HACK THE PLANET, PART II
The week of August 9, 2015

Deleting your browser history could land you in prison

By S.E. Smith
The absence of evidence shouldn’t be viewed as proof of guilt, but tell that to the U.S. federal court—where Khairullozhon Matanov received a 30-month sentence in mid-June, in part for deleting his browser history. Though he wasn’t an accomplice in the Boston bombing, the FBI charged that the friend of the Tsarnaev brothers with obstructing justice by destroying evidence in the case. That evidence includes now-deleted entries in his browser history, along with certain videos.
Matanov isn’t the first person to be sentenced under such circumstances. This is a disturbing trend when it comes to how the federal government views the Internet and information technology.
Instead of being a resource for readily available information that citizens can access at will, the Internet is becoming a tool for spying on citizens and residents of the United States. People no longer enjoy the explicit right to privacy that would protect them from warrantless wiretapping and seizure of Internet records. As Matanov’s case illustrates, they’re also not entitled to the legal protection of being allowed to have control over their own browser history and private records.

In an interview with the Nation, the Electronic Frontier Foundation’s Hanni Fakhoury observed: “The idea that you have to create a record of where you’ve gone or open all your cupboards all the time and leave your front door unlocked and available for law enforcement inspection at any time is not the country we have established for ourselves more than 200 years ago.”

However, that’s precisely what’s happening in this case.

He was charged, as others have been in similar cases, under the Sarbanes-Oxley Act. SOX, as it’s known, was a direct response to the corporate abuses of firms like Enron, which destroyed untold accounting records and documentation to avoid culpability for federal crimes. Under the law, people are required to preserve any evidence they knowingly believe could be used in future investigations, even if no such investigation has been launched.

This is where Matanov ran into trouble. After the bombing, still not knowing who was responsible, he met up with the Tsarnaev brothers for dinner. His roommate testified that Matanov expressed some troubling beliefs about the bombing at some point after this meeting—including the belief that it might have been justified under his personal interpretation of Islam. It took Matanov several days to learn who was involved. Clearly suspecting that the situation was about to get ugly, and likely in a panic, he doctored his browser history just days after the bombing and deleted videos that betrayed his relationship with the two brothers and the type of material they liked to watch together in social settings, which often included violent and disturbing videos.
Without SOX, this would have been a personal matter, but under the law, prosecutors argued that he made a conscious choice to destroy materials he knew could be used in a future investigation.

This series of events explains how Matanov found himself pleading guilty to four charges of obstruction of justice on advice from his attorneys, for which he faced up to 20 years in prison. The case further backs up an extremely disturbing existing precedent: Under SOX, it could theoretically be argued that no one’s browser history is private, which is clearly absurd.

There are numerous entirely legitimate reasons to turn private browsing on or opt to clear history. For example, many people prefer to research medical problems privately to protect their privacy. Young people looking for sexual health resources often clear their history to avoid attracting attention from their parents, as do those looking for help with sexual or physical abuse. A partner buying a present for someone might want to avoid ruining the surprise.

Enumerating reasons for the legitimate usage of private browsing or deleted records, however, is beside the point: Privacy is a fundamental right in the United States, and people don’t need to justify how they use their computers. If instructed to preserve anything that could be considered evidence in a federal investigation, people are effectively backed into a corner, guilty until proven innocent. Individuals are not evidence preservation specialists, and they shouldn’t be held responsible for clinging to every possible scrap of data that might someday be useful in federal cases.
If a friend is murdered and authorities determine the case is federal in scope, are past emails potential evidence into the investigation of her death? Do you know where the letters you traded with her in college are? Is correspondence with your personal accountant suddenly evidence, if she’s indicted in a federal case that has nothing to do with your business interactions?
In cases where electronic evidence relevant to a case is destroyed, there are already precedents for charging people with destruction of evidence or evidence tampering. There’s no need to abuse SOX to browbeat people into pleading guilty on federal charges.

In fact, the Daily Beast’s Susan Zalkind argues that there are some very good reasons to avoid doing exactly what the FBI did in this case.

Pressing charges against people who come forward may cost lives, too. Michael German, a former FBI agent and terrorism specialist now with the Brennan Center for Justice, says the repercussions of overzealous prosecution can be damning to national-security efforts.

The U.S. government has already demonstrated a somewhat unhealthy interest in the private business of its people, turning American soil into something resembling From Russia With Love. With repeated violations of privacy rights, the government has confiscated phone records and other private materials in highly dubious and possibly illegal circumstances, and it’s freely wiretapped and spied on citizens. While Americans may not be actually living under the modern-day equivalent of the KGB, this is hardly a nation that trusts its citizens.

This has increasingly been the case after Sept. 11, 2001. Congress passed the Patriot Act the next month on the grounds that the nation needed to protect its populace from further terrorist attacks. Fourteen years later and under the auspices of President Obama—a president who has significantly contributed to the security state—Congress has just reaffirmed the principles of the Patriot Act, though some clauses were allowed to expire. Notably, the NSA will no longer be permitted to collect phone data at will, instead relying on phone companies to turn over their records, which may come as cold comfort to some Americans.

Despite repeated outcry from individuals, organizations committed to privacy, and even some government actors, the government as a whole views its citizens as enemies, and cases like this are a striking example of the consequences. SOX was designed to bring down corporate wrongdoers, and instead it’s being used to target individuals—while corporations that brought the nation to its financial knees in 2008 are still not being held fully accountable.

Troublingly, alongside the government abuses of privacy comes the fact that the feds cannot necessarily be trusted with private data. This was illustrated in early June, when the federal government finally admitted that the Office of Personnel Management had been the victim of a sustained electronic attack, and it had no idea how long the breach had been occurring. Some 22 million federal employees were affected by the breach, one that could have been prevented through basic security measures the government failed to deploy. The Internal Revenue Service discovered an ongoing extensive breach the previous month, and in 2014, there were at least 10 major hacks to federal agencies’ systems.

The argument under this new enforcement of SOX is that people who have nothing to hide shouldn’t be concerned about showing the government what they have. This isn’t considered a convincing argument in many legal settings—for example, when police officers pull over a driver, and the driver refuses a search on the grounds of personal privacy—but for some reason, the reasoning is becoming par for the course when it comes to electronic searches. This is a dangerous and unacceptable breach of American freedom and tradition.

Even the government has to grudgingly admit that Matanov didn’t really commit any crime, despite the fact that the FBI stalked him for over a year. Spending time with people who do terrible things and endorsing hateful views doesn’t make one a criminal, especially given that he met with police as soon as he understood the scope of the bombing to disclose his relationship to the Tsarnaevs. However, he was still punished simply for having viewed—and later hiding—some questionable content on the Internet, a prospect that all of us should find chilling.

If people are too afraid to use the Internet, or browsers start coming with a governor that makes it impossible to clear their caches for any reason, the terrorists really will have won.

 

S. E. Smith is a writer, editor, and agitator with regular appearances in the Guardian and Salon, along with several anthologies. Smith also serves as the social justice editor for xoJane and will be co-chairing WisCon 40—the preeminent feminist science-fiction conference—in 2016. A version of this story was originally published by the Daily Dot on June 10, 2015. 

Illustration by Tiffany Pai