Today I published a WSJ Op-Ed piece, “Mary Jo White Wants to Read Your Gmails,” discussing the uproar about the SEC’s opposition to the Email Privacy Act, which passed unanimously in the House and is presently residing with the Senate.
The SEC believes that it should have authority to subpoena emails from Internet Service Providers (ISPs) like Gmail, Yahoo and Dropbox. If granted this authority, it would seriously undermine the privacy of American citizens.
Contrary to the SEC and Chair Mary Jo White’s assertions, the SEC has never had authority to obtain emails from ISPs; I should know, I led the team that drafted the SEC Enforcement Division’s online investigative guidelines, which expressly prohibited the SEC from obtaining emails from ISPs. Like old-fashioned post office boxes, the only way to intercept communications at an ISP is to obtain a search warrant, which the SEC, being a civil enforcement agency, has no authority to do.
Here is an excerpt form my op-ed article:
Make no mistake: If the SEC did someday subpoena and read personal emails, its demands would be broad and sweeping, with no consideration for privacy. It might wind up holding intimate information about the sender’s friends and family that is irrelevant to its investigation, or even privileged communications with a spouse, counsel or clergy, which government agencies are generally prohibited from reading.
What in the past hindered overbroad subpoenas were not legal so much as logistical concerns. A witness might back up the proverbial truck to SEC headquarters to dump hundreds or even thousands of boxes of documents—a nightmare for staff to review and even to inventory, delaying the investigation. Those days are long gone. Improved data handling has made storing and searching through a massive document dump not only easy but even appealing. The SEC now vacuums up terabytes of data, even going so far as to subpoena physical computer hard drives (a dubious investigatory tactic that raises its own legal questions).
Technology facilitates the capture and examination of personal emails, but that does not mean the SEC should be allowed to do so. It is not a criminal agency and operates under its own unique, and far less limiting, civil legal framework. Unlike criminal agencies, the SEC makes no distinction among targets, subjects or witnesses, meaning that throughout an investigation it treats innocent bystanders exactly the same as suspects. The SEC’s administrative subpoenas rarely (if ever) are seen by a judge, let alone approved by one.”