IRS Doesn't Need a Warrant To Read Your Email?

Nathan Wessler, a staff attorney in the American Civil Liberties Union (ACLU), received documents released under the Freedom of Information Act revealing that the IRS, or rather its Criminal Tax Division, may believe it can read emails, text messages and other private electronic communications without a search warrant. The documents are in response to a request from the ACLU to the IRS about its methods of acquiring a warrant before reading private electronic documents.

According to Wessler, the 247-page answer supplied by the IRS doesn't answer the question point-blank, but does suggest that the nation's tax collector believes Americans enjoy "generally no privacy" regarding Facebook messages, Twitter direct messages, email or similar communication... at least before the Sixth Circuit Court of Appeals decided in 2010's United States v. Warshak that the government must obtain a probable cause warrant before forcing email providers to turn over messages.

"The IRS hasn’t told the public whether it is following Warshak everywhere in the country, or only within the Sixth Circuit," he said. "The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all."

Wessler calls the Electronic Communications Privacy Act (ECPA) "hopelessly outdated", as it draws a distinction between emails that are stored on an email provider’s server for 180 days or less, and emails that are older or has been opened. The first group requires a search warrant whereas the latter group does not, yet the Fourth Amendment supposedly protects them all from unreasonable searches by the government.

The IRS Criminal Tax Division’s Office of Chief Counsel disagrees with the Fourth Amendment coverage, stating in 2009 that it "does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications." A similar message was stated again in 2010, but then Warshak came along to supposedly set things straight.

Or maybe not. An October 2011 IRS Chief Council Advice memorandum explained that Warshak applies only in the Sixth District. At the time, the IRS was wanting access to emails that were more than 180 days old, and questioned whether Warshak would interfere with their efforts. But the ISP was reluctant to cough up the emails willingly anyway, and the IRS did not see "any reasonable possibility that the Service will be able to obtain the contents of this customer’s emails . . . without protracted litigation, if at all." Investigative leads within those emails would be "stale" by the time the litigation would be concluded.

Now here's the punch in the face of privacy. "The current version of the Internal Revenue Manual, available on the IRS website, continues to explain that no warrant is required for emails that are stored by an ISP for more than 180 days," he states. "Apparently the agency believes nothing of consequence has changed since ECPA was enacted in 1986, or the now-outdated Surveillance Handbook was published in 1994."

The good news here is that a plethora of companies are fighting to protect the privacy of their users including Amazon, Apple, AT&T, eBay, Google, Intel, Microsoft, Twitter and numerous others. Along with many advocacy groups, they are asking Congress to update the ancient ECPA with verbiage that states that the IRS and other authorities must acquire a warrant before accessing the private electronic conversations of U.S. citizens, old or new.

Contact Us for News Tips, Corrections and Feedback

This thread is closed for comments
    Your comment
  • morale of the story... keep your inbox empty and clean, and archive on your own hdd or physical media
  • good thing I don't use Facebook and have my own private physical mail server
  • Email isn't a secure means of communication to begin with, so...who cares? Now, when they believe they can try to install sniffers on my system to snake my decryption keys without my knowledge...I will get ticked.