Following Up on ECPA Reform

Last night, I represented EFF-Austin on a panel discussion hosted by America’s Future Foundation and Google.  The topic for the evening was the Electronic Communications Privacy Act of 1986 and a good time was had by all.  Fonda San Miguel proved itself a wonderful location for technology and privacy enthusiasts to congregate and discuss the important issues of the day.  Kudos to all who came and made their contribution to a lively and important discussion.

blog-ecpa-privacyupdate-500x280-v01As these things go, we did not gather to discuss this law because everyone agrees it’s working perfectly.  In fact, quite the opposite; there’s general consensus that this federal statute is working terribly and not protecting the privacy of Americans’ electronic communications.  The primary problem with ECPA is that it is old.  In the context of the Internet, it’s nearly pre-historic.  It may have been an effective and important statute for 1986, but today it no longer represents the privacy expectations of the American public.

Two of the most obvious problems with ECPA deal with the privacy protections for email.  First, ECPA protects the content of email from government searches with a warrant requirement only when it is less than 180 days old.  Second, the warrant requirement only applies when the email is unopened (except in the western states of the Ninth Circuit).  These distinctions are anachronisms from the mid-80s and they make no sense for the way that people use email today.  With free services offering multi-GB accounts, people customarily keep their email on their servers long past 180 days.  Any why should unopened email receive extra protection when the only messages that most of us leave unopened are spam?  The practical result of these now-nonsensical distinctions is that ECPA only requires law enforcement to get a warrant to search Americans’ spam.  Virtually every other email message can be obtained with a mere subpoena.

There are other wide-ranging problems with ECPA that are a direct result of the fact that the statute is ancient in comparison to the technologies that it covers.  The geolocation information produced by our cell phones creates a detailed map of our daily lives, but this can also be seized by law enforcement with a subpoena or a court order not based on probable cause.  Perhaps that wasn’t much of a problem in 1986, but it is today.  ECPA also allows the files we save in the cloud to be seized without a warrant, even though those same files would be protected by the Fourth Amendment if they were saved in a home file cabinet.  Americans expect more privacy than this and ECPA is in desperate need of modernization.

To that end, the Digital Due Process Coalition is leading the charge for reform.  They’ve gathered a wide spectrum of public interest groups and tech industry leaders to advocate for an update to the law.  DDP is backing the Leahy-Lee bill in the Senate and the Yoder-Polis bill in the House.  Both of these bills would require that law enforcement get a warrant based on probable cause before searching Americans’ email, no matter how old any message is and regardless of whether it’s been opened.  With these bills garnering broad bipartisan support, it looks like ECPA might finally get the fixes it needs to properly do its job in the 21st century.

Unfortunately, both bills have hit a road block.  The Securities and Exchange Commission has demanded that federal regulatory agencies receive an exemption.  The SEC wants the ability to search and seize Americans’ online communications and location records without a warrant.  In fact, it’s even worse than that.  Most regulatory agencies already have the ability to get these records directly from the people they’re investigating through the civil discovery process. The SEC wants the power to search and seize the online communications and location records of Americans without a warrant and without them knowing about it!

No way the SEC could get away this power grab, you say?  Think again.  Many senators and congressmen are lining up with the SEC.  The DDP and Senators Leahy and Lee, for their part, are not budging and both bills appear to be stalled.  Where does the White House come down?  We don’t know, but we should soon.  A We the People petition demanding ECPA reform without a loophole for regulatory agencies recently hit the 100,000 signature mark, which requires a response form the Obama administration.

If you’d like to help get ECPA reform passed so that America’s primary Internet privacy law contains the type of protections that Americans expect, then get on the phone and call your congressmen and senators.  Tell them to support either Leahy-Lee or Yoder-Polis without any loopholes.

 

Image reprinted with permission of the American Civil Liberties Union https://www.aclu.org Copyright 2014 American Civil Liberties Union

Leave a Reply

Your email address will not be published. Required fields are marked *