There is no better day in 2013 to focus on the need to reform the Electronic Communications Privacy Act (ECPA) than today, Jan. 28, Data Privacy Day. There is much talk about privacy legislation in this new Congress. No current law is as outdated and in need of reform than ECPA, and no proposal enjoys such a level of broad support among industry and consumer advocates alike.
Originally enacted in 1986, ECPA is failing miserably to provide a legal framework for the 21st Century. Back in the mid-80s, electronic communications were quite different than they are today. Email didn’t even exist, let alone “cloud-based” email. One example of how the current law fails protect citizen’s privacy in the current era: Google‘s Transparency Report, released last week, which highlights the steady increase in government requests for users’ data.
Notably, the Report breaks out the types of requests that Governments entities use when compelling the company to hand over users’ information. In summary, 68 percent of the requests Google received from government entities in the U.S. were made through subpoenas. These are requests for user-identifying information, issued under ECPA, and they are the easiest to get because they typically don’t involve judges. Only 22 percent were through ECPA search warrants. These warrants are, generally speaking, orders issued by judges under ECPA, based on a demonstration of “probable cause” to believe that certain information related to a crime is presently in the place to be searched.
The conclusion here is very clear, and very disturbing. The privacy playing field is not level; and it’s a concern for citizens and companies alike. If government entities want to access your email and communications on your computer in your house, they need to get a warrant, but if they want to access the same information stored remotely by a company like Google, Facebook or others, the standard is MUCH lower. That’s not good for citizens, and it’s not good for the continued technological evolution towards “cloud computing,” and therefore it’s an impediment to innovation and economic growth.
Support for ECPA reform is extremely broad. The Digital Due Process Coalition represents a diverse set of nearly 80 privacy advocates, major companies, industry trade associations, and think tanks working together to ensure that private electronic correspondence stored with an Internet company in the “cloud” receive the same protection afforded letters, photos and other private material stored in a drawer or filing cabinet, or on a computer at home.
As a result of this outpouring of support for ECPA reform, there was substantial progress in 2012. As one of the final acts of the last Congress, Senate Judiciary Chairman Patrick Leahy (D-VT), the champion of legislation to reform ECPA in the last Congress, won approval of his proposal by the Committee in November. In a nutshell, the law would require law enforcement officials to get a search warrant from a judge in order to obtain content from a communications service provider that holds private electronic messages, photos and other personal records, like Gmail or Facebook. This means having to show the court there is probable cause to believe that the sought-after records may reveal evidence of wronging.
While the clock ran out on the last Congress before the proposed ECPA fix could be enacted, Sen. Leahy has deemed this one of his top priorities for 2013, and House Judiciary Chairman Bob Goodlatte (R-VA) has indicated he will consider this issue this year, too. So Congress has one clear privacy priority for 2013, and that’s to pass this long-overdue update to ECPA to level the playing field for online communications.
David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.