Get PolitiFact in your inbox.

Customer IT infrastructures are shown last year in the Quality Technology Services Atlanta Metro Data Center. Atlanta has become an exploding market for data centers as the demand for cloud computing grows. (AJC Photo/Jason Getz) Customer IT infrastructures are shown last year in the Quality Technology Services Atlanta Metro Data Center. Atlanta has become an exploding market for data centers as the demand for cloud computing grows. (AJC Photo/Jason Getz)

Customer IT infrastructures are shown last year in the Quality Technology Services Atlanta Metro Data Center. Atlanta has become an exploding market for data centers as the demand for cloud computing grows. (AJC Photo/Jason Getz)

By Janel Davis September 10, 2013

Your old emails could be in government inbox now

You’ve got mail. And depending on how long its been since you’ve read it, the government can read it, too.

That’s the claim U.S. Rep. Tom Graves made in a district update to his constituents this summer.

"It’s shocking, but true," Graves, R-Ranger, said in the emailed update. "The government does not need a warrant to read your old emails. How can this be? Simply put, our privacy laws are outdated."

Since May, when former government defense contractor Edward Snowden leaked the details of two National Security Agency spy programs that track phone and Internet communications, there has been a heightened interest in how much privacy Americans actually have.

PolitiFact Georgia gets and sends a lot of email. We wanted to know whether our bygone missives could be subject to government perusal, so we went looking for answers.

Graves’ update referenced the Email Privacy Act that he introduced, along with U.S. Reps. Kevin Yoder and Jared Polis, to update the current electronic communication privacy laws. The bill, introduced in May, has gained 137 bipartisan co-sponsors and has been referred to a House committee. The Graves bill is a companion to a similar bill being pushed in the Senate by U.S. Sens. Patrick Leahy and Mike Lee. The Senate bill passed out of committee and is up for a full chamber vote.

If passed, both bills would update the current law that governs data storage, the Electronic Communications Privacy Act. The ECPA, passed in 1986, regulates government access to private information that is transmitted and stored on the Internet, such as email. The law considers emails stored on third-party servers for longer than 180 days as abandoned. The 1986 law allows federal agencies to obtain a subpoena -- but doesn’t require a warrant from a judge -- to view the records. (Emails less than 180 days old do require a judicial warrant to obtain.)

"The (ECPA) was written at a time when people didn’t store emails on a server and there was no cloud. Storage was expensive and most people didn’t keep emails long -- they downloaded things to the desktop," said Mark Stanley, a campaign and communications strategist for the Center for Democracy and Technology, a nonprofit public policy organization that works to improve privacy in communications technology.   

When the law was written, users of the early Internet often downloaded emails directly to their hard drives to save them.  Service providers deleted messages on their servers immediately to free up valuable storage space. Today, storage space is practically unlimited. Deleting messages from your inbox doesn’t preclude them from still existing on your computer’s hard drive, your email provider’s server, or in the inbox or on the server of the person receiving the email.

Graves’ email privacy act would drop the 180-day provision from the existing law and require a warrant to obtain the emails. The bill "would ensure that Fourth Amendment protections Americans already have for mail, phone calls, and other paper/hard documents are extended to their soft communications too," the three congressmen wrote in a Wired op-ed.

One exception exists to the current electronic communications privacy law, but not in our area. A ruling in a 2010 federal appeals court case, United States v. Warshak, found that police violated a man’s constitutional rights by reading his emails without a warrant. The Supreme Court has not addressed this case, and the ruling only applies to states in the court’s 6th Circuit jurisdiction of Kentucky, Michigan, Ohio and Tennessee.

Because of this ruling, email and Internet companies Facebook, Google, Microsoft and Yahoo require warrants and subpoenas to release emails and other stored data. But there is no guarantee that their requirements would hold up in court.

A coalition of communications, privacy and human rights groups have lobbied Congress to update the current electronic data bill. The Washington Post editorial board urged lawmakers to close the email loophole in a July editorial.

Privacy expert and professor John Soma, who leads the Privacy Foundation at the University of Denver,  also vouched for Graves’ claim. Soma said the legislators’ bill is tame in regards to what data management changes should be made to the law.

But getting the bill passed could be difficult. GovTrack, which follows federal legislation, gives Graves’ bill only an 8 percent chance of being enacted; the Senate bill fares a bit better at 14 percent. Soma gives it a better chance, especially after Snowden revealed the government’s surveillance practices.

"I’d give (the bill) a 50-50 chance, maybe more," Soma said. "We do need a change."

So, does Graves’ claim about email make it to the inbox or get filtered  into junk mail?

The Georgia congressman said the government doesn’t need a warrant to read our old emails. Current law, in place before many modern technology advances, does not include a provision protecting email over 180 days old from the government’s prying eyes.

Graves and a cadre of congressional members are working to update the privacy laws. But in the meantime the old rules stand.

We rate Graves’ claim True.

Our Sources

U.S. Rep. Tom Graves, district update, "Your emails aren’t protected," June 28, 2013, "It’s beyond ridiculous that email (but not mail) has been left out of privacy laws," Congressmen Kevin Yoder, Tom Graves and Jared Polis, June 17, 2013, HR 1852: Email Privacy Act, introduced May 7, 2013

Electronic Communications Privacy Act (ECPA)

Phone interview, Mark Stanley, campaign and communications strategist, Center for Democracy and Technology, Sept. 5, 2013

Phone interview, John Soma, executive director, University of Denver Privacy Foundation,Sept. 6, 2013

U.S. Sen. Mike Lee, news release, "Senate Judiciary Committee approves Leahy-Lee Electronic Communications Privacy Amendments Ace," April 25, 2013

The Hill, "Facebook, email providers say they require warrants for private data seizures," Brendan Sasso, Jan. 25, 2013

ACLU, "Reading of emails without warrant likely extends beyond IRS," Nathan Freed Wessler, April 14, 2013

Washington Post, "An email loophole Congress needs to close," editorial board, July 10, 2013

PolitiFact, "Are Americans being ‘targeted’ for surveillance?" Jon Greenberg, July 2, 2013

Huffington Post, "ECPA Amendment passes, as Senate Judiciary votes to require warrant for email snooping," Matt     Sledge, Nov. 29, 2012

Browse the Truth-O-Meter

More by Janel Davis

Your old emails could be in government inbox now

Support independent fact-checking.
Become a member!

In a world of wild talk and fake news, help us stand up for the facts.

Sign me up