• Home
  • Incident Response 40 for 2022
  • About
  • Webcasts
  • Contact
Cybersecurity Docket
  • Data Breach
  • Global
  • People
  • Regulatory
  • Risk Mgmt
  • Subscribe by email
  • Subscribe
Browse: Home / 2016 / June / 20 / My WSJ Op-Ed Piece on the SEC’s and Email Privacy

My WSJ Op-Ed Piece on the SEC’s and Email Privacy

By Securities Docket on June 20, 2016, 9:05 am

Today I published a WSJ Op-Ed piece, “Mary Jo White Wants to Read Your Gmails,” discussing the uproar about the SEC’s opposition to the Email Privacy Act, which passed unanimously in the House and is presently residing with the Senate.

The SEC believes that it should have authority to subpoena emails from Internet Service Providers (ISPs) like Gmail, Yahoo and Dropbox.  If granted this authority, it would seriously undermine the privacy of American citizens.

Contrary to the SEC and Chair Mary Jo White’s assertions, the SEC has never had authority to obtain emails from ISPs; I should know, I led the team that drafted the SEC Enforcement Division’s online investigative guidelines, which expressly prohibited the SEC from obtaining emails from ISPs.  Like old-fashioned post office boxes, the only way to intercept communications at an ISP is to obtain a search warrant, which the SEC, being a civil enforcement agency, has no authority to do.

Here is an excerpt form my op-ed article:

Make no mistake: If the SEC did someday subpoena and read personal emails, its demands would be broad and sweeping, with no consideration for privacy. It might wind up holding intimate information about the sender’s friends and family that is irrelevant to its investigation, or even privileged communications with a spouse, counsel or clergy, which government agencies are generally prohibited from reading. 

What in the past hindered overbroad subpoenas were not legal so much as logistical concerns. A witness might back up the proverbial truck to SEC headquarters to dump hundreds or even thousands of boxes of documents—a nightmare for staff to review and even to inventory, delaying the investigation. Those days are long gone. Improved data handling has made storing and searching through a massive document dump not only easy but even appealing. The SEC now vacuums up terabytes of data, even going so far as to subpoena physical computer hard drives (a dubious investigatory tactic that raises its own legal questions).

Technology facilitates the capture and examination of personal emails, but that does not mean the SEC should be allowed to do so. It is not a criminal agency and operates under its own unique, and far less limiting, civil legal framework. Unlike criminal agencies, the SEC makes no distinction among targets, subjects or witnesses, meaning that throughout an investigation it treats innocent bystanders exactly the same as suspects. The SEC’s administrative subpoenas rarely (if ever) are seen by a judge, let alone approved by one.”

Posted in Regulatory, Top | Tagged Privacy, SEC

« Previous Next »

Now Available!

johnreedstark cover 230

Join Us On LinkedIn

Join the Cybersecurity and Incident Response Group on LinkedIn

Copyright © 2023 Cybersecurity Docket.

Powered by WordPress and Hybrid.