretary of State, she was unaware of the national scandal that Bush officials had created by doing the same.
That she decided to use her personal address anyway showed a stunning disregard for governmental transparency requirements. Indeed, Clinton did not even bother with the empty gesture of using her official address for more formal business, as Bush officials did.
But that's not all. What the Vox report doesn't note is that the scandal actually carried over to the Obama administration also, as the White House's first Deputy CTO was reprimanded for using his personal email address as well, early in 2010. So there was both a scandal about the similar use of private email accounts in the previous administration and in the Obama administration. It's impossible to believe that Clinton or the other key people who worked for her in the State Department were unaware of one or both of these issues while she was using her personal email address.
While the White House's email system may be clunky and annoying to use (as I've heard repeatedly), there's simply no excuse for Clinton not to have used it at all -- and for the emails she did send not to be preserved as required under the law. A few years ago, we mocked Homeland Security boss Janet Napolitano for refusing to use email entirely -- though at least she was upfront about the reason. She didn't want to be held accountable for what she said -- though, the reality was she would still have staff members send emails for her. Clinton appears to have wanted to be free of that accountability as well, but to still have the benefits of direct electronic communication herself. In short, she purposely ignored the law for her own benefit.
There are multiple ways to handle a super-sensitive situation like this one. The following is none of them. [via CJ Ciaramella]
Far too many politicians and legislators aren't happy with the fact that their emails are subject to public records requests. Some attempt to dodge this layer of accountability by using personal email accounts to handle official business. Oregon governor John Kitzhaber is one such politician.
Gov. John Kitzhaber’s office last week requested state officials destroy thousands of records in the governor’s personal email accounts, according to records obtained by WWand 101.9 KINK/FM News 101 KXL.
Rumors of possible influence peddling led to this public records request. Kitzhaber's last-minute attempt to set fire to his email legacy doesn't exactly plant a halo over his head, seeing as it came one day before the Oregon DOJ opened up an investigation into these allegations. But he might have gotten away with it if only his own executive assistant hadn't completely sabotaged the coverup.
Records show the request to destroy Kitzhaber’s emails came from Jan Murdock, Kitzhaber’s executive assistant. She wanted all emails from Kitzhaber’s personal email accounts removed from state servers.
Let that sink in for a moment.
There has been no word as to whether Kitzhaber required emergency surgery to remove his face from his palm after his assistant informed him that she had EMAILED orders to delete his EMAILS to EMAIL accounts that were subject to open records requests.
But then again, maybe Kitzhaber would have been out of luck anyway. Restoring a bit of faith in the system were the responses from staffers to this unusual request.
The prospect of deleting thousands of emails clearly made Osburn’s supervisor, Arian Turpin, uncomfortable.
“Guys, hold on processing this request until we receive approval from a higher authority,” Turpin wrote in a Feb. 5, 2015 email at 6:52 pm. “Given the unusual nature of the request, I’m reluctant to have my team move forward without the active awareness and consideration of the possibilities and a direct approval from higher levels of the action.”
Turpin kicked this up to the next level, and the next level (Turpin's supervisor, Shawn Wagoner) was similarly hesitant to be Kitzhaber's accomplice. He ordered those involved to "take no action at this time" while he kicked it up yet another level to his boss (Gary Krieger) -- who also felt there was something inherently wrong with vanishing the Governor's emails.
Krieger told his supervisor, Michael Rogers, that he would not destroy the emails.
“I am not willing to make the call to delete information out of the email archive,” Krieger wrote on Feb. 5 at 7:24 pm. “As I stated we will need to discuss.”
The lesson here is: if you want to run a successful coverup, you need to make sure you've got more than oneperson on board with your plan. And you need to make sure that oneperson won't cheerfully pitch in with "help" that only hurts.
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.
"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."
Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden's revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he's made about $25,000 per year since 2001 — a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date — far short of his goal of $137,000 — which would allow him to pay himself a decent salary and hire a full-time developer.
The fact that so much of the Internet's security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.
Koch's code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. "If there is one nightmare that we fear, then it's the fact that Werner Koch is no longer available," said Enigmail developer Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial situation."
The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations — just enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.
Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.
In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.
Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.
Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions.
Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.
In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.
For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. "But nothing came," Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.
But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.
The campaign gave Koch, who has an 8-year-old daughter and a wife who isn't working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. "I'm very glad that there is money for the next three months," Koch said. "Really I am better at programming than this business stuff."
from the the-last-time-we-reformed-our-privacy-laws... dept
For many, many years, we've been talking about the need for ECPA reform. ECPA -- the Electronic Communications Privacy Act -- is an incredibly outdated piece of legislation from the 1980s that governs law enforcement's ability to access email and other electronic communications. This was the era before the internet was anywhere close to the mainstream (though it did exist). Among the various weird parts of the law, it says that any communication that is over 180 days old and still on a server is considered "abandoned" so that the government can access it without a warrant. Think about that in this era when you keep all your communications online. It was written when lawmakers thought people would "download" the messages off a server. That's just the most noteworthy problem -- there are all sorts of different definitions based on messages that have been opened or not opened and other oddities as well, almost none of which make sense.
Last year we noted that more than half of the House was co-sponsoring a bill put forth by Reps. Kevin Yoder and Jared Polis to reform ECPA in a big way. But even with so many supporting the law, it failed to move. A big hurdle? Both the IRS and SEC (note: not your standard law enforcement agencies) like the fact that they can use ECPA to snoop through electronic communications (without a warrant -- which those agencies can't get on their own anyway).
Yoder and Polis are back again with another attempt, and it's matched by a similar legislation in the Senate from Senators Patrick Leahy and Mike Lee. To get attention for the bill, Yoder, Polis and some other supporters took to Twitter in a bit of a meme fest, highlighting some historical facts to demonstrate just how long it's been since ECPA became law. It's worth scrolling through them all (though, there are a lot), because some are pretty funny:
At this point, it's a complete travesty that such a bill hasn't become law. People have explained the need for it for well over a decade, and more than half of Congress was signed on to co-sponsor it in the last Congressional term. Already this new bill has 228 additional co-sponsors in the House and another 6 co-sponsors in the Senate. The IRS and SEC's objections are simply ridiculous. Having more convenient access to someone's emails is no excuse for not better protecting the privacy of our online communications.
Of course, this isn't the only effort going on to protect privacy. Reps. Zoe Lofgren, Ted Poe and Suzan DelBene have also introduced a bill to update ECPA. It's pretty clear that Congress knows that the law needs to be updated, and it's time to get past whatever objections there are and actually start protecting our privacy.
After a series of moves that include introducing copyright laws that threaten the digital commons and open access, as well as criminalizing online calls for street demonstrations, Spain is fast emerging as a serious rival to Russia when it comes to grinding down the digital world. Unfortunately, it seems that lack of understanding extends to the judiciary too, as shown by recent events reported by Rise Up, an "autonomous body based in Seattle", which aims to provide secure and private email accounts for "people and groups working on liberatory social change". Here's what happened to some of its users in Spain:
On Tuesday December 16th, a large police operation took place in the Spanish State. Fourteen houses and social centers were raided in Barcelona, Sabadell, Manresa, and Madrid. Books, leaflets, computers were seized and eleven people were arrested and sent to the Audiencia Nacional, a special court handling issues of "national interest", in Madrid. They are accused of incorporation, promotion, management, and membership of a terrorist organisation.
The charges are extremely serious, and yet according to the Rise Up post, the accused have not been provided with any details of their alleged terrorist crimes. The judge in the case has, however, given a rather worrying justification for keeping many of them in prison:
Four of the detainees have been released, but seven have been jailed pending trial. The reasons given by the judge for their continued detention include the posession of certain books, "the production of publications and forms of communication", and the fact that the defendants "used emails with extreme security measures, such as the RISE UP server".
That is, merely trying to keep your email secure is now viewed in Spain as evidence that you are a terrorist. As the post points out:
Many of the “extreme security measures” used by Riseup are common best practices for online security and are also used by providers such as hotmail, GMail or Facebook.
The European Parliament’s report on the US NSA surveillance program states that "privacy is not a luxury right, but the foundation stone of a free and democratic society".
Back in June we wrote about Google's "End-to-End" project to enable full (real) end-to-end encryption in email via a Chrome extension. For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails). This isn't going that far, but making it much easier for individuals to truly encrypt their own emails (without any backdoors for the email provider) is definitely a big step forward. So it's good to see that the company has now moved the project to GitHub, and that Yahoo's Chief Security Officer, Alex Stamos, has been contributing to the project as well. Having two of the biggest webmail providers working together on an open source system for better encrypting emails end-to-end is a huge win for privacy and security. The project is still in its early days, and Google warns that it's not yet ready to release the extension in the Chrome Web Store, but it's great that things are moving forward. Of course, for those of you who can't wait, there already some extensions like Mailvelope that are pretty easy to use (though, some worry are not quite as secure as other options).
If it's late Friday afternoon and the public's attention is focused elsewhere, it must mean it's time for another document release from James Clapper's office (ODNI). The heavily-redacted documents dumped by the ODNI deal with the precursors to the FISA Amendments Act (FAA): the Terrorist Surveillance Program (TSP) and 2007's interim legislation (Protect America Act or PAA) that bridged the gap between the TSP and the FAA.
The most interesting document in the release is an April 3, 2007 order [pdf link] from the FISA court which contains some rare hesitation from a FISA judge (Roger Vinson) as he deals with the NSA's desire to capture communications without providing probable cause support for its actions.
A footnote attached to the first paragraph of the order makes it clear Judge Vinson felt he was drifting into uncharted waters, with much of that being due to the NSA's shifting definitions of surveillance terms in its previous legal arguments.
This order and opinion rests on an assumption, rather than a holding, that the surveillance at issue is 'electronic surveillance' as defined at 50 U.S.C. 1801(f), and that the application is within the jurisdiction of this Court.
Vinson's order points out that the NSA attempted to change the rules of its interception program, both in terms of the evidence it provides as well as its desire to collect communications of known US persons.
Until recently, these were the only circumstances in which the government had sought, or this Court had entered, a FISA order authorizing electronic surveillance of the telephone or e-mail communications of suspected international terrorists. However, on December 13, 2006, in Docket No. [redacted], the government filed an application seeking an order that would authorize the electronic surveillance of telephone numbers and e-mail addresses thought to be used by international terrorists without a judge's making the probable cause findings described above, either before the initiation of surveillance of within the 72 hours specified in 1805(f)...
The NSA claimed in its support memos that the probable cause finding was preventing the agency from working at maximum efficiency, causing it to fall behind a constantly moving terrorist threat. In addition, its January 2007 requests included one seeking permission to collect communications from known US persons, again without meeting even the lowered bar of probable cause required by the FISA court. While the court did hand down a number of stipulations, it allowed the NSA to use its proposed "emergency FISA application" to skirt probable cause requirements and the 72-hour notice period. It also granted this for rolling 90-day periods, subject to renewal. By doing this, the FISA court turned "emergency" surveillance into the new normal.
Beyond that, the NSA also sought to expand its set of "selectors." Previously, email addresses and phone numbers known to be used by (or about to be used by) members or agents of "foreign powers" or other redacted terrorist organizations were the only ones allowed to be used as selectors when collecting communications. In these applications, the NSA wanted to start contact chaining -- tasking email addresses or phone numbers that referred to previous selectors as new selectors. Judge Vinson's order notes that there's no way the NSA can hope to meet the probable cause requirement by doing this.
The acquisition of e-mail communications because they refer to a selector e-mail address does not appear to have been authorized under FISA prior to Docket [redacted] and is discussed further below.
The "further discussion" includes Vinson highlighting this relevant part of the FISA court's probable cause requirements.
(B) each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by a foreign power or an agent of a foreign power.
Because the NSA couldn't credibly claim that these new guilty-by-association selectors are being used by the targets it was authorized to collect from, the agency deployed a number of word games. Vinson points out that one memorandum of law defines "facilities" one way (more traditionally as an operations base), while the most recent one defined the word quite differently. (In particular, the NSA maintained that an email address or phone number is a "facility" in and of itself, simply because both "facilitate the transmission of communications." Footnote on page 32.)
Underlying the government's position, therefore, is the premise that 1805(a)(3)(B) can be applied so variously that a FISA judge has great discretion in determining what "facilities" should be the subject of the judge's probable cause analysis.
Much of what follows is redacted, especially where further clarification would be extremely useful. Reading between the black blocks, it appears the NSA attempted to argue that the collection of communications was distinct from the term "electronic surveillance," except for the gathering of internet communications, which it claims is synonymous with the statutory definition. After reading through the government's multiple citations (most of which the judge deems irrelevant) in support of its seemingly contrary arguments, Vinson arrives at this conclusion.
Tellingly, none of the cited eases stand for the proposition on which this application rests that electronic surveillance is not 'directed' at particular phone numbers and e-mail addresses.
That would be the NSA's argument that a "facility" can be an email address, except for the times when the more traditional definition allows it to cast a wider net. Vinson further points out that accepting the NSA's arguments means discarding the intent of Congress and removing the court's ability to act as a check against executive branch overreach.
However, even if the statutory language were as elastic as the government contends, it would still be incumbent on me to apply the language in the manner that furthers the intent of Congress. In determining what interpretation would best further congressional intent, it is appropriate to consult legislative history. That legislative history makes clear that the purpose of pre-surveillance judicial review is to protect the fourth amendment rights of US persons. Congress intended the pre-surveillance "judicial warrant procedure," and particularly the judge's probable cause findings, to provide an "external check" on executive branch decisions to conduct surveillance.
Contrary to this intent of Congress, the probable cause inquiry proposed by the government could not possibly restrain executive branch decisions to direct surveillance at any particular individual, telephone number or e-mail address.
Thus, under the government's interpretation, the judge's probable cause findings have no bearing on the salient question: whether the communications to be acquired will relate to the targeted foreign powers. As discussed below, the government would have all of the probable cause findings bearing on that question made by executive branch officials, subject to after-the-fact reporting to the Court, through processes characterized by the government as minimization. That result cannot be squared with the statutory purpose of providing a pre-surveillance "external check" on surveillance decisions, or with the expectation of Congress that the role of the FISA judge would be the same as that of judges under existing law enforcement warrant procedures.
I am unable, on the basis of the facts submitted by the applicant, to find probable cause to believe that each of these facilities "is being used, or is about to be used, by a foreign power or an agent of a foreign power." The application contains no facts that would support such a finding.
In this, we see the NSA behaving much like its spiritual brethren in law enforcement and investigative agencies -- seeking to route around probable cause requirements under the pretense that bad guys will always be at least one step ahead if the government is forced to follow the rules. Rather than stay within the confines, the NSA plays word games in an effort to bypass governing statutes. The agency has demonstrated repeatedly that it has little desire to work within the framework of the law and has on multiple occasions attempted to short-circuit the system by feeding the court bad information and pursuing elliptical legal arguments. The end result is the current surveillance framework, thanks to the FISA Amendments Act's codifying of the NSA's questionable collections under the Protect America Act.
Key senators are pushing back against a CIA plan to destroy older emails of “non-senior” agency officials.
The heads of the Senate Intelligence Committee on Wednesday sent a letter opposing the proposal, under which only the highest ranking CIA workers would have their email correspondence permanently saved.
The plan “could allow the destruction of crucial documentary evidence regarding the CIA’s activities that is essential for Congress, the public and the courts to know,” Chairwoman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) wrote to the National Archives...
The senators are asking the National Archives to step up and somehow prevent this from happening -- most likely by declaring "non-senior" emails to be retainable records that must be turned over rather than destroyed. The CIA would prefer to destroy the emails of all but the top 22 employees three years after they leave, or when "no longer needed, whichever is sooner." Unfortunately for the senators making this request, the National Archive has already signaled its agreement with the CIA's proposed retention schedule changes.
In tentatively approving the request, the National Archives noted that the emailed information “is unlikely” to exist in other forms that will be marked for permanent storage.
Any information not found in those other files likely “has little or no research value,” it added.
Senators Feinstein and Chambliss -- in rare agreement with transparency and government accountability activists -- disagree with the National Archives' assessment.
“In our experience, email messages are essential to finding CIA records that may not exist in other so-called permanent records at the CIA,” Feinstein and Chambliss wrote.
Longer retention is needed, especially for an agency as secretive as the CIA. The standard wait period for sensitive document declassification is 25 years. Correspondence related to declassified documents will be long gone by that point.
Even in terms of normal FOIA requests, three years is cutting things close. Rarely does an FOIA-worthy event come to light within days or weeks of its occurrence. It's generally weeks, months or years down the road. By the time documents are requested, ignored by the CIA's FOIA staff and finally pried free by a federal lawsuit*, responsive documents may already have been destroyed. Without a doubt, the CIA knows this is a distinct possibility and any trimming of retention periods only makes it more likely that relevant communications will be permanently removed from circulation.
from the time-to-change-those-terms-of-service dept
The ACLU's Jameel Jaffer alerts us to a district court ruling in NY that effectively says that by merely agreeing to AOL's terms of service, you've waived your 4th Amendment rights. The case is the United States v. Frank DiTomasso, where DiTomasso is accused of producing child porn -- with most of the evidence used against him coming from AOL. DiTomasso argues that it was obtained via an unconstitutional search in violation of the 4th Amendment, but judge Shira Scheindlin rejects that, by basically saying that AOL's terms of service make you effectively waive any 4th Amendment right you might have in any such information. To be fair, Scheindlin doesn't get to that conclusion breezily, and earlier in the ruling worries that one can just give up such 4th Amendment rights:
I conclude that it would subvert the purpose of the Fourth Amendment to understand its privacy guarantee as “waivable” in the sense urged by the government. In today’s world, meaningful participation in social and professional life requires using electronic devices — and the use of electronic devices almost always requires acquiescence to some manner of consent-to-search terms. If this acquiescence were enough to waive one’s expectation of privacy, the result would either be (1) the chilling of social interaction or (2) the evisceration of the Fourth Amendment. Neither result is acceptable.
Agreed. So... what's the issue here? Well, apparently AOL's terms of service are so clear to the point that it would monitor your account for illegal behavior that somehow it's okay in this case:
AOL’s policy is quite different. Not only does it explicitly warn users that criminal activity is disallowed, and that AOL monitors for such activity; the policy also explains that “AOL reserves the right to take any action it deems warranted” in response to illegal behavior, including “terminating] accounts and cooperat[ing] with law enforcement.” The policy also makes clear that AOL reserves the right to reveal to law enforcement information about “crimes[s] that [have] been or [are] being committed.” In contrast to Omegle’s policy, which includes only a passing reference to law enforcement — and which gives no indication of the role Omegle intends to play in criminal investigations — AOL’s policy makes clear that AOL intends to actively assist law enforcement. For this reason, I conclude that a reasonable person familiar with AOL’s policy would understand that by agreeing to the policy, he was consenting not just to monitoring by AOL as an ISP, but also to monitoring by AOL as a government agent. Therefore, DiTomasso’s Fourth Amendment challenge fails as to the emails.
I'm not entirely sure how to reconcile those two paragraphs. They seem to directly contradict one another. The fine line of difference here is that the court is saying the 4th Amendment rights aren't "waived," but that DiTomasso effectively "consented" to a search by law enforcement. This seems like a distinction without any real difference.
Still, there is a separate public policy question here. Many internet service providers similarly analyze emails against a hash database of known child porn images to try to catch people sending around child porn -- and there's a reasonable argument to be made that there's a good reason that this is done. In fact, just a few months ago there was news of a similar situation involving a Gmail user, where Google's automated systems alerted NCMEC to potential child porn. But, even given that, it seems troubling to suggest, even in this somewhat narrow manner, that you could effectively give up your 4th Amendment rights just by agreeing to a terms of service. These are the kinds of loopholes that the government is known to jump all over and expand until they effectively swallow the entire rule. And, of course, almost no one wants to claim that they're trying to better defend people engaged in child porn -- but that's how basic fundamental rights get chipped away. You attack those rights against the kind of people that no one wants to defend, and then that removal of rights is expanded to more and more and more people. Even if you're against child porn (and you should be), it should be concerning that a mere terms of service can be seen as official "consent" to law enforcement to a search of otherwise private communications.