Today's a national day of action in support of online freedom and privacy. We’re urging everyone to take action by signing this petition to the White House, demanding Pres. Obama support reform of an outdated law called the Electronic Communications Privacy Act, or ECPA. Government agencies use it to get around the Fourth Amendment and get at all the intimate stuff we keep online without a warrant, and we think it's time to get the law changed.

We represent a wide-ranging coalition of groups and companies, including the Digital Due Process coalition, that is fighting government overreach into our private electronic lives. Answering questions today starting at noon ET sharp are:

Proof it’s us:

We're here to talk about why ECPA needs to be reformed, but of course we're happy to talk about other issues affecting our privacy.

UPDATE (5:02 PM ET): Thank you for all your questions and for your support. We’re signing off for now.

For everything you ever wanted to know about ECPA, check out the Digital 4th website

For a very cool infographic outlining ECPA’s absurdity, check out what our friends at TechFreedom conjured up here:

And to sign the petition:

Comments: 380 • Responses: 115  • Date: 

ChristopherCalabrese128 karma

I'm going to pause for a moment and shill for ECPA reform. See the links above for more detail on what it is and why it needs reform, but if you agree please sign our petition to support updating it:

Yes I shamelessly have my hat out for petition signatures. But as my son told me recently about Christmas, "How are you supposed to know what I want unless I tell you?"

c_programmer38 karma

Do these petitions actually do anything? They seem like an echo chamber that politicians give us to provide the illusion of them listening.

ChristopherCalabrese23 karma

They're most effective when combined with other things. As part of a larger campaign they can strengthen the hand of people advocating on your behalf on the inside for example. But yes in isolation the message/focus can be lost. When I'm thinking signing something like this I usually try to determine if someone is actually going to follow up on it and actually do something more.

mmasnick12 karma

Yes, they can and do work. As Chris said, not by themselves, but as a part of a larger campaign they have worked in the past and will work again. The WH has frequently used these petitions as a reason to stake out a position, noting that "the public" supports it. They use it as a sort of cover -- and there are strong indications they may do the same here if this petition gets the votes.

Again, though, the petition in combination with a larger campaign can work. I know people are cynical about the petitions, and the WH does ignore many of them, but that doesn't mean that all are ineffective.

waslikeyouropinion24 karma

What else can/should people do in addition to signing this petition?

mmasnick29 karma

Call your representative. Share the petition. Share the infographic. Make people more informed.

ctetc20079 karma

Looking at the petition, and I see that it urges Obama to support "ECPA reform." Do you have any good specific points of reform that we are pushing for. I'd like to be able to list them off to my rep instead of just urging her to "support reform"

Also, my senators are Feinstein and Boxer. Will calling them have any effect?

mmasnick9 karma

A lot of the focus is on the reform bills currently in Congress. You can see the Leahy/Lee Senate version here:

Jerri_Blank4 karma


ChristopherCalabrese5 karma

I don't think there is any one real problem. There are a number of interdependent bad laws. ECPA reform will have a big impact on how law enforcement operates. This is certainly true for state and local police who never get anywhere near NSA information but also for the FBI.

The Supreme Court certainly may weigh in at some point but I think it's fair to say that we are much further along in terms of passing a new law then we are in advancing a case to the Supremes that might fix ECPA.

SparserLogic2 karma

How do you reply to the criticism that the government cannot access the data it needs via warrant if it wasn't recorded in the first place?

ChristopherCalabrese6 karma

Well if it wasn't recorded there is nothing to get, warrant or no. If they say that it might be deleted before they can get it, well the gov't always has the power to issue an order (called a preservation order) that requires companies to not delete stuff. They don't turn it over unless they get the right legal process but they won't delete.

go_hard_tacoMAN40 karma

In what way can intelligence agencies find a balance between national security and privacy of citizens?

ChristopherCalabrese73 karma

It's hard for me to do better than my colleague Mike German (a former FBI agent):

I had been working for the FBI for 16 years and domestic terrorism for 12 years. What I understood was that the rules that are designed to protect privacy also help the government focus on people who are real threats. It works both ways. This idea that we trade our privacy for more security is just false. Spying on you won’t help the government find a terrorist. It’s a waste of resources, a waste of effort that also violates our rights.

Read the whole thing if you can - he provides lots of detail to emphasize this:

BTW there is nothing cooler than working down the hall from a guy who used to work as an undercover FBI agent. The stories I get to hear on a slow Friday afternoon are pretty great.

rekam2 karma

That is simply easy-way-out nonsense. There does exist a tension between security and privacy, one which has been acknowledged for centuries. In this day and age, talking about focusing on the real threats is even more nonsensical than in the past, as we now have the technology to process vast amounts of information with minimal added resources.

We need to realize that our rights don't exist because they are the most efficient way to go about business and that it it worth some risk to have a world where people are still free.

Privacy and security are not directly at odds, but there is a real conflict.

ChristopherCalabrese12 karma

Whether or not you think my framing is right (certainly a fair point - sometimes something is just the right thing to do!) I disagree that vast amounts of information actually change the equation that much.

Time and time again we've seen that the information exists, it was just buried under mounds of other useless information. To use a crude analogy - its really hard to connect the dots when there are so many of them that the page is black.

Researchers have found this - datamining is not an effective way to catch terrorists:

mmasnick45 karma

I think it's a little dangerous to automatically assume that there's a "balance" between the two. You don't need to give up privacy to protect security. In fact, giving up privacy seems to rarely protect security, and in some cases can actively harm it (such as when backdoors are put into software you thought was secure).

At the very least though, it is difficult to see how anyone can argue with the basic concept of requiring a warrant for searches through private information. This is the thread that runs through both the ECPA issue and the NSA stuff. The government seems to go out of its way to avoid a warrant. If there is a truly serious issue and law enforcement can make a credible claim, it's not difficult for them to get a warrant. So why are they so resistant to it? Seems likely because they know they're overreaching in grabbing all sorts of unnecessary information just because they can.

js-normative33 karma

Hey, this is Julian Sanchez. I'm a fellow with the Cato Institute in Washington DC who covers surveillance and digital privacy (issues I previously wrote about as the DC editor for Ars Technica & a blogger for the Economist). You can hunt down stuff I've written on these topics over at or at the new blog

fatchitcat14 karma

Hi Mr. Sanchez,

I recently moved to Washington, D.C. To pursue a career in public policy. What advice would you have for a recent graduate looking to work with a think tank, such as Cato?

js-normative4 karma

An internship never hurts to get a foot in the door; organizations like the America's Future Foundation can be helpful for networking. Beyond that, check the job listings—plenty of folks have started as research assistants and moved up to substantive policy work.

kanooker4 karma

Hi Julian, I have a question.

On a whole I don't agree with your positions on the free market, and healthcare. If I feel the latter two are higher up on my list of things to worry about. Why would I want to throw support behind you?

js-normative17 karma

Well... you probably wouldn't want to. Instead, you can throw your support behind institutions like EFF & CDT & ACLU that work for civil liberties and don't also do stuff you disagree with. But we have many smart scholars, and I hope you'd at least take a look at their arguments now and again; maybe they'll convince you on some of those issues.

ChristopherCalabrese23 karma

Howdy. I'm excited to be doing this. I'm going to dive into the questions in sec but it only seems polite to introduce myself. I'm Chris Calabrese. I've been an ACLU lawyer for almost 10 years and am one of the ACLU's privacy lobbyists. My focus is basically on everything privacy that is not the NSA. Looking forward to a wide ranging discussion about email privacy and other fun tech privacy issues!

mmacpuguy12 karma

Who as oversight over the FISA court? Isn't having a secret court system the root of the problem?

js-normative12 karma

That is certainly one issue: The Court itself is selected unilaterally by the Chief Justice of the Supreme Court (John Roberts) and really only answerable to the Supreme Court. Except since only the government normally appears before the FISC, the Supreme Court would typically only become involved if the government chose to appeal the denial of an order. But possibly a broader problem is the limits on the FISC's own discretion: In many cases, the statute assigns the Court some kind of minimal oversight role, but effectively requires them to grant the authority sought provided the applying agency has checked off all the relevant boxes on the form.

MarkStanley6 karma

One of the things that advocates have pushed for on FISC reform is more transparency and oversight - Rep. Jim Sensenbrenner (author of the Patriot Act, btw) and Sen. Leahy have a bill--the USA Freedom Act--that would do several things in this area: It would create a special advocate to promote privacy interests before the Court; it would create new requirements to make sure Congress is more informed of the actions taken by FISC; and it would require the disclosure of all FISC opinions that contain a significant interpretation of the law.

felix4511 karma

Do you think an ammendment protecting privacy and freedom on the internet will be necessary to protect us from spy agencies? So far the bill of rights hasn't stopped them and with all of the bills being introduced to limit the once open internet it seems inevitable that the internet as we know it will soon be much more heavily censored and watched.

And if an ammendment was proposed now to protect privacy online do you think it could pass?

ChristopherCalabrese12 karma

I think we need to strengthen the 4th Amendment which has always been slow to adapt to new technology. For example, for 50 years it was legal to listen to phone calls without a warrant and the first Supreme Court case actually held that. It wasn't until the 1960s (US v Katz) that the court ruled that unconstitutional.

In the meantime though it will certainly help to update our laws.

mmasnick11 karma

I don't see how an amendment gets passed, and really how you'd distinguish it from the 4th Amendment in the first place... Also, getting any kind of Constitutional amendment through these days is nearly impossible (how many people here were alive the last time a new amendment was proposed and ratified?).

Instead, the focus needs to be on restoring the 4th Amendment to what its clear purpose was. That's going to require changes to laws by Congress, but also (hopefully) some clarification from the Supreme Court on how things like Smith v. Maryland are being misinterpreted to act as cover for bulk data collection.

AubreyPlazasButtHair10 karma

On a scale of 1-10, 1 being absolutely no privacy, and 10 being total privacy, how would you rate where we are right now? And where do you expect we will be in say 50 years given your understanding of the forces at work?

Also, what is your favorite Christmas song?

mmasnick51 karma

Other commenters may (likely will) disagree with this, but I think that putting privacy on a "sliding scale" is a little misleading. When privacy is done right it's about tradeoffs that you get to make.

Here's an extreme example: when you leave your house to go to the store, you are giving up a tiny bit of your privacy (someone can see you walking down the street, they might see where you live, or what store you shopped in and what you bought). But you consider that tradeoff to be worth it to get some food/take a walk/get some fresh air/whatever. But, at least in that case, you understand the basic tradeoffs and are making a conscious decision of "this is worth it for the little privacy I'm losing."

So I have trouble with the idea of "total privacy" because basically no one really wants total privacy. But what people do tend to want is both a knowledgeable understanding of what the tradeoffs they're facing are, and to be able to make the decisions themselves if they're worth it.

The problem we're seeing with things like ECPA and the NSA stuff is that we aren't given the information, we have no way to make the choice, and the "tradeoff" we're being given is a terrible deal. So rather than trying to get to "total privacy" I think we need to be getting towards greater knowledge, transparency, oversight and the ability for individuals to make reasonable decisions about their own privacy.

And, while I'm not a huge fan of Christmas music generally (sorry!), to keep the theme going, I think it's gotta be "Santa Claus is Coming to Town" for this particular AMA. "They know when you are sleeping. They know when you're awake. They know if you've been bad or good... so encrypt for goodness sake."

js-normative21 karma

Not sure how meaningful a number would be, but looking forward 50 years, I think it's easy to imagine a scenario where massive databases assembled for Extremely Important National Security Purposes (regardless of how well they serve those purposes) are gradually made accessible to more components of government, first for ordinary law enforcement, and eventually for administrative and regulatory purposes.

And "Fairytale of New York" by the Pogues. (Honorable Mention, The Eels "Everything's Gonna Be Cool this Christmas")

MarkStanley8 karma

Julian is definitely the coolest of the four of us on this AMA - as evidenced by his song choices

ChristopherCalabrese18 karma

I view privacy as a continuum of rights. We are getting scarily close to a 2 in terms access to information. Right now the NSA attitude for example seems to be any electronic record is our, and it's totally legal. Given that everything is an electronic record that is pretty scary.

However governments (and companies) aren't always using everything they know either because of legal rules or because they realize it would freak people out. So say a 5 with a serious downward drift.

And Silent Night.

edited for typos - likely to be a theme :)

MarkStanley8 karma

This is a tough question, there are so many variables. I'll answer it in terms of domestic digital privacy, which is what the Electronic Communications Privacy Act (ECPA) deals with. I would say we're at a 3. And the only reason I say that is that some of the big Internet companies have started to push back against ECPA, which most see as unconstitutional, and they are actually demanding warrants for their customers' communications content. This is awesome. But the fact that there is a law on the books that says the government can get our most private communications content without a warrant is simply unacceptable. It flies directly in the face of our Fourth Amendment values, and until it's updated to require a warrant for all communications, we won't have strong digital domestic privacy.

For the song - it has to be Santa's Coming to Town, right? We're talking privacy, and he knows if you've been bad or good...

MarkStanley4 karma

Also, speaking of Christmas and privacy, check out this Stop Spying on Santa site

TheGyroCaptain9 karma

What do you think is the best way to build public support for NSA oversight reforms/improved digital privacy protection? I've found that most people who shrug these concerns off know little about technology, so is the answer to inform and educate more people about technology and THEN tackle digital privacy and Fourth Amendment rights?

ChristopherCalabrese16 karma

Education is certainly key but I also wouldn't overlook pushing people who do understand the problem. Your tech savvy friends may well get it but not be acting on it - we're all busy people! Encourage them to sign a petition or send a letter to a Congressperson (yes they do read them - especially if they're individualized).

TheGyroCaptain6 karma

Signing the ECPA reform petition now. Thanks!

ChristopherCalabrese5 karma

Thank you! At the end of the day that's really the only way to do it - one action at a time.

h8fuq8 karma

how can we defeat the "I have nothing to hide so why does it matter?" crowd? Complacence is the state of life in America these days.

js-normative16 karma

Ask for their Google password.

G_Wash17766 karma

How do you feel about the Supreme Court refusing to hear the case on domestic spying even though it's a clear violation of the fourth amendment?

ChristopherCalabrese5 karma

The Court will certainly have other chances. Our case, ACLU v Clapper, is certainly one. The Court frequently likes to build up a record and gather opinion from the lower courts - I don't think we've heard the last of the issue.

Fallstar6 karma

Could the 3rd Amendment be used in a privacy case?

Some analogy along these lines: the NSA (or pick the agency) acts as a military force that resides in our homes and interferes in how we live our lives due to the lack of privacy.

Why or why not?

ChristopherCalabrese11 karma

Honestly I no idea. :) The 3rd Amendment isn't one that we spent a lot of time with in law school (FYI it deals with quartering solders in people's homes). My suspicion is that most courts would view the 4th Amendment as more applicable because it deals with being secure in your home, papers and effects.

js-normative6 karma

My friend Alan Butler has actually written about this!

MarkStanley5 karma

Hi, this is Mark Stanley, campaign and communications strategist at the Center for Democracy & Technology, a digital rights group working in DC - I've been working on digital surveillance issues for several years now, from CISPA, to NSA surveillance, to ECPA, and I'm really excited to take part in this.

Jerri_Blank2 karma


MarkStanley3 karma

Hey, I'm not a lawyer, so I'm a poor substitute for Chris, but let me try to answer your question about judicial remedy. As I'm sure you're aware, since you're a 2L and seem very up-to-speed on these issues, there was a ruling in the 6th Circuit case US v. Warshak, which held that it was unconstitutional for the government to compel companies to turn over the contents of customers' communications without a warrant. This was a big ruling, but the 6th Circuit is only comprised of Kentucky, Michigan, Ohio and Tennessee. We need a national solution, and that should come in the form of an update to the federal law, because other courts have proven slow to move on this issue. That means Congress should take the lead and update ECPA.

the_mullinator5 karma

First of all, thanks for taking time to do this AMA. I'm a huge fan of all of your work, both collectively and individually.

From a consumer perspective, the third party exception to 4th Amendment privacy is particularly concerning in light of the fact that just about all my personal communications are stored with third parties. I'm helping to spearhead a lot of the privacy initiatives at my company - what are some best practices that we (or any business) can implement immediately to help mitigate the negative effects of our current outdated laws?

ChristopherCalabrese5 karma

Fantastic question with so many good answers. Here are a few: 1. discard info you are no longer using - you can't share what you don't have. 2. resist sharing up to the legally allowable amount. Many times companies can share but don't have to. This may have the added benefit of making law enforcement ask less.

The ACLU affiliate in Northern California published a whole report on this. See:

ChristopherCalabrese4 karma

I also have to snark a little. Here is what then–Secretary of State Hillary Clinton said about the issue in 2011 ““we have to make sure that human rights are as respected online as offline,”” and specifically said that the task of ensuring internet freedom was ““most urgent, of course, for those around the world . . . who are being tracked by governments.””BMftn1[1] Secretary Clinton suggested that private companies should promote human rights by asking questions such as, ““Is there something you can do to prevent governments from using your products to spy on their own citizens?,”” and ““How will you handle requests for information from security authorities when those requests come without a warrant?””BMftn2[2]

Clinton’’s statements are available here: Hillary Clinton, Secretary of State, Address at Conference on Internet Freedom (Dec. 8, 2011),

It's funny - that's all we're asking them to do with ECPA reform - get a warrant.

the_mullinator2 karma

Thanks so much! From what I've seen, "we don't want criminals using our products" is the corporate equivalent of "I have nothing to hide." What is your response to that perspective? If a law enforcement officer came to us and said "we're investigating a mass murderer who we think was using your product," why wouldn't we turn over the legally allowable amount of data?

ChristopherCalabrese4 karma

Sure - but police investigating mass murders typically have lots of proof that they are happy to show a judge. If it's an emergency, there are exceptions in the law. It's never all or never, just have appropriate controls.

thombudsman5 karma

How slow is the process of change? What could be done to speed it up?

MarkStanley9 karma

Well, it depends on what you mean by 'process of change' - I have to say, if you're talking about Congress updating the law for digital privacy, then the process has been slow. ECPA was first passed in 1986 - back when few had access to email. And yet it governs email privacy! It doesn't make sense - email was much different back then. The good news is that, although Congress has been slow to act, we finally have serious, serious momentum. A bipartisan ECPA bill passed out of the Senate Judiciary Committee. And that same bill has nearly 160 cosponsors in the House (of course, the magic number is 218 to get a majority). Members of Congress are really starting to see this as a commonsense update, and now we need the White House to get on board too!

ChristopherCalabrese6 karma

Getting things done in Congress is often like that - it's slow until it reaches a certain point and then things happen very fast. This Congress has obviously been particularly slow!

My hope is that we can pass ECPA reform and that then serves as a bridge to the next set of issues like NSA reform.

SlaminYou5 karma

What can I do personally to help? I live in Canada Ontario and have sent letters/E-mails to my MP against C-8 (and C-11 in the past) but that gets me nothing more then a condescending letter as a response. Even as a Canadian is there anything I can do to help Americans at the least?

mmasnick9 karma

Speak up, speak out. Tell your friends and family. Explain why this matters. Honestly, the more informed and aware the public is, the more stuff will change. I know that people are cynical about the process, but that cynicism only leads to apathy and no change at all. When people really are knowledgeable and vocal, things can and do change.

Letters to government officials may not feel like they're doing much but they do help in the long run (as do phone calls). It's surprising just how few phone calls can shift a debate. As a Canadian trying to influence American politics you may have less direct say, but that doesn't mean you can't influence the debate. Beyond continuing to push back against bad bills at home, talk to others about how this impacts you (especially since the US government seems to think foreigners have no privacy rights at all). Governments around the globe are beginning to realize that their citizens are upset about the US government's actions, and that will lead to increasing diplomatic pressure. Alone, that might not be enough, but enough dominoes fall and things change.

js-normative8 karma

Just to add to this: Every legislative staffer I've ever spoken to says that CALLS matter most. E-mails basically get a form response and vanish into the trash three seconds after a human sees them. Letters matter maybe a little more. But calls make a difference. If a Congressional office that gets 1000 emails about an issue, the elected official may not even be aware of it—but 1000 calls and you're definitely going to get noticed.

dannyboi9654 karma

Is this a lost fight? I don't think it should be, but how do we get others to care?

MarkStanley8 karma

I don't think this is a lost fight! Especially in terms of ECPA reform, i.e. requiring a warrant for online communications. We have a bipartisan bill in the Senate - it was intro'ed by Senators Leahy (D) and Lee (R), and there is a bipartisan bill in the House that could easily get to over 200 cosponsors. And there are a number of state bills that have passed--including Texas, Montana, and Maine--that would add privacy protections that aren't there under ECPA. So we have momentum in the states. Of all the privacy issues before Congress, I think ECPA reform is one we could absolutely accomplish in the near future - we just need the political will from the public to push this over the edge. To that end, please sign and share this petition:

Thenervemann4 karma

what should i be most afraid of with my online privacy being violated?

ChristopherCalabrese14 karma

The long term erosion of your rights. We all rely on privacy in ways we might not always appreciate. We take for granted that we can complain about the gov't without repercussion but it doesn't have to be that way. And for some people right now, it isn't.

Activists are harassed. Whistle blowers face serious repercussion for reporting wrongdoing - even if they are eventually vindicated. Journalists need may not be able to privately talk to their sources.

Each of us rely on those people to support a free society. Harm to them is a harm to all of us.

bellekid3 karma

As an educator, I sometimes worry about what I do online in regards my own personal life and interests due to my job. Could my school system or a parent fire me or raise an issue if they were to find my social media accounts or especially some of my class blogs from college as some of them have content and language that is definitely not school appropriate?

ChristopherCalabrese5 karma

Tough question. I'm actually going to preface it by saying that I can't give you legal advice (I don't have the time to do research and certainly don't want you to get in trouble acting on my advice). If you're really worried I would ask you union rep (assuming you have one) if they can put this to the union counsel to get a read of the laws in your state.

We have certainly seen people fired or disciplined for ridiculous reasons based on social media posts. I would advise that you do some basic things like not friend students or even reference your social media presence in class. Nor would I bring up anything else you don't want them to go home and google. Ultimately, as annoying as it is, you may consider doing a little sanitizing - especially anything drug or alcohol related.

HurricaneRoo3 karma

Why do you guys believe this is such a pressing issue now, rather than over a decade ago when the laws were placed to allow them to finance their monitoring of the US population? I understand that the recent Snowden scandal has caused the issue to be given more visibility through the media that reports on it. However, wasn't the time for action when the laws were being put in place? It seems like a bit too little too late, as the infrastructure for the government to monitor the US as a whole is already set.

ChristopherCalabrese4 karma

In addition to Mike's great list I will also note that it recently came out that for a long time the IRS wasn't getting warrants to read email. That angered a lot of folks.

mmasnick3 karma

Plenty of us have been pushing for ECPA reform for years. Senator Leahy has introduced ECPA reform bills multiple times in the past only to see them fail. So it's not an issue of it just being pressing now. It's been pressing for a long long time.

As for the time being "when these laws were put in place," well, ECPA was put in place in 1986 in a very different electronic world... Also I disagree with that general premise. Lots of bad laws get passed, or situations change, and laws get changed/corrected/updated.

And, while the NSA/Snowden stuff is new now, it's actually somewhat different and unrelated to ECPA reform. However, that has made more people realize just how much of their private info is available online...

enostradamus3 karma

What can digital security companies do to protect themselves from government intervention (vis a vis Lavabit) that effectively nullifies their technology? Does the media attention over PRISM, Snowden, NSA, SOPA, PIPA, etc mark the twilight for a new age in digital security, or should brave companies wait out the internet privacy media attention for fear of getting shuttered like lavabit? Thank you, guys!

js-normative2 karma

So, one thing to do is not retain information longer than necessary. If you don't keep it, you can't be ordered to turn it over. End-to-end and open source architectures can also help: If you're running open code, the government cant demand you put in a back door (well, not one that stays hidden very long), and if the users are the only ones who have their keys and credentials, you can't be ordered to provide access. And, as Yahoo and Google and Microsoft have recently learned, you want to encrypt your data even between your own data centers if possible.

alnicoblue3 karma

It seems disconcerting that neither political party is interested in championing online privacy rights.

Are there any politicians on either side that have been especially supportive of this cause?

MarkStanley2 karma

Someone asked this question, and Chris and I gave an extensive list in a thread above. I think a fair number of politicians from both parties actually care about online privacy rights. In fact, it's one of the things that's interesting about this issue: It really does have bipartisan support. It's fascinating, being in Washington, so many issues are political polarizing, but not digital privacy at all.

ChurchOfGWB3 karma

What can you tell us about the U.S. Government's ability to access e-mails stored on e-mail servers for 6+ months?

MarkStanley3 karma

Under ECPA, law enforcement and regulatory agencies can access emails stored for more than 180 days. Back when ECPA was passed in 1986, people didn't store emails very long on servers, because it was expensive. If it was stored for over 180 days, it was considered "abandoned." Of course, now we have nearly unlimited, free storage, and the 180 day rule makes absolutely no sense.

onlyforaminute3 karma

Honest question here. I swear I'm not a troll.

My question is, why should I care about my online privacy? I could care less if someone wants to waste their time going thru my emails or search history. I honestly have nothing to hide, so I've never cared for these posts about such things. Tell me why I should care.

If it keeps one person from dropping a bomb or selling a child into prostitution I'm all for it. I don't live near an interestingly enough life to give a hoot if someone wants to check my name out.

ChristopherCalabrese6 karma

I was trying to find my answer from earlier but one short answer is that lots of people who you rely on to keep America vibrant and free - journalists, activists and whistle blowers. It's not just about protecting you. :)

Also you'd be amazed at the vast tools police have at their disposal that are totally constitutional - it's never all or nothing.

Adam91723 karma

How can I, an average Joe, make information about myself more secure? I mean, aside from the obvious "don't go online" - I've trimmed my facebook profile the hell down and I only use the same password for three separate things, maximum. Also, what do you guys think of Mozilla (Firefox folk.)?

MarkStanley2 karma

The Mozilla folks are great! Mozilla is actually supporting the White House petition - here's a blog post on ECPA reform they published today.

mallard_dux2 karma

I would like to see text in the ECPA that forces organizations/businesses to disclose to you: which personal data of yours they have, how long they've had it and offer the option to permanently be erased from their database. This would allow an individual to be in control of his/her personal data. e.g. If a company only has my home mailing address, it would send me snail mail that contains the above information; if that company only had my email I would receive an email. Does this not sound reasonable? Could text/idea like this be included in a reform of the ECPA?

js-normative3 karma

I think that ends up being more problematic than you might think on face. On the one hand, you have services where reputation—including potentially negative information about people—a critical part of the service provided. (Yelp, CouchSurfing, eBay, maybe some dating sites). Those might depend on people not being able to just erase negative information—there are certainly doctors and dentists who have tried to do exactly that with Yelp. More generally, the tradeoff with a lot of sites is "we're going to provide something free, in exchange for information we can use to make money via marketing or whatever." If the law means that the deal has to be "information we can use until you tell us to delete it," it may not be as viable to offer the free service. There might be specific types of businesses or sensitive information where a deletion requirement is workable, but a generic one seems likely to have unintended consequences, not to mention bumping up against potential First Amendment issues.

ChristopherCalabrese2 karma

There are certainly lots of people that would like to see something like this in law. In fact the White House called for something very similar last year. See:

It's tough to do this as part of ECPA reform because that is so focused on the government right now but it's a good idea!

Abscess22 karma

Is it actually possible to will back all the domestic spying that NSA/CIA is doing? Would anyone actually believe them if they say they stopped domestic spying?

mmasnick4 karma

Yes, it's possible. But, yes, it will take significant oversight and real reforms. It's happened before (Church Committee), and while some would argue that it didn't work since we're back to where we are now, that ignores that it made a huge difference in how the intelligence community acted, and the recent issues are more due to them embracing new technologies to get around those old restrictions.

mgolf2 karma

Can you please provide a simple reason about why I, an average person who has committed no crimes and has nothing to fear, should care whether or not the government is reading my emails or my web history? I honestly believe I have nothing to fear. Could one of you try to change my mind on this?

Edit: changed 'birthday telephone call' to 'email and web history' due to thread being about electronic online privacy.

js-normative24 karma

Here's something I wrote on the "nothing to hide" argument—hope you don't mind if I link it, since it's long, rather than trying to reproduce it here. The very short version is that you have to think systemically, not in terms of "what is someone going to do to me, personally, next week?" but rather "what kind of society emerges over time when we create these architectures of monitoring?"

MarkStanley12 karma

This is one of the most common refrains I hear: 'I have nothing to hide.' But challenge yourself on that: Do you really have nothing at all you want private from the government? Forget about the birthday call - there are certainly other things that you want to keep to yourself? And if not, maybe one day there will be, but the safeguards that were supposed to protect your privacy will have been eroded. Put another way: Everyone has nothing to hide… until they do. Second, it isn't always about you. Oftentimes, some of the greatest figures in our country's history, including civil rights leaders in the 60s, were the targets of troubling, undue government surveillance. When thinking about surveillance, don't just think about yourself - think of the human rights advocates and journalists and others who need to be free from undue surveillance to do the jobs that are so vital to the interest of this country.

ChristopherCalabrese3 karma

Another thing to consider is that the gov't hasn't been shy about singling out "ordinary folks" for serious scrutiny. There is an entire "no fly" list of people (including American citizens) who are too dangerous to fly but not dangerous enough to arrest. That entire process is secret and their is no real way to get off the list. We have a lawsuit about it:

So imagine the secret spying that gets you on a secret list.

FourCounters2 karma

Signing petitions does not work nor is it long term effective, not sure organizing the people is long term effective. IYHO getting the measure on the ballot would that be the most effective counter-measure?

ChristopherCalabrese6 karma

It's important to remember that the petition is not the end. It's just a tool to that end - changing the law. Toward that goal we actually have bipartisan bills in both chambers of Congress. But some administrative agencies are holding them up because they want more power. We want the White House to tell them to knock it off. So it's actually a pretty strategic petition aimed at a particular goal in our larger effort.

mmasnick5 karma

I disagree. Not all petitions are effective, but we've seen multiples times that the WH has used the cover of a petition to suddenly endorse a position it had avoided before -- and there are strong indications that this may be true with this petition as well. Making it easy for the WH to say "the people want this" can be very helpful in tipping the balance here. By itself petitions may not do much, but they can be a useful part of a larger campaign.

Separately, organizing people absolutely can be very effective, if you get enough people actually involved.

Abscess23 karma

only CISPA and SOPA. But there were much more then online petitions. people were calling their reps, online companies speaking out agianst them. Even many tech savy congresspeople were speaking out loudly against SOPA and CISPA.

mmasnick3 karma

More than CISPA and SOPA. Don't have a full list handy but I know it was also helpful on the phone unlocking situation -- and that was one that didn't really have much outside support.

But, yes, you need more than just only petitions and the effort here is about a LOT more than online petitions. You have bills actually in place and a lot of vocal support in Congress.

ponscremator2 karma

Have any of you gotten threats/blackmail from anyone, Government or otherwise, due to any of your activities?

ChristopherCalabrese3 karma

No threats but if, hypothetically, one of my friends in the administration were to give me inside details on some of these programs I would never put it in an email. Of course that never happens but imagine if it did - would really hinder your work to not be able to communicate things electronically.

js-normative2 karma

I think they know better than that. If they did, I'd be shouting it from the rooftops. The way this has worked historically, though, is that derogatory information about political opponents is leaked indirectly, in a way that is difficult to trace back to government.

Abscess22 karma

There are some states writting laws to stop domestic spying on its citizens. Could these laws actually stop the NSA/CIA?

ChristopherCalabrese3 karma

I think it's tough for states to weigh in on the NSA/CIA however there are actually a ton of things states can do, in fact they are frequently a hot bed of activity on privacy. Here's an incomplete list of some of the many issues states can regulate or be involved in: 1. location tracking 2. license plate readers 3. email privacy (state ECPA bills) 4. drone surveillance 5. employers accessing employee social media accounts

Go seek out your local ACLU affiliate (there is one in every state). They are likely to have at least one bill you can support at the state level.

john_snuu2 karma

What is the best way to balance freedom with security? Also, a question I ask a lot - if what the NSA is currently doing has saved one innocent American from death, is it worth it?

ChristopherCalabrese3 karma

Well typically the gov't successes from the NSA program don't hold up to scrutiny. Here's just one example

I think it's very fair to be skeptical of them but ultimately we have rules for good reason - our founding fathers know that police and gov't could run amok if not contained. They crafted a very good balance that has held for two centuries.

john_snuu2 karma

I agree. But if has saved an innocent life, was it worth it? I think this is a tough question. If it's worth it, then we should be okay with it. If it's not worth it, we are placing more value on our principles (ideas, ethics, whatever) than the life of an innocent person we do not know.

js-normative2 karma

Well, arguably we do this constantly. Could police catch one additional murderer if they could search houses without warrants? Maybe so. We think that's a price worth paying to live in a society where the police can't march into your house without a warrant.

infernalhell6662 karma

As a non-American Graduate Student in America, do I have any reasonable expectation of privacy? Do I qualify for the First and Fourth Amendment rights? Do I have the rights against search and seizure?

In other words, what rights do I qualify for while I stay here in America?

ChristopherCalabrese3 karma

Yes, the short answer is that the Constitution applies to you in the US. It's more complicated that that in limited circumstances but that is basically the rule.

KEM102 karma


How effective do you believe the CDT is in informing congress about how their bills are backwards and absurd? If not, why not?

I ask because while in healthcare I visited HIMSS and AMIA conferences, and they seem to work fairly well with elected leaders.

MarkStanley3 karma

I think we're pretty effective :) We take into consideration all perspectives when working on any issue, but at the end of the day, we are staunch defenders of a free and open Internet, and we do our best to defend digital liberties by working closely with Congress.

BroTheTurtle2 karma

I preface this with a thank you. I am currently in a media law class that studies all types of laws, court cases, and events. My thank you comes in because it seems that whenever I read of an organization standing up for us it is you guys. Your organization has fought tyrannic laws for decades and done so much for everyone in this nation. You guys are like Batman but with lawyers. And hopefully parents.

Question: What is a good way for a college aged filmmaker to take action?

ChristopherCalabrese3 karma

Man that is super nice. There sure are lots of good lawyers in the ACLU's past and I'm always proud to be part of that tradition.

In terms of getting involved I would tap your own creative vision. What do you like about American in terms of keeping things private (or sharing them). What bothers you and your friends? Then tie it to an action of some kind. Doesn't have to be the NSA, it can be a state privacy issue or part of a larger campaign like ECPA.

TL;DR plug in, care, create, act

edited for typos

dallasdude2 karma

I have read this stuff for years. I sign the occasional petition, and I write to my reps when bad bills like SOPA are brewing. I feel like a broken record, and like we are sitting here clicking on petitions and writing reps, and "reforming" anything in the present climate will surely mean reform in further favor of monopoly rights holders. What can we do? Beyond petitions. Mike I've read TD for like eight years. I can see the frustration in your words too..

mmasnick2 karma

I try to balance the frustration and optimism. :) I'm an optimist at heart and over time we do see changes and they're good changes. The fight against SOPA worked. More people engaged means more good stuff happens. It's frustrating in the short-term but can be quite good in the long term.

ItsNotEasyBeinCheesy2 karma

You can petition all you want. I've learned one immutable, universal truth about this administration: They don't give a rat's ass about what "the people" want. You could get every single person in the country who can type or hold a pen to sign that petition, and it'll get looked at, and torn into 4"x4" squares and used like they're using the Constitution. I applaud your effort and your cause....but with these people, it's a fruitless endeavor.

mmasnick4 karma

I see this kind of cynicism a lot and I think it's dangerous. As I've said repeatedly elsewhere, while the WH may ignore many petitions that is NOT universally true, and with coordinated campaigns they often do respond. And, in fact, on this issue there are many indications that they're looking for something like this petition to make a public statement in support of ECPA reform.

I have my problems with many of the actions of this administration too, but I think this kind of absolutely defeatist attitude, saying that they'll never so anything is really harmful. It plays into the hands of those you disagree with.

Also, it's not true that they completely ignore the will of the people. Enough people make a difference. Cynicism has its place (and I feel cynical probably more often than most), but misplace cynicism simply gives a victory to those who you disagree with most. Don't give them that simple satisfaction.

CapAnson2 karma

How big do you see the problem of public apathy, or lack of education about technology? It's easy to understand why police shouldn't have the right to drive by, open up your mailbox at random, and start sifting through your mail.. but it's difficult for the average joe who's not technically inclined to make sense of all the acronyms, technical terms, and confusing concepts involved with expanding technology. This problem is even worse with seniors, as many of them simply refuse to learn even basic computer skills, and ultimately in terms of privacy just throw up their hands and decide to trust the government.

ChristopherCalabrese2 karma

Well everyone isn't able to care about everything, of course. One thing you can do is let people know that legal change is possible and does matter. Point them to the petition or an email action. Or a physical letter if they don't use the internet.

If you try to explain it and someone's eyes start to glaze over, just say "listen, do you trust me that I know what I'm talking about? Yes? Then do this!"

I know it's a short cut that doesn't actually educate people but if their rights are protected, well they can thank you later.

joderd2 karma

What advice would you give to someone who would want to make an eventual career out of protecting civil liberties, preferably without a law degree?

mmasnick3 karma

There are lots of ways to be involved without a law degree. I think only one of the four people in this AMA have a law degree. I don't. There are tons of writers and activists who are making a real difference, and lots of way to hook up with them -- or just build your own voice and become identified with certain issues.

js-normative2 karma

Also a non-lawyer, though I will immodestly suggest that I know ECPA/FISA & Fourth Amendment law as well as plenty of lawyers. The information is out there—if you don't need to litigate and are willing to spend the time and a few bucks on books, you don't need three years torts & contracts to learn enough to be an effective advocate. Put in the time and effort to learn the issues and just start writing; if you have something interesting to say, people will notice.

dJe7812 karma

Hello. First, thanks for doing this AMA.

Unfortunately, the matter of electronic surveillance without a warrant is very current in several countries, including mine.

How would you explain the fact that such initiatives are often backed up by representatives of the people themselves? Are we talking incompetence or betrayal? Maybe even something else that I fail to imagine?

Also, do you think that polite rejection from the people is enough to stem this kind of non-progress?

MarkStanley2 karma

I think, at least here in the US, the fact that ECPA hasn't been updated is just an unfortunate fact that sometimes the status quo can get entrenched, at least when it comes to federal laws - our technologies have changed, but the laws that impact those technologies, like ECPA, don't always keep pace. But we're closer to reform than we've ever been.

js-normative2 karma

The trouble with electronic surveillance is that it's generally invisible. When police march into your house with a general warrant, people tend to notice and get outraged—when they use the modern equivalent of a general warrant, even if the information is ultimately misused in some way, the people whose privacy is violated may not ever become aware of it. If, on the other hand, criminals or terrorists are captured, that can be touted as a success of the system even when police could have obtained the same information by less intrusive means. That, I think, is the basic political dynamic.

acaffar22 karma

How is this a problem that we'd even be able to fix?

MarkStanley2 karma

Simple, Congress should finally update ECPA. It's been 27 years since it passed - it's time for an update

acaffar22 karma

My question is more nuanced than this: do you think they would willingly give up their ability to do this?

I realize congress isn't the one doing the spying, but I think expecting the government to give up any of its power isn't something we can count on.

mmasnick2 karma

There is a lot of interest in Congress (and actual bills) to reform this. Yes, law enforcement (and the IRS and SEC in particular) are against this, but don't think that just because it's all "the government" they won't move forward on this. It has a very real possibility of moving forward.

Valendr0s2 karma

What is this bill and why do you like it?

MarkStanley3 karma

There are a few bills to reform ECPA that we like that currently have momentum in Congress - one is in the Senate, and was intro'ed by Senators Leahy (D-VT) and Lee (R-UT); another is in the House, and was intro'ed by Reps Kevin Yoder (R-KS) and Jared Polis (D-CO). We like these bills because they would require a warrant for the government to access the content of our digital communications, just like it needs a warrant to access our postal mail.

thegreathal2 karma

Mark -- I'm writing my thesis on youth privacy rights, and I'm disappointed by the "eraser laws" enacted in CA and proposed elsewhere. These laws require certain web sites to delete material posted by minors upon long as that data hasn't been interacted with by others. CDT rightfully points out that companies may simply respond by barring minors from using their services. Is there any way to enact rights-based protections for minors without segmenting the internet? For that matter, is it appropriate to have privacy rights that only apply to young people?

js-normative3 karma

We've actually already seen something much like this: Child online privacy laws mean that many kids under 13 are nominally banned from using services like Facebook, with the result that they simply lie about their ages—sometimes with the assistance of parents—to get access. It's not clear how you can implement age-based restrictions effectively without a burdensome system of ubiquitous age-verification that raises its own privacy issues. In principle, I have no problem with saying "look, children can't meaningfully consent to provide information and the rules should be different there," but as a practical matter it seems difficult to implement that idea in ways that don't create serious secondary consequences.

SteveFromTheKenoma2 karma


I wondered if there were any people in congress here in US who are taking the lead on this and making it their issue, and I wonder if any specific legislation has been proposed or is making the rounds online.

Do any of the participants have a model over what privacy legislation would specifically look like? It seems like we need a very specific "act" for people to get behind and support. The more I think about the issue, the more complicated writing legislation seems, even though there is probably a coalescing consensus on the basic things that need protection.

How can we get to the point where we have a specific proposal?

js-normative2 karma

Patrick Leahy has legislation to fix problems with the outdated ECPA statute. A separate bill, the USA FREEDOM Act cosponsored by Leahy in the Senate and Jim Sensenbrenner in the house, addresses a range of problems with NSA surveillance.

alpha-not-omega2 karma

The best way to defeat groups such as the ACLU, CDT, EFF, etc. is also very easily done: diffuse your focus. Get each group to focus on something different. Cause in-fighting over priorities. Cause frequent changes in focus to the trendy cause de jour. Weaken insidiously from all angles.

This AMA is focused on ECPA, but in so many other cases I see the above strategy working exceedingly well as witnessed by the cynicism. What efforts are going on to keep focus and unify efforts? Is there Project for the New American Century equivalent? Why, for example, is the EFF not here?

mmasnick2 karma

Lots of groups are working together on this and a number of other issues. EFF is heavily involved in this effort as well. Just because they're not on the AMA doesn't mean they're not active on this issue...

There is a loose coalition of different groups, organizations and individuals who are all working together on a variety of issues of importance concerning "digital" issues. I don't believe there's any lack of focus. With a loose coalition you get different ones taking the lead on different issues, and everyone else supporting where and when necessary. It's actually been fairly effective.

yndrome2 karma

Hi Team!

This question goes to Mike Masnick, as I referenced you a lot in a paper I wrote for my patent law course relating to reforming patent legislation in Canada, using the US as an example of what we want to avoid (even though we aren't perfect either). I'm just curious on your thoughts of using some aspects of copyright, like independent innovation, and incorporating them in to patents? Maybe to take things further open-sourcing inventions? Similarly, do you think a "make use of" provision, defined quite narrowly, but not so narrow to hinder small inventors. And would not include law suits as making use of, would prevent NPEs from pursuing frivolous lawsuits?

Also, just a thank you to all of you who are involved in what you do. I interned for a semester at the Canadian Internet Privacy and Public Interest Clinic (CIPPIC), and really admire a lot of the work you folks do.

mmasnick4 karma

This is a little off-topic on the privacy focus of this AMA, but it is an AMA after all, so I'll take it (why aren't you asking me about Rampart?!?).

I'm a HUGE supporter of the independent inventor defense for patents. It's probably the single biggest concept I've pushed for. I'd actually take it a bit further than a mere independent inventor defense such that independent invention should be a sign that an invention is considered "obvious" to those skilled in the art, and therefore the underlying invention is not subject to patent protection.

Do that and I think you get rid of 80% of the problems of the patent system.

I'm less enthused about a "make use of" provision, because I can see situations where, say, it's not so easy for the inventor to make use of something and this could hinder some situations. Some have suggested a modified make use of provision where you'd just have to show some sort of effort towards putting the invention into practice... but the specifics here could matter quite a bit.

disco_stewie2 karma

I heard your ad on my radio station just as I was returning from lunch!

It's my understanding (IANAL) that "data" belongs to whomever generated it. This is why the Feds can simply ask Google, "So yeah, those server logs...can we have a gander?" If Google says no, the feds need a search warrant for GOOGLE, not for me.

E-mail is kind of the gray area of "Well, who owns the hard drive?" since the e-mails were technically generated by someone else but it is stored digitally on a storage device.

Too be perfectly honest, I'm not sure where I stand on this issue, primarily because I have conflicting interests. Of course, I don't want Google to just willy-nilly just give away my e-mails but at the same time, I personally don't want to respond to my users asking me to sanitize my server (because, after all, it's my server; I paid for it, I develop it, etc).

What are ways around this that protect the end-user's right to privacy but also protect people like me from having to respond to user requests on my own private server?

IMHO, if I want privacy online, it's my job to do it. Encrypt my e-mails, use HTTPS everywhere (sure it doesn't stop the end server from logging my traffic but it does stop the occasional packet sniffer), hide behind 6 proxies, etc. I realize not everyone is this savvy but it seems like there isn't a way to guarantee privacy without sacrificing someone's personal liberty.

ChristopherCalabrese3 karma

Well this is actually one of the points of the ECPA reform effort. Google and Facebook and Microsoft and lots of other companies are supporters. One of the reasons is exactly that - they don't want to be in the middle. Instead they want police to bring them a warrant. That way they don't have to deliberate, warrant = access. No warrant no access.

[deleted]1 karma


MarkStanley2 karma

We just had a long discussion about this in a thread above. Like I said, it's one of the most common refrains we hear, and it's already popped up several times on this AMA. But check out the thread - we all weighed in with our thoughts