The Fourth Amendment, “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause,” is the cornerstone of American privacy protection. We agree that the Electronic Communications Privacy Act (ECPA), though forward-thinking in 1986, has become outdated as we head in to 2013.
At the time ECPA was passed, digital storage was expensive. Emails were typically discarded or downloaded within six months of being received, and sensitive material was stored on paper or a local hard drive.
Today, storage is cheap and seemingly endless, so why would you delete an important email already stored in a simple searchable format? In 1986, the ability to share documents with applications like DropBox or Google Docs was non-existent. Now, cloud computing and storage offer flexible access and save businesses money in terms of equipment, while also allowing better reliability and data security.
Unfortunately these digital documents lack long-held privacy safeguards. Email saved in web-based email systems like Yahoo for longer than six months can be accessed with an administrative subpoena, which provides less protection than a warrant. Similarly, no matter what privacy setting you use, sensitive and personal information — photos, private journals, Facebook pages, corporate data, draft reports — shared with third parties like Google and Facebook can be accessible by police without a judge’s approval. All the government has to do is swear it’s "relevant" to an investigation.
Under the 1986 act, which has not received any significant revision since its passage, the warrant requirement to access email expires in 180 days. However, according to the Department of Justice, after six months — or if you opened your email — your warrant protection dissolves immediately into that of a simple subpoena.
If you’ve stored anything in the cloud via a web-storage service like DropBox, Salesforce or Microsoft Azure you have very little protection. The government can compel such companies to produce documents without timely notice to you. This practice not only lacks judicial approval, but also hinders your ability to challenge a subpoena in court.
Cloud services are poised to create new efficiencies for companies. However, because ECPA allows the government to access data without a judicial order and notice to the data’s owner, it discourages storing data in the cloud. Clear, consistent digital privacy protection would bolster cloud computing, which is expected to become a $241 billion business by 2020.
The medium, in this case, should not matter. The content is personal information that deserves full privacy protection consistent with the Constitution. If law enforcement would like to see your electronic documents stored with an Internet company, then they should need a warrant.
We recognize the importance of ensuring that government has the tools required for effective law enforcement, but extending warrant protection to cloud services and email that's more than six months old will not significantly impede investigations. In fact, ECPA is currently comprised of a confusing mix of different standards created by an outdated statute and a variety of federal court decisions. These rules are hard for law enforcement and companies to interpret and often lead to delay and confusion. Legislative reform will create certainty for individuals, companies, and law enforcement alike.
On Thursday, the Senate Judiciary Committee will reexamine an amendment to H.R. 2471 put forth by Sen. Patrick LeahyPatrick LeahyVerizon angling to lower price of Yahoo purchase: report Dem senators call for independent Flynn probe Overnight Cybersecurity: White House does damage control on Flynn | Pressure builds for probe MORE (D-Vt.) that requires a warrant to collect data from a technology companies and individuals. This is the kind of measure all committee members should be able to support without reservation.
We believe email and information stored in the cloud should have the same legal protection as letters or information held by an individual in their home. This is clear, consistent, reasonable privacy protection for the digital age.
It is our hope and expectation that all committee members will oppose any weakening amendments and vote to report the bill with Senator Leahy’s warrant for content standards intact.
Norquist is president of Americans for Tax Reform. Murphy is director of the American Civil Liberties Union’s Washington Legislative Office.
Tags Patrick Leahy