Think you’ve read everything about IRS email scandals? Here’s one that needs to make more headlines in coming days … and it’s not about Lois Lerner. It is, instead, about legislation designed to clarify the limits of the tax agency’s powers to pry into every American’s email.
Back in 2013, the results of a Freedom of Information Act request from the American Civil Liberties Union caused justifiable consternation among Americans by revealing the tax agency may have been ignoring a court order requiring the government to regard taxpayer emails and texts as protected by the Fourth Amendment. According to a 2009 IRS handbook, such communications did not “have a reasonable expectation of privacy.”
The IRS has since tried to portray its stance as all sweetness and light. A statement on its website from earlier this year claims that when the agency is in an “active criminal investigation and seeks to obtain the content of emails from an Internet Service Provider, we obtain a court ordered search warrant.” So what about non-active, non-criminal matters? According to its own statistics for the most recent year available the IRS initiated less than 4,300 criminal investigations of all types, compared to 1.3 million audits, 1.6 million delinquent account investigations, and over 40 million penalties (almost all of the latter three activities involved civil offenses).
Not to worry though – the agency claims that is not “policy to seek the content of emails from ISPs in civil investigations,” although to “resolve any remaining confusion surrounding the issue,” there might be “appropriate updates” to its guidance in the future.
Yet, exactly whose “confusion” is being referenced here? The general public’s, who might be worried that the door is still open to serious breaches of protections against undue search and seizure powers? After all, tax authorities can demand these details of financial life from an Internet Service Provider (ISP) without a taxpayer even knowing it. And even if criminal cases are rare compared to civil proceedings, the tax collector has been known to push the investigatory envelope with Americans whose behavior was not criminal at all.
Or is the confusion with the IRS, which makes a fine statement about “respecting taxpayer rights and taxpayer privacy” but whose past actions at the very least raise some doubts about its commitment? Furthermore, it is important to bear in mind that “policies” do not carry the force of positive law; they are more malleable, discretionary, and changeable than statutes passed by Congress.
And the trouble is, the statutes are failing to keep up with the times. Under the Electronic Communications Privacy Act (ECPA) of 1986, which became law long before email was widespread, no warrant is needed on digital communications that have been in storage with a third-party Service Provider for at least 180 days. An update to ECPA is vital, if for no other reason than to shield Americans from mischief on the part of tax collectors who might be tempted to stretch their powers in the future.
That’s why NTU supported an open letter prior to the August recess from a broad coalition urged Judiciary Committee lawmakers in both chambers to “finally move forward on bipartisan legislation to reform ECPA – without … unnecessary and troubling exceptions to warrant protection for Americans’ private digital content.” Signatories of the statement specifically called out federal regulators for seeking these broad carve-outs to warrant requirements, noting the obvious danger:
This would allow a wide range of regulatory agencies – including the IRS, EPA, SEC, FTC and an endless number of state agencies – to obtain sensitive personal information unrelated to an investigation and protected by privilege since service providers are in no position to assess the relevance of the materials requested or assert privilege (as targets generally do). This could include, for example, personal emails sent on work email addresses. This burden would fall most heavily on the owners and employees of small businesses, who are far more likely to rely on cloud email services (while large companies often host their own email). It is difficult to imagine how Congressional Republicans could consider granting such new power to regulators, given the vast (and increasing) overreach of the regulatory state.
Ironically, law enforcement officials already enjoy broad access to personal email information. ISPs widely volunteer information to public safety agencies when they have the good-faith belief that people’s lives or physical well-being may be at risk. Furthermore, instead of shaking down ISPs, regulators and other government entities can readily seek information directly from the individuals they are investigating through a court-order process – a process that has been able to keep up with our fast-paced technological society.
It should therefore be non-controversial for members of both parties in Congress to strengthen the boundaries on governments’ ability to pry into Americans’ email and text accounts, and provide similar Fourth Amendment safeguards for this realm to what we have for our homes, cars, and other property. The House’s Email Privacy Act (H.R. 699) and the Senate’s ECPA Amendments Act (S. 356) would help to achieve this vital check on big government.
Given H.R. 699’s veto-proof majority of cosponsors, the legislation ought to be able to clear Congress quickly, now that lawmakers are back in session. Senate Judiciary Committee hearings today likewise offer the opportunity to dispense with specious objections to ECPA reform and move forward now.