After years of trying, Congress may finally be set to update the laws surrounding the privacy of emails to the 21st Century. For the second consecutive Congress, the House has passed the Email Privacy Act by an overwhelming bi-partisan majority. After constant and inexplicable delays, perhaps this can be the year that basic due process protections for our online emails and files can make it into law.
The Email Privacy Act addresses a basic flaw in the Electronic Communications Privacy Act of 1986 (ECPA). Ironically, ECPA was designed, as its name indicates, to strengthen legal due process with respect to electronic data and communications. The goal, of course, was to bring legal protections up to date with modern technology at the time. But the law was more protective of communications in transit than of data at rest, especially with respect to third-party data storage.
The actual text of ECPA (18 U.S. Code § 2703) provides the means for government agencies to demand that any “remote computing service” cough up “the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days” via administrative subpoena. In English, this means that your communications and data stored external to your computer, like in Gmail, Dropbox, or any other cloud service, can be demanded by the feds without a warrant (and without you being notified), so long as the requested files are over 180 days old.
In 1986, this provision wasn’t a huge deal because the modern web didn’t exist. Data storage was expensive, so most computer users stored their email and other files on their own hard drives. In the present day, tens of millions of people routinely store years worth of their communications and personal files alike on third-party cloud servers. The lack of a basic warrant requirement to access these is an insane breach of privacy.
The need to reform ECPA is so completely self-evident, in fact, that the House of Representatives passed the Email Privacy Act by a vote of 412-0 in 2016. Yet it went nowhere in a Senate preoccupied by the upcoming election, despite bi-partisan support for ECPA reform in that chamber.
Part of the hesitancy in passing ECPA reform has been protests from executive agencies like the Securities and Exchange Commission that they need the ability to quickly grab documents as part of their investigations into various regulatory and criminal offenses. But there is a simple reply: Get a warrant. Court orders don’t take a ton of time to get if there is probable cause. Outside of emergency situations, the system isn’t supposed to make violating the privacy of people’s files and communications easy or convenient.
But a new Congress means a fresh start, and the Email Privacy Act has not only already been reintroduced by original sponsors Rep. Kevin Yoder and Rep. Jared Polisbut has already passed the House again, by an easy voice vote.
A great start. Now, in the spirit of “better late than never,” the Senate should take up the bill as soon as the major nomination crunch is over and send it to President Trump’s desk.
This article originally appeared on Conservative Review.
Add comment