The FBI accessed David Petraeus' emails. How safe are our emails? (Cliff Owen / Associated…)
SAN FRANCISCO — If the director of the CIA cannot keep the FBI from rummaging through his private Gmail account, what digital privacy protections do ordinary citizens have?
Precious few, say privacy advocates. As the law stands now, law enforcement can secretly gain access to people's email, often without a search warrant.
"When the government goes looking, it can find out pretty much everything about our lives," said Chris Calabrese, legislative counsel for the ACLU.
That's because the main law governing digital privacy — the Electronic Communications Privacy Act or ECPA — was passed in 1986. At the time, Facebook founder Mark Zuckerberg was a toddler. The Web was in its infancy and social networking had yet to be conceived.
No one predicted that, as the Web surged in popularity, people would begin storing their entire digital lives — emails, instant messages, Facebook status updates, photos, medical records, tax returns — on far-flung computer servers rather than on their home hard drives where the information has broader legal protection.
Privacy watchdogs for years have warned that the antiquated federal statute — and conflicting interpretations of the statute from different courts — have not kept up with how people today use the Web, giving more legal rights to letters and documents stored in your filing cabinet than to emails and other electronic communication. But attempts to reform federal law in Congress and in the courts have foundered even as some courts questioned the law's constitutionality.
"People worry about their password to protect their privacy. This illustrates how useless that is," Pace Law School professor Ann Bartow said. "Unless there are substantive changes in the law, people just have to assume their email is accessible to the government without their permission and without their notification."
Requests from the FBI and other law enforcement agencies to access private accounts regularly flood companies like Google Inc. The request to access the private Gmail account of Gen. David Petraeus was one of them. In the aftermath of Sept. 11, law enforcement says such requests are routine and more necessary than ever to fight crime and terrorism.
But civil libertarians say the Petraeus scandal should serve as a wake-up call to ordinary citizens that anyone's privacy can be invaded.
"It shouldn’t be that, in order to take advantage of the efficiencies and convenience of using cloud-based services, that you have to sacrifice the protections that the Constitution lays out for you," said Kurt Opsahl, senior staff attorney with the Electronic Frontier Foundation.
Currently the government doesn't need a search warrant -- just a subpoena -- to access emails stored longer than 180 days, said Jennifer Granick, director of civil liberties for the Stanford Law School Center for Internet and Society.
Most people don't even know if their email has been searched since court orders are usually sealed and Internet providers are generally not allowed to inform their customers.
A coalition of technology companies including Google, Microsoft and AT&T is lobbying Congress to update the law to require search warrants in more investigations.
Sen. Patrick Leahy, the Vermont Democrat who heads the Judiciary Committee, has proposed legislation that would require law enforcement agents to obtain a search warrant from a judge before accessing any files stored in the cloud. But the Justice Department has pushed back against the legislation, saying it could slow criminal investigations.
"In the pre-digital world, if the government wanted to find out what was going on in your bedroom, it needed to get a warrant to enter your bedroom. At least then you knew what was going on," said Jim Dempsey, vice president for public policy for the Center for Democracy and Technology.
Privacy advocates say they are also alarmed by the open-ended scope of the FBI investigation, which had devastating consequences for people who were not the intended target of the original investigation.
What began as a cyberstalking investigation over half a dozen anonymous emails that accused Jill Kelley, a Tampa, Fla., woman, of being inappropriately flirtatious with Petraeus led to his resignation over an extramarital affair with his biographer Paula Broadwell and has entangled Gen. John R. Allen, the top NATO commander in Afghanistan, who sent "inappropriate communication" to Kelley.
"The way this investigation proceeded does reflect just how much information is available to law enforcement agents when they begin to pull on a thread," said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
And no one knows just how far the investigation reached, Opsahl said.
“Who knows how many other people communicated with the people involved here and had their email accounts sifted through and just don’t know about it," he said.
Facebook to require privacy policies for all apps in App Center
Atty. Gen. Kamala Harris puts mobile apps on notice about privacy
Atty. Gen. Kamala Harris, tech giants agree on mobile app privacy
Follow me on Twitter @jguynn