For Whatever Reason, The US Post Office Is Still Running Its Mail Cover Surveillance Program

The US Postal Service has been retaining metadata on snail mail for years. Back before mass scanning of every piece of mail was a reality, law enforcement requests had to be a bit more targeted. Investigators had to put in requests that required the postal service to log information about any mail sent to/from certain addresses or between certain addresses.

These days it’s far less complicated. As millions of Americans know, you have the option to have photos of all your incoming mail sent to your email, giving you a glimpse into the very near future in terms of mail service.

More than a decade ago, the technology finally achieved what law enforcement entities have always wanted: a perpetual stream of mail service data that can be accessed at any time for nearly any reason. While the so-called postal covers program had been around for years, it didn’t go mainstream until a whole lot of worldwide news headlines were being generated about secret US government surveillance programs, thanks to the Ed Snowden leaks.

Two years after the program made headlines (which was two months after the first Snowden leak), the USPS Inspector General (prompted by Congress) released its report on the program. That report found that mass scanning of mail was very much day-to-day business, but that actual oversight of the program was still nearly nonexistent.

The USPS wasn’t filing its required paperwork tracking government requests for snail mail info. The USPS rarely rejected another government agency’s demand for mail metadata. And the problems weren’t minute. The forms detailing compliance with government demands for data often weren’t being filed until more than two years after those reports were due.

However, few people thought this was a big deal. If USPS users were able to access snapshots of the outside of their incoming mail, surely the government should have the same privilege. It wasn’t until 2023 that Congress made a move to shut the program down — citing not only some concerning privacy violations but the lack of evidence showing easy access to weeks or months of mail snapshots was essential to law enforcement investigations.

Roughly a year later, that request from Congress has gone nowhere. However, more information about the program has been obtained thanks to the questions raised by the bipartisan group of federal legislators who moved to have the program shut down last May. Here’s Drew Harwell with more details for the Washington Post.

In a letter in May 2023, a group of eight senators, including Ron Wyden (D-Ore.), Rand Paul (R-Ky.) and Elizabeth Warren (D-Mass.), urged the agency to require a federal judge to approve the requests and to share more details on the program, saying officials there had chosen to “provide this surveillance service and to keep postal customers in the dark about the fact they have been subjected to monitoring.”

In a response earlier this month, the chief postal inspector, Gary Barksdale, declined to change the policy but provided nearly a decade’s worth of data showing that postal inspectors, federal agencies, and state and local police forces made an average of about 6,700 requests a year, and that inspectors additionally recorded data from about another 35,000 pieces of mail a year, on average.

Not exactly the answers these senators were hoping to get, especially the one that makes it clear the USPS will continue to allow pretty much carte blanche access to mail covers to law enforcement agencies.

The USPS (quite reasonably) points out there’s no expectation of privacy in the information contained on the outside of mail. And that’s an understandable position to take… to a certain extent. But no postal worker on their own could compile this information on their own despite having access to this information. And even if they could, it could not be obtained in bulk after the fact because the USPS and its employees would need to know what mail to track beforehand to generate these records.

What’s happening here is law enforcement leveraging tech to make a mockery of “reasonable expectation of privacy.” While we might expect our mail to be surveilled if we’re engaged in illegal activity, we certainly don’t expect law enforcement to have full access to metadata about our mail at any time and for any length of time.

But that’s my opinion. And even though that’s shared by plenty of privacy advocates, at least eight US senators, and perhaps thousands of people who don’t think law enforcement should be able to see what mail they get without at least probable cause to do so, it’s never been the view of the courts. And I don’t expect that to change.

But at some point someone has to acknowledge the fact that the reasonableness of the privacy invasion starts to shift when it becomes hundreds or thousands of data points. What’s reasonable for a single officer or government employee to observe in their personal capacity is nowhere near what can be “observed” with cameras and scanners that automatically capture and store this information for however long the government decides it should be stored and is accessible pretty much at will by other government agencies.

So, while it’s surprising law enforcement is still exploiting a communication system that has largely been surpassed by better, faster options, the far more disappointing takeaway is this: the government will take whatever’s not nailed down by warrant requirements just because it can.