There is no better day in 2013 to focus on the need to reform the Electronic Communications Privacy Act (ECPA) than today, Jan. 28, Data Privacy Day.  There is much talk about privacy legislation in this new Congress. No current law is as outdated and in need of reform than ECPA, and no proposal enjoys such a level of broad support among industry and consumer advocates alike.

Originally enacted in 1986, ECPA is failing miserably to provide a legal framework for the 21^st Century. Back in the mid-80s, electronic communications were quite different than they are today. Email didn’t even exist, let alone “cloud-based” email. One example of how the current law fails protect citizen’s privacy in the current era: Google‘s Transparency Report, released last week, which highlights the steady increase in government requests for users’ data.

Notably, the Report breaks out the types of requests that Governments entities use when compelling the company to hand over users’ information.  In summary, 68 percent of the requests Google received from government entities in the U.S. were made through subpoenas. These are requests for user-identifying information, issued under ECPA, and they are the easiest to get because they typically don’t involve judges. Only 22 percent were through ECPA search warrants. These warrants are, generally speaking, orders issued by judges under ECPA, based on a demonstration of “probable cause” to believe that certain information related to a crime is presently in the place to be searched.

The conclusion here is very clear, and very disturbing.  The privacy playing field is not level; and it’s a concern for citizens and companies alike.  If government entities want to access your email and communications on your computer in your house, they need to get a warrant, but if they want to access the same information stored remotely by a company like Google, Facebook or others, the standard is MUCH lower.  That’s not good for citizens, and it’s not good for the continued technological evolution towards “cloud computing,” and therefore it’s an impediment to innovation and economic growth.

Support for ECPA reform is extremely broad.  The Digital Due Process Coalition represents a diverse set of nearly 80 privacy advocates, major companies, industry trade associations, and think tanks working together to ensure that private electronic correspondence stored with an Internet company in the “cloud” receive the same protection afforded letters, photos and other private material stored in a drawer or filing cabinet, or on a computer at home.

As a result of this outpouring of support for ECPA reform, there was substantial progress in 2012.  As one of the final acts of the last Congress, Senate Judiciary Chairman Patrick Leahy (D-VT), the champion of legislation to reform ECPA in the last Congress, won approval of his proposal by the Committee in November.  In a nutshell, the law would require law enforcement officials to get a search warrant from a judge in order to obtain content from a communications service provider that holds private electronic messages, photos and other personal records, like Gmail or Facebook. This means having to show the court there is probable cause to believe that the sought-after records may reveal evidence of wronging.

While the clock ran out on the last Congress before the proposed ECPA fix could be enacted, Sen. Leahy has deemed this one of his top priorities for 2013, and House Judiciary Chairman Bob Goodlatte (R-VA) has indicated he will consider this issue this year, too.  So Congress has one clear privacy priority for 2013, and that’s to pass this long-overdue update to ECPA to level the playing field for online communications.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

In a briefing convened by the Congressional Privacy Caucus last week, co-chairs Ed Markey (D-MA) and Joe Barton (R-TX) explored the roles of “data brokers,” along with two chief regulators from the FTC, Chairman Jon Leibowitz and Commissioner Julie Brill. The briefing and discussion was wide-ranging, and if anything, it seemed to raise more questions than provide answers.

If there was one single over-arching takeaway for me, it was that there exists a very complex data ecosystem that includes consumers, businesses and governments, and it’s increasingly difficult to label entities for purposes of creating new laws and regulations. Following is a summary of key themes I took out of this briefing:

(1) There’s no broad agreement on the definition of “data broker.” The discussion did not include a clear articulation of what the lawmakers and regulators believe to be a data broker definition of exactly what is a “data broker,” which seems to be the key question before deciding on new policies. The best articulation was “an entity that collects data but which has no intersection w/ consumers directly.” While this may make sense on the surface, it quickly breaks-down when moving forward to craft rules for data brokers, because it clearly leaves open a wide range of entities that openly characterize themselves as brokers but also provide for direct interaction with consumers.

I wish we could put any discussion about new policies on hold until we can at least clearly know what we’re talking about as a “data broker.”

(2) It’s the “use” stupid. I was constantly reminded of the old refrain, “it’s the economy, stupid,” the now infamous phrase that explained ultimately why Bill Clinton would ultimately be elected President in 1992. If there is one thing that seems to enjoy broad agreement around data privacy, it’s that it is more important — and useful— to look at how a data is used, and the potential for harm, than it is to single out ill-defined entities and try to craft specific legal and regulatory roadmaps for their behavior. While, this was my takeaway and was surely shared by many other present at the briefing, it is the opposite of what leading lawmakers and regulators are thinking.

(3) The FTC will maintain a steady focus on “data brokers.” Regardless of the challenge in clearly defining data brokers, the FTC is sure they don’t like ‘em. As clearly articulated by Commissioners Leibowitz and Brill, the FTC will maintain a heavy focus on “data brokers” – as was a unanimous recommendation from the FTC’s Privacy Paper issued earlier this year. While they did recognize there are significant benefits provided by “data brokers,” they made the following pronouncements: (1) much more needs to be done on the transparency front, (2) industry needs to do more to articulate existing transparency mechanisms; and (3) the Commission is exploring “what can and should be done beyond merely enforcement” of existing laws.

(4) Reps. Markey and Barton will focus this conversation on children, then expand – As the bipartisan team leaders for increased privacy protection for consumers, Reps. Markey and Barton reiterated their commitment to continue moving forward with all deliberate speed in the next Congress, reintroducing their Do Not Track Kids Act (H.R. 1895) and promising to sign-on even more than the 45 cosponsors from the current bill. . While that is surely no surprise to anyone, they went further to effectively outline their strategy to use the conversation on children’s privacy, expand the current age qualification in COPPA, and use this as a gateway to adopting privacy laws more broadly beyond children.

(5) Transparency and industry leadership are key – Another theme that keeps coming up is the need for greater transparency and industry leadership in this area. Similar to the ongoing discussions regarding “mobile transparency,” industry can and will surely continue to improve practices in this area, or we’ll be building the case for regulators and legislators to step in.