A recent kerfuffle between the Office of Special Prosecutor (OSP) Robert Mueller and lawyers representing the Presidential Transition Team (PTT) arose out of Mueller’s reported acquisition of the emails of the transition team from the Government Services Agency (GSA). Transition lawyers argue that the GSA provided Mueller’s team with emails that were subject to various privileges (including attorney-client or other privileges) without their knowledge or consent, and that members of the transition team had a reasonable expectation of privacy in the contents of their emails—at least before their functions were folded into that of the new administration at noon on January 20, 2017.

Before addressing the merits of the various claims of privacy and invasion thereof, I want to point out that this demonstrates one of the biggest problems inherent in how the Internet works. It’s the “third party” doctrine, which is being addressed by at least two different cases pending in the U.S. Supreme Court. The problem is inherent in the fact that, when using the Internet there is a disconnect between the “owner” of information and the entity that possesses that information. And by “owner,” I don’t mean an individual with title or copyright or anything as formal as that. I mean a person with some interest – usually a privacy interest – in the information.

Give and Take

The nature of the Internet is such that, absent special precautions, to get something you have to give up something. You want to read an article on microcephaly in Spanish goats (I really just made that up, so don’t even Google it), you give up your search request to Google (or Bing?), and to your Internet service provider, and if directed to a website, to that website as well. Every breath you take, every move you make, they’ll be watching you. When you use a cell phone (and by use, I mean have), you are constantly providing your cell provider with your approximate location, and various apps in your phone with a more precise GPS location as well. When you send or receive communications, the packets that make up the communications are bounced around the world, randomly transmitted, copied, reassembled and stored by various servers and devices. The Internet was designed to be a decentralized and resilient medium—by its nature dependent on the kindness of strangers.

This bifurcation causes all kinds of problems. It means, as the Supreme Court is considering, that information about where you are right this very instant is collected by your phone company and available to the FBI—without your knowledge or consent, and currently without the need for a search warrant. It also means that an email you send over Hotmail to a buddy in Baltimore may be seized – again without your knowledge – by cops in Bangladesh, because Microsoft (the operator of Hotmail) has a corporate entity, an office location or even just a bank account in that country. The U.S. Supreme Court is currently considering the authority of U.S. courts to seize emails located in Dublin because they were sent through Microsoft’s Hotmail, and Microsoft is a U.S. company.

So, at the end of the day, your privacy rights – and the third party’s privacy obligations – are dictated by whatever agreement you have in place regarding their right to monitor your conduct, and who “owns” the data you generate. And, irrespective of the contract, if some government agency has a search warrant or other authorized legal process, they can simply take the records from the third party—in most cases without even telling you. In fact, in the vast majority of cases, the government gets a “gag order” prohibiting the ISP, email provider, search provider, or social networking site from ever telling you that they have given up your stuff.

The Transition Team

With these principles in mind, let’s jump into the quagmire of who “owns” the emails of the presidential transition team, and who has a right to turn them over to the FBI or to Mueller.

The first question is whether the members of the transition team have a “reasonable expectation of privacy” in the contents of their “official” emails sent and received as part of their official duties. The simple answer is, no, of course not. Problem with the simple answer is that it is, well, simple. And misleadingly wrong.

When we say that an employee has “no reasonable expectation of privacy” in email (or searches, or anything else), we don’t really mean that. What we mean is that, vis a vis their employer (or anyone their employer reasonably shares that data with, including law enforcement), they have ceded their privacy rights. If they really had no expectation of privacy, then a hacker could, with legal impunity (well some legal impunity), steal and disseminate the contents of anyone’s email and claim that it wasn’t private. So, for individual members of the transition team, their rights are subservient to that of the transition team itself.

But that doesn’t mean that the transition team (and its employees) does not have an expectation of privacy vis a vis third parties.

Now we get into a sticky wicket. If the transition team is a “government agency” and its employees are government employees, then the transition emails, under the domain ptt.gov, are government emails and are the “property” of the GSA—subject to inspection, storage, use, and dissemination like the emails of any other government agency. If, on the other hand, the transition employees are not government employees, but are provided government hardware or access, then the right to inspect, monitor, copy and disclose is dictated by contract – mostly.

The Memorandum of Understanding between the GSA and the PTT is not altogether clear on this issue. Certain high-level members of the transition team are paid from government funds under the Presidential Transition Act, but the MOU also says that “members of the office staffs under the Presidential Transition Act, other than those detailed from Federal agencies, are not held or considered to be employees of the Federal Government.”

The GSA provided the transition team with computers and IT support services, a help desk, and certain cybersecurity functionality, but the MOU says nothing about the right – or the obligation – of GSA to monitor communications.

The fact that GSA provided hardware, software or even network access or email accounts to the members of the Presidential Transition Team is not, in and of itself, dispositive on the issue of whether GSA had the right to turn over the emails to Mueller’s team. When you move into an office, the office provider may provide a “turnkey” office system with computers, email, phones, etc., and may even provide email storage and security services. This does not permit the office manager to turn over the contents of your company’s email absent legal process.

If the agreement between GSA and the PTT said that the emails belonged to the government, or even that GSA had the right to monitor the communications, that would be one thing. As to emails sent by the PTT to government agencies, the government’s right to monitor would clearly exist—if not on one end of the transaction, then on the other. But for communications between the PTT and their counsel, simply because a government-provided computer or network was used, the matter is not entirely clear. At least not dispositive. Could Google or Microsoft “consent” to the FBI’s reading of your Gmail or Hotmail because you used their services? I think not. Neither providing the hardware nor the network in and of itself is enough to provide consent. Just because your employer pays for your cell phone service does not mean they can listen to your cell calls, or authorize the FBI to listen in to them. Doesn’t mean they can’t, either.

So, there are two issues. First, expectation of privacy of PTT employees vis a vis their employer. Second, expectation of privacy between PTT as an entity and its “provider,” the GSA. Again, to address these, we need more information.

Consent, Subpoena, Warrant

The expectation of privacy (and/or ownership rights) of the parties is important because they dictate not whether Mueller can get access to the contents of the emails, but how. If the emails “belong” to the GSA (or the U.S. government generally), then GSA can choose to consent to a search—basically just turn them over because they want to. Similarly, a grand jury subpoena can compel GSA in some circumstances to turn over certain records of theirs which are in their possession custody and control. But if the records “belong” to the PTT, and the PTT is not a government agency, and GSA is merely acting as a conduit for transmitting them and storing them, then we treat GSA like any other email provider, and the government under the Stored Communications Act (SCA) must get a search warrant and an SCA order to compel production, or get a subpoena or other process directed to the PTT. If the government wants to read your Gmail, they can either subpoena it from you, or get a search warrant issued to Google. Got it? Good.

Finally, there is the issue of privilege. Assuming that members of the PTT were not government employees or agents, and they were communicating with their counsel on matters that would otherwise be privileged, the problem with seizing these communications without the knowledge of the privilege holders is the same as if you searched a lawyer’s office in the dead of night, copied their files, but never told them about it. The law requires a privilege to be affirmatively asserted or it is deemed waived, but you can’t assert a privilege if you don’t know your communications have been seized. And the entity doing the seizing may or may not know that what they have seized is privileged. So, you may have a situation where genuinely privileged communications are disclosed to the entity from whom you most want to assert privilege, thereby tainting those who have come in contact with the privileged information. Sure, there are exceptions to the privilege rules, including asking whether the privilege really existed in the first place, the crime-fraud exception to the privilege, and even whether the use of an insecure medium or third-party storage is itself incompatible with the kind of secrecy necessary for the privilege to exist in the first place. And if the PTT employees really work for the government, then the privilege may be held by the government which can, of course, waive it.

In the old days (say, the 1980s), my documents were in my filing cabinet in my office. If you wanted them, you asked me for them, you compelled me to produce them, or you got a warrant to search me. Nowadays, my records are in some cloud server somewhere. I may never know if, and when, and by whom they are examined. Welcome to the world wide web. Making jobs for lawyers since 1971.