Data Mine

Send Letters, Not Emails

Why it’s so much harder for the government to spy on your snail mail than your email.

A mailman for the U.S. Postal Service delivers mail on Nov. 15, 2012, in Miami.

A mailman for the U.S. Postal Service delivers mail on Nov. 15, 2012, in Miami.

Photo by Joe Raedle/Getty Images

On an average day, the United States Postal Service delivers 22 items to my home. I know this, because for the past three years I’ve been tracking delivery times, volume, addressees, types (letters, magazines, boxes) and categories of mail (letters, bills, catalogs).

This past weekend, while staring at our usual pile of Saturday mail, I noticed a Phantom Fireworks solicitation addressed to our home’s former owner. (Direct solicitations to my house have increased 37 percent in the past year.) During a typical week, the USPS delivers three pieces of misdirected mail and five items intended for previous owners. Our usual course of action is to write “delivered to wrong address” or “no longer at this address” on the envelope and drop it back in a mailbox. But the Phantom Fireworks flier? I threw it straight into the trash.

That action—handling someone else’s mail, reading the contents and then destroying it—directly violates 18 U.S.C. § 1703. It’s a federal crime punishable by a fine and up to a year in prison.

To be sure, the feds aren’t going to break down my door when I throw away a Lululemon or Athletica catalog addressed to my neighbor. Still, I know—and you know, too—that touching someone else’s mail is a big no-no. I can’t open a letter with someone else’s name on it. Your boss can’t open a package delivered to her office and intended solely for you. The IRS can’t intercept hard copies of your paycheck. Homeland Security can’t surveil you for subscribing to Guns & Ammo. By law, what the USPS delivers can only be opened by the person whose name is written on the item.

In the wake of revelations that the NSA has been filling databases with information about our emailing habits, I’ve been curious about the discrepancies between the laws that govern our physical and electronic mail. If the government isn’t supposed to be looking at our physical mail without justifiable cause, why can it watch our email messages without legal approval or, at the very least, our informed consent?

I brought Saturday’s pile of USPS mail over to my desk and compared it to what was currently in my computer’s inbox. I receive an average of 377 email messages every weekday. On the weekends, I get fewer, unless there’s been a family event with lots of photos. About 41 percent are spam or junk mail, but the rest are messages intended for me or for a group I belong to.

Looking back and forth between the pile of physical mail and my screen, I suddenly realized that the content delivered to my electronic inboxes is essentially the same as what the USPS slides through the mail slot. Both sets include bills, photos, reminders to schedule appointments, neighborhood newsletters, messages from my sister, and the like. In fact, the Staples catalog was the same in print and in electronic form: One was just a PDF of the other.

In the eyes of the government, what makes the mail on my desk so different from what’s on my computer?

It’s a question fit for Benjamin Franklin. Prior to the American Revolution, Franklin had been the postmaster for the British Crown, establishing postal delivery routes throughout the colonies. In the early days, it was only official government communications that passed through the post, and it was “sealed against inspection.” Later, when the mail could be used by citizens, carriers would regularly read others’ mail along their long routes for entertainment. Franklin, eager to maintain the sanctity of the mail in a time of political upheaval, developed a set of regulations and affixed locks to postal carriers’ saddle bags. Franklin’s early regulations became part of the basis for privacy law, as did the Fourth Amendment rule about unreasonable searches, which the Framers certainly intended to cover postal mail.

Nearly 200 years later, technologist Ray Tomlinson was helping to establish a modern-day postal system, one that wouldn’t require envelopes or stamps. It was 1971, and our Internet’s predecessor—ARPANET—had just launched. Tomlinson figured out a way to help early users send short messages in near real-time, and he sent the world’s first electronic mail message to himself.

Unlike Franklin’s postal service, email itself wasn’t a government-created system. Tomlinson’s communication vehicle was used first by universities, then commercial entities like Pegasus Mail, AOL, Excite, Yahoo, and Microsoft. Because these were corporations and educational institutions, they weren’t subject to federal law in the same way the postal service was.

You could argue that enforcing any kind of regulation would be impossible because of the volume of email messages exchanged daily, or because technological advancements dramatically outpace the speed at which our federal laws are created. Mail sent the old-fashioned way uses a more direct, explicit system. I write a letter to you, I drop it in the mailbox, it remains sealed until a USPS worker delivers it to you. That letter is likely the only copy in existence. If I sent you an email, however, a copy is stored locally on my machine, then probably at Rackspace or Gmail servers, which may or may not be inside of the U.S. Then the email is forwarded to another set of servers somewhere, where a copy might again be stored, until the message hits your provider and your own inbox. It takes only seconds for my message to reach you, but along the way it’s likely been tagged, sorted, and cataloged by a half-dozen different companies.

Our modern USPS and email systems grew up in different households. The USPS became a government entity subject to a certain set of federal regulations, while email became regulated by the FCC and laws of interstate commerce. For example, while companies can legally send fliers and brochures to our homes through the USPS, it can be a violation of the CAN-SPAM Act to send the same sort of commercial messages electronically.

Still, it seemed strange to me that we have stringent laws on the books governing my letters to my husband, but not the emails he and I exchange privately.

I put the question to Fred Lane, an attorney, expert in privacy law and the author of American Privacy: The 400-Year History of Our Most Contested Right. “The very nature of email is anti-control and anti-privacy,” he said. “Even Franklin would recognize that. In practical terms, it is difficult to have privacy control throughout the entire email process. We need to adapt our core principles to the new realities of communication.”

Lane reminded me of an earlier government surveillance program of traditional mail. Beginning in 1952, a CIA program codenamed SRPOINTER and SGPOINTER and later HTLINGUAL and HGLINGUAL authorized the interception and opening of mail items at facilities in Los Angeles and Jamaica, Queens, New York. The CIA insisted that a mail-opening operation was necessary to track the Americans it suspected of feeding information to the Soviets. A list of names was maintained, and data was collected on incoming and outgoing mail, while hundreds of thousands of letters destined for other countries were open and read.

When President Nixon took office in 1969, America’s security agencies were in constant disagreement on how to track security threats. A year later, one of Nixon’s aides, Tom Huston, crafted a plan to enlist the CIA, FBI, NSA and military intelligence agencies in wide-ranging electronic surveillance of U.S. citizens. Nixon wanted ongoing domestic intelligence on his administration’s so-called “left-wing radical” watch list, so the Huston Plan called for routinely opening postal mail and using something called “mail covers.”

During the Watergate hearings in 1973, postal mail surveillance was one of the issues brought to light. The programs were stopped, but mail covers continue to this day. In a criminal case, the USPS can be authorized use mail covers: to take photos of and record the information on the outside container, envelope, or label of anything it handles, and it may record the name and address of the sender and recipient, along with the place and date of the postmark, into a database. According to a source familiar with mail covers, there are tens of thousands of mail covers performed each year.

Mail covers aren’t supposed to be exploratory, and they don’t include the contents of whatever’s inside. To obtain a mail cover, law enforcement must first submit paperwork to the Postal Inspection Service in Chicago proving that there’s a criminal investigation under way.

But the USPS is collecting similar information on almost all mail, not just mail that is subject to covers. For example, you know those barcodes on the bottoms of our envelopes? The USPS scans those using a wide field camera and takes super-high resolution photographs of the back and front of most mail pieces—again, not the stuff inside—for sorting and diagnostic purposes. It’s actually because of the USPS that we have widespread optical character recognition technology in widespread use now. Before cameras and computers, postal workers would have to sort all mail by hand, making best guesses on illegible writing and trying to keep all correspondence in the right batches. These days, multiline OCR readers let the USPS sort thousands of pieces of mail per minute.

OCR software automatically extracts the text on an envelope and imports it into a database for later sorting and analysis. After the anthrax and ricin incidents, the USPS was able to track the pieces of mail before and after the contaminated letters to narrow down the source.

The topic of mail privacy was debated as recently as 2006. During his tenure in office, President Bush attached a signing statement to a reform bill that allowed federal authorities to ask for all mail cover data and even to open your mail without approval. His administration argued that the Patriot Act enabled the government to intercept USPS deliveries in “exigent circumstances, such as to protect human life and safety against hazardous materials, and the need for physical searches specifically authorized by law for foreign intelligence.” Sen. Charles Schumer criticized Bush at the time, saying that the action was a direct contradiction of our established mail protection laws and to the Constitution. Whether or not our USPS mail is being routinely opened today under a similar program is still not clear.

So where does that leave me and my various mailboxes? Ready for our lawmakers to have a meaningful debate on mail and privacy controls. What should the government be able to scrape and monitor from my email? Metadata alone? The fact that I’ve included Excel spreadsheets or photos? Or the content within the documents themselves? Should electronic messages, too, be “sealed against inspection?” Or should I assume that anything I send—even if it’s a self-destructing message—is not really private?