ECPA was created in 1986, hasn't been updated since, and has been notoriously inefficient in accommodating privacy within the technological era. The antiquated law has been shelved even though we have seen many privacy bills come before Congress, but now, updating ECPA is gaining traction on the Hill.
As the Digital Due Process Coalition points out,
Technology has advanced dramatically since 1986, and ECPA has been outpaced. The statute has not undergone a significant revision since it was enacted in 1986—light years ago in Internet time. As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected.
During yesterday's hearing on ECPA, the House Judiciary Committee members expectantly reiterated the common positions of Google, Intel, the ACLU, and BORDC, all of whom are calling for modernizing our laws to protect law enforcement, customers, and service providers from abuse.
Chairman Nadler (D-NY) said, "These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from criminals, to intervene in our private lives."
Rep. Hank Johnson (D-GA) called on Congress to rewrite ECPA: "I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers."
However, committee members struggled to keep up with those testifying. Without significant understanding of networking language, it is still easy to see that a law that protects our e-mails for 180 days would not suffice today, where unlimited storage is the norm. When questioned by Mel Watt (D-NC) regarding "horror stories of confusion," Jim Dempsey, Center for Democracy and Technology's VP for Public Policy added,
A handful of recent court cases deal with problems in the ECPA. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days. Every one of us probably has five, six, maybe 10 years of e-mail stored.
This is the first in a long line of hearings regarding this issue while groups continue to work with Congress to turn tough technological language into visionary legislative language. In the meantime, we need to make sure ECPA is updated for the present as well as for the future!