In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to protect the privacy of electronic communications. In the quarter of a century since then, technology has evolved tremendously; while few households had computers in 1986, today practically everyone uses smartphones and cloud-based services to exchange private information. Despite these changes, the ECPA has not been updated to carry out its purpose.
The Senate Judiciary recently approved an amendment introduced by Senator Leahy requiring the government to produce a warrant before spying on our emails. We recently addressed whether moving this amendment out of committee was enough to protect privacy.
Currently, the most controversial part of the ECPA, the Stored Communications Act (SCA), provides little protection vis à vis the government. It generally prohibits service providers from disclosing to third parties the content of electronic communications that are placed in storage. For law enforcement purposes, however, it makes it relatively easy for the government to bypass this prohibition and gain access to personal emails maintained on the servers of companies like Google and Yahoo. The SCA says the government needs a search warrant to obtain communications held in storage for less than 180 days but only a subpoena or a court order based on “reasonable grounds” when they are held in storage for more than 180 days. What’s more, the person whose communication is disclosed may not even be notified if a court determines that notice might have an adverse impact on a criminal investigation.
Senator Leahy explained that the 180-day distinction is now anachronistic; in the past, users downloaded emails onto hard drives then deleted them, which meant they became physical property that is subject to the Fourth Amendment.
Grover Norquist of Americans for Tax Reforms and Laura Murphy of the ACLU, two unlikely bedfellows, have voiced their support to Senator Leahy’s amendment. Writing for The Hill, they point out what everyone expects: “email and information stored in the cloud should have the same legal protection as letters or information held by an individual in their home.”
Nadia Kayyali, legal fellow, explains how electronic privacy is still threatened without action by Congress:
The lack of response to privacy and civil liberties concerns from Congress in other areas, such as the Foreign Intelligence Surveillance Act Amendments of 2008(FAA), reinforces this impression. Even worse, regardless of whether these changes to ECPA pass, they are completely inapplicable in the national security context. If the government cannot simply seize old emails under ECPA, the National Security Agency can still engage in warrantless wiretapping under the FAA, and the FBI has access to a vast surveillance state that has continued to grow exponentially since 9-11.