WebProNews

Tag: ECPA

  • Google, Facebook And Others Are Fighting To Protect Your Email Privacy

    Remember the ECPA? The bill, and others like it, would require government officials to obtain a warrant before requesting emails and other communication data from any Internet service provider. Some in government don’t like that proposed requirement very much, and are now fighting against it.

    The Hill reports that the Justice Department and the SEC have formally asked the Senators working on the privacy bill to exempt them from the warrant requirement. Currently, both agencies can issue a subpoena to acquire the information they want. They argue that being forced to obtain a warrant would impede investigations as they lack warrant authority in civil investigations.

    That argument isn’t going over well with civil liberty groups and Internet companies. In fact, Google, Amazon, Facebook and others have submitted a formal rebuttal to the Justice Department’s and SEC’s demands saying that exempting them from the warrant requirement would impact personal privacy:

    “Personal privacy would suffer, and the potential for government abuse would expand dramatically, because an individual or company whose records were sought would have no opportunity to object. This would turn civil proceedings into fishing expeditions at a huge cost to individual privacy and the confidentiality of proprietary data.”

    So, what about the government’s lack of warrant authority in civil cases? The tech companies say that the government can issue subpoenas to the individuals or companies that are being investigated. They argue that a targeted subpoena is succifient as it allows the defendant to make a decision as to which documents should be withheld. If the government were to issue a subpoena to a service provider, the tech companies say that they “would be forced to turn over all of the information in the target’s account, even if irrelevant to the subject of the investigation or legally privileged, since the service provider would be in no position to make a judgment about what was privileged or relevant.”

    Like all other post-PRISM privacy debates, it seems a little silly to see the government arguing against warrant requirements when it has a warrantless surveillance system in place. Granted, PRISM is primarily, but not always, used in the investigation of foreign individuals, but it’s still offensive to see the government arguing for less oversight. President Obama and other lawmakers have said that any government data collection is subject to strict scrutiny, but this latest argument from the SEC and Justice Department shows that the government wants the opposite.

  • Texas Kind Of Protects Your Email Privacy With New Law

    Before the NSA leaks, everybody thought the worst the government could do was obtain your email without a warrant. Well, they can still do that, but Texas has just made it harder for local law enforcement to do the same.

    Ars Technica reports that Texas Gov. Rick Perry has signed into law a bill that requires local and state law enforcement to obtain a warrant when snooping through email. The law is the first of its kind as no other state has tried to stop the warrantless email snooping that came to light last year with the ECPA debate.

    For those unaware, the Electronic Communications Privacy Act, or ECPA, is a 1986 law that allows law enforcement to obtain emails without a warrant. More specifically, the law only requires a subpoena if the email in question has already been opened, or if it’s 180 days old. There have been numerous attempts in Congress to pass an ECPA amendment that would require federal officials to obtain warrants when snooping through emails, but chances of passage don’t look good.

    Without a revision to federal law, the Texas bill lacks any real bite. Sure, it protects emails from the snooping of state and local police, but it doesn’t apply to federal agents. Those same state police work hand-in-hand with federal agents on a variety of cases so it’s not hard to see how state police could exploit that loophole by having somebody in the FBI obtain emails for them.

    Even worse, a revision of federal law might not stop anything. It was recently revealed that the NSA gathers tons of information, including emails, from online service providers. Google, Facebook and others have all denied the claims, and even released transparency reports to prove that the government is going through the proper channels. It still doesn’t change the fact that many people can’t trust the government or the secret FISA courts anymore.

    In short, Texas gets an A for effort. It’s a nice gesture, but it probably won’t accomplish anything.

    [Image: jmtimages/flickr]

  • Sen. Rand Paul Introduces Online Privacy Protection Bill

    There’s not a lack of online privacy protection bills floating around Congress at the moment, but it can’t hurt to have one more.

    On Thursday, Sen. Rand Paul introduced the Fourth Amendment Preservation and Protection Act, or S. 1037, to the Senate. Like other bills before it, the proposed legislation aims to require law enforcement to obtain warrants when accessing any kind of personal information online, including email, chat logs, online bank accounts and more.

    Paul said that his bill will “reassert Fourth Amendment protections” online:

    “Congress has passed a variety of laws that decimate our Fourth Amendment protections. In effect, it means that Americans can only count on Fourth Amendment protections if they don’t use email, cellphones, the Internet, credit cards, libraries, banks or other forms of modern finance and communications.

    Basic constitutional rights should not be invalidated by carrying out basic, day-to-day functions in a technologically advanced world, and this bill will provide much needed clarity and reassert Fourth Amendment protections for records held by third parties.”

    Paul’s bill enters the Senate only a month after the Senate Judiciary Committee approved Sen. Patrick Leahy’s Electronic Communications Privacy Act Amendments Act of 2013. Unlike Leahy’s bill, however, Paul’s bill would ensure all online data held by third parties is protected by the Fourth Amendment.

    In a perfect world, Paul’s bill would join forces with Rep. Zoe Lofgren’s Online Communications and Geolocation Protection Act to create powerful Fourth Amendment protections for all.

    Unfortunately, we live in a world where Congress is content to put a bandaid on a bullet wound. In other words, we’re probably going to get a bill that requires a warrant when obtaining emails, but only under very limited circumstances. The majority of your personal data stored online would still be subject to warrantless searches.

    [h/t: The Hill]

  • Justice Department Says It May Support Email Privacy Bill

    In the debate over email privacy, law enforcement has usually been on the side claiming a warrant requirement when accessing email would impede investigations. It’s a good sign then when the largest law enforcement agency – the Department of Justice – comes out in support of a warrant requirement.

    The Hill reports that Attorney General Eric Holder told the House Judiciary Committee that the Justice Department would be in support of legislation that requires law enforcement to obtain a warrant before accessing email. His support gives a major boost to those who want to update the ECPA – a decades old bill that allows law enforcement to obtain emails without a warrant as long as said email is more than 180 days old.

    Of course, Holder did have some reservations. He said that any update to the ECPA should include exemptions for “certain very limited circumstances.” For example, he said that law enforcement agencies shouldn’t have to obtain a warrant for civil investigations.

    It was encouraging, however, to hear that Holder is in support of “the general notion of having a warrant to obtain the content of communications.” It’s only slightly less encouraging to think that his idea of exemptions may cut our large swaths of the bill, thus making it less effective.

    If the Justice Department truly is in favor of updating the ECPA, it will be interesting to see which one it comes out in favor of. Many hope that it would support Rep. Zoe Lofgren’s bill – The Online Communications and Protection Act. It’s a far reaching bill that not only requires a warrant before accessing email and other online communications, but also requires a warrant when accessing any geolocation data from mobile device carriers.

    Lofgren’s bill may be too far reaching for the Justice Department though. It may instead opt to back something like the ECPA Amendments Act of 2013, a bill from Sen. Patrick Leahy that only requires law enforcement to obtain a warrant when accessing email. It says nothing about geolocation data.

    Regardless, the Justice Department’s support may not even be enough to pass anything this soon. Both the House and the Senate are wrangling with other issues at the moment, and it looks like ECPA reform has been put on the back burner yet again.

  • Senate To Take Up Email Privacy Bill Today

    UPDATE: And it passed.

    Last week, Sen. Patrick Leahy said that the Senate Judiciary Committee would be marking up an update to the Electronic Communications Privacy Act. The decades old bill allows law enforcement to obtain emails without a warrant as long as said email is 180 days old.

    The Hill reports that both the Senate and the House will be taking up their respective email privacy bills today. The Senate Judiciary Committee will be taking a look at Leahy’s bill – S. 607 – that simply requires the police to obtain a warrant when accessing any electronic communication, including email.

    In the original announcement of the mark up, Leahy said that ECPA must be updated to counter concerns over the “growing and unwelcome intrusions into our private lives in cyberspace.” Those concerns certainly came to a head earlier this month when documents obtained by the ACLU revealed that the IRS told its agents that they could obtain emails without a warrant. The agency also said that “Internet users do not have a reasonable expectation of privacy.”

    Since then, IRS Commissioner Steven Miller said that his agency always obtains a warrant before searching emails. Miller also said that his agency never snoops through email during civil investigations. It wasn’t exactly reassuring, but an updated ECPA would ensure that the IRS, or any government agency for that matter, would never be able to obtain emails without a warrant.

    It should be noted that the House will be making a mockery of itself this week by discussing an update to the ECPA after passing CISPA. The House Judiciary Committee will be discussing whether or not the ECPA should be updated to require that law enforcement obtain a warrant before accessing geolocation data. The irony here is that CISPA, in its current form, would allow mobile carriers to share geolocation data with the government without a warrant. Even if the carrier was found in violation of an updated ECPA, it would enjoy full legal immunity under CISPA.

    Even so, we’ll continue to follow both discussions and keep you up to date on any changes. The Senate seems to have made an updated ECPA a priority so we may see a final vote as early as next week. That is, of course, if the Senate doesn’t run into any problems with its current controversial bill – the Marketplace Fairness Act.

  • IRS Tells Congress That It Obtains Warrants Before Searching Emails

    Late last week, the ACLU reported that the IRS probably obtained emails without a warrant. The group came to this conclusion after an agency handbook from 2009 said that Internet users “do not have a reasonable expectation of privacy.” Now the agency is firing back saying it does no such thing.

    The Hill reports that IRS Commissioner Steven Miller was present at a congressional hearing today where Sen. Chuck Grassley grilled the commissioner on the agency’s email policy. Miller said that his agency obtains a search warrant before requesting emails, and even went further by saying that the agency never requests emails during civil investigations.

    Miller also said that his agency follows the ruling set in United States v. Warshak, a Sixth Circuit Court decision that said the government must obtain a warrant before requesting emails from a service provider. The decision is only binding in the Sixth Circuit, but the IRS says it applies the ruling to operations nationwide.

    What’s interesting here is that the documents obtained by the ACLU suggests the IRS does the exact opposite. The documents never explicitly state that the IRS snooped through emails without a warrant, but everything points to this conclusion. Even when taking United States v. Warshak into account, the IRS reportedly said that it only needed to worry about a warrant in the Sixth Circuit.

    Of course, senators brought up this disparity during the hearing. Miller said that his agency will work on clarifying its procedures, but still insisted that it obtained a warrant when snooping through emails. Unfortunately, Miller said that he couldn’t say the same thing for other online communications like Facebook messages, but that’s only because he didn’t know the agency’s specific warrant requirements for these new types of communications.

    Today’s hearing precedes the Senate Judiciary Committee’s planned markup of the decades old ECPA law on Thursday. Currently, the ECPA lets law enforcement obtain emails with only a subpoena if the email in question is over 180 days old. The bill going before Committee on Thursday will require law enforcement to obtain a warrant when obtaining emails and other online communications regardless of its age.

  • Senate Judiciary Committee To Debate ECPA Reform This Week

    ECPA, or the Electronic Communications Privacy Act, has long been in need of an update. The Senate tried last year, but ran out of time. Now it’s a priority and it will hopefully get the time it deserves this week.

    The Hill reports that the Senate Judiciary Committee plans to mark-up Sen. Patrick Leahy’s ECPA amendment on Thursday morning. S.607 would require law enforcement to obtain a warrant when requesting emails as part of an investigation. The current law under ECPA requires a warrant only if the email is less than 180 days old. An older email, or one that’s already been opened, only requires a subpoena under current law.

    Sen. Leahy issued the following statement today in regards to the mark-up:

    “Like many Americans, I am concerned about the growing and unwelcome intrusions into our private lives in cyberspace. I have long believed that our government should obtain a search warrant — issued by a court — before gaining access to our email and other private communications. This week the Senate Judiciary Committee will begin consideration of legislation that I authored with Republican Senator Mike Lee to reform the Electronic Communications Privacy Act to make sure that this occurs, and that the overall privacy protections for our email and other electronic communications are strengthened. Safeguarding Americans’ privacy rights is not a Democratic issue or a Republican issue — it is something that is important to all Americans, regardless of political party or ideology. I hope that all members of Congress share this view and will support this timely and significant legislation that upholds Americans’ privacy rights.”

    Sen. Leahy’s proposed ECPA amendment was introduced in late March, but one event in particular may have forced his hand to push ECPA reform faster than he may have planned. The ACLU obtained a number of documents from the IRS that suggested the agency obtained emails without a warrant, and said that Internet users “do not have a reasonable expectation of privacy.”

    In response, Rep. Charles Boustany sent a letter to the IRS asking the agency to explain its email policy. It’s highly unlikely that the agency would answer all of the questions posed by Rep. Boustany, but it did say that it “treats taxpayers with respect” and “does not use emails to target taxpayers.”

    Sen. Leahy’s bill is a great first step to updating the decades old ECPA, but a House vote this week could be a different first step in making an updated ECPA a moot point. CISPA, a bill that would let companies share you private information with the government, will go to the House floor for a vote this week. If it somehow makes its way into law, it would allow companies to share your emails and much more with the government while enjoying total immunity in the case the government uses that information for anything illegal. Fortunately, the White House has serious reservations, but it didn’t go so far as to issue a veto threat.

    We’ll keep following both ECPA and CISPA as they make their way through the legislature over the coming months. We can only hope that the former makes its way all way through, and the latter is treated to the same ignoble death its predecessor was dealt last year.

  • Congressman Wants The IRS To Explain Itself

    It was revealed earlier this week that the IRS probably digs through your email without a warrant during its investigations. It’s able to do this thanks to the outdated ECPA which allows government agencies to obtain emails that are more than 180 days old. Now one lawmaker wants the IRS to explain itself.

    The Hill reports that Rep. Charles Boustany, chairman of the Ways and Means subcommittee on Oversight, sent a letter to the IRS asking the agency to explain how it obtains emails, and when it thinks it can obtain said emails without a warrant. Boustany asks that the IRS provide the following information by April 26:

  • 1. The IRS’s current policy on searching taxpayer emails, including when it believes it must obtain a search warrant and when it does not.
  • 2. Any internal communications, including memos and guidelines, among and between IRS and Department of the Treasury, regarding changes to the IRS’s policy on searching taxpayer emails.
  • 3. The IRS’s current policy on searching and reviewing taxpayer social media profiles, and any internal memos and guidelines on the matter.
  • 4. What information would the IRS seek in a search of a taxpayer’s online social media profiles?
  • 5. How many times has the IRS searched taxpayer emails and online social media profiles between 2010 and 2013? How many taxpayers have been subject to these searches in this time period?

    • The IRS hasn’t indicated whether or not it intends to answer the congressman’s questions, but it did issue this statement:

    “Our job is to administer the nation’s tax laws, and we do so in a way that follows the law and treats taxpayers with respect. Contrary to some suggestions, the IRS does not use emails to target taxpayers. Any suggestion to the contrary is wrong.”

    It’s important to note that the documents obtained by the ACLU never outright said the IRS obtained emails without a warrant. The agency only said it was possible while saying that Internet users “do not have a reasonable expectation of privacy.” Of course, such statements don’t exactly inspire confidence, and people want to know if the IRS ever did take advantage of the ECPA to obtain emails without a warrant.

    Even if the IRS did access emails without a warrant, it may not be able to do so much longer. Both the House and the Senate are working on laws that would update the ECPA to require a warrant when government agencies wish to access emails.

  • The IRS Doesn’t Think The Fourth Amendment Applies To Your Email

    The IRS runs a number of tax audits each year, and as such, has to obtain information on private citizens. If the information is in a physical format, the agency must obtain a warrant to access it. If it’s stored online via email or other electronic information, there is no such protection.

    In a Freedom of Information Act request, the ACLU obtained a number of IRS documents that explain the agency’s rules in regards to obtaining digital information. Much like other law enforcement agencies, the IRS operates under the ECPA, a decades-old law that allows government agencies to obtain emails without a warrant if said email has been opened or is more than 180 days old.

    So far, all of this is old news. What’s the IRS doing that’s so different from any other agency? In the official IRS search warrant handbook from 2009, the agency’s guideline explicitly states that the Fourth Amendment doesn’t apply to online communications. Here’s the relevant portion of the handbook:

    “…the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.”

    To make matters worse, the IRS Office of Chief Counsel reiterated this line of thinking a year later when they said that the Fourth Amendment does not “protect emails stored on server.” The ACLU points to other documents that imply the IRS is obtaining emails left and right without a warrant all thanks to the ECPA’s outdated definitions.

    It’s no surprise to see the IRS taking advantage of the Fourth Amendment loophole in the ECPA. The surprising part is just how frank the agency is about its data collecting methods. It’s also depressing to see that the agency feels that American citizens “do not have a reasonable expectation of privacy” on the Internet.

    Of course, all of that should have changed in 2010 with the United States v. Warshak, a Sixth Circuit Appeals Court ruling that found law enforcement had violated a man’s Fourth Amendment rights when they obtained his emails without a search warrant. Unfortunately, the IRS feels that it would only need to consider obtaining a warrant when dealing with cases in the sixth circuit. It’s still open season for warrantless email collection everywhere else.

    It’s a little distressing to find that the IRS holds Americans’ Fourth Amendment protections in such low regard, but it’s only foolish at this point to think any government agency actually cares about the Fourth Amendment in regards to online communications. We can only hope that Congress passes one of the many bills it’s proposing this year to reform the ECPA.

  • Rep. Louie Gohmert Thinks We’re Being Scroogled

    Microsoft’s latest, and now retired, Scroogled campaign focused on accusations that Google violates your privacy by screening your emails and serving ads. It’s true that Google does serve ads on emails through a computerized algorithm, but one congressman has bought into Microsoft’s claim.

    During an ECPA hearing this week, Rep. Louie Gohmert was questioning Google’s Richard Salgado about Gmail and privacy. The congressman somehow got it in his head that Google sells private information contained in your emails to advertisers. From there, the conversation slowly devolved into Gohmert asking inane question after inane question with Salgado doing his best to explain that Google doesn’t actually sell information to advertisers while Gohmert insists that it must.

    Anyway, just watch the exchange.

    Email privacy is incredibly important, and Gohmert’s intentions are noble. He obviously wants to protect email from the prying eye of government. Unfortunately, he displays a total lack of understanding of how email and online advertising works.

    What’s interesting is that Salgado, in his written testimony, argued that ECPA should require law enforcement to obtain warrants before accessing private emails. Gohmert completely disregards this testimony as he starts to wonder if Google will start working with the government to scan for keywords, like “terrorism” or “Benghazi.”

    As Salgado says, it’s an apple and oranges situation. The tools that Google provides to advertisers are inherently different to the the tools used by law enforcement. Even if the government did snoop on your email, it wouldn’t be using an advertising algorithm because it wouldn’t return any information. Law enforcement’s goal is to collect data, and Google’s email advertising does no such thing.

    [h/t: TechDirt]

  • Sen. Patrick Leahy Introduces ECPA Reform Bill In The Senate

    The House has been unusually proactive early this year in attempting to pass email privacy protections through an updated Electronic Communications Privacy Act. In fact, the House Judiciary Committee held a hearing this morning to gather testimonies from Google, law experts, and law enforcement on potential fixes for the ECPA. Now the Senate is finally ready to reveal its bill – authored by the lawmaker who helped write the original bill over 20 years ago.

    The Hill reports that Sen. Patrick Leahy and Sen. Mike Lee have introduced the Electronic Communications Privacy Act Amendments Act of 2013 in the Senate today. It doesn’t have quite the same ring as Rep. Zoe Logren’s bill that was introduced in the House earlier this month, but it will accomplish much the same thing.

    In short, Leahy’s bill will require law enforcement to obtain a warrant before accessing private emails or other online online communications. Under current law, law enforcement need only submit a subpoena to obtain emails that are more than 180 days old. What’s more is that the bill would require law enforcement to notify a user that their online communications were under investigation, but the notification requirement can be delayed with a court order.

    “No one could have imagined just how the Internet and mobile technologies would transform how we communicate and exchange information today,” said Leahy. “Privacy laws written in an analog era are no longer suited for privacy threats we face in a digital world. Three decades later, we must update this law to reflect new privacy concerns and new technological realities, so that our Federal privacy laws keep pace with American innovation and the changing mission of our law enforcement agencies.”

    All of this may sound really familiar because it is. Leahy attempted to pass an amendment to the ECPA during the last Congress, but it never went to the floor for a vote before the end of the year. This latest bill gives Leahy a head start on negotiations to hopefully get a bill passed this year.

  • Google’s Richard Salgado Says ECPA Reform Is Needed To Preserve Innovation

    We brought you word yesterday that the House Judiciary Committee would be holding a hearing on the Electronic Communications Privacy Act, or ECPA. One of the people called in to testify is Google’s Legal Director of Law Enforcement and Information Security, Richard Salgado. We weren’t sure exactly which way he would go with his testimony, but it appears that privacy advocates have a friend in Google.

    Google published Salgado’s written testimony to give us an idea of what he will bring to the table this morning during the hearing. Contained therein is an argument for ECPA reform that addresses how we use the Internet today:

    ECPA was enacted in 1986 — well before the web as we know it today even existed. The ways in which people use the Internet in 2013 are dramatically different than 25 years ago.

    In 1986, there was no generally available way to browse the World Wide Web, and commercial email had yet to be offered to the general public. Only 340,000 Americans subscribed to cell phone service, and not one of them was able to send a text message, surf the web, or download applications. To the extent that email was used, users had to download messages from a remote server onto their personal computer, holding and storing data was expensive, and storage devices were limited by technology and size.

    In 2013, hundreds of millions of Americans use the web every day — to work, learn, connect with friends and family, entertain themselves, and more. Data transfer rates are significantly faster than when ECPA became law — making it possible to share richer data, collaborate with many people, and perform more complicated tasks in a fraction of the time. Video sharing sites, video conferencing applications, search engines, and social networks — all the stuff of science fiction in 1986 — are now commonplace. Many of these services are free.

    The distinctions that ECPA made in 1986 were foresighted in light of technology at the time. But in 2013, ECPA frustrates users’ reasonable expectations of privacy. Users expect, as they should, that the documents they store online have the same Fourth Amendment protections as they do when the government wants to enter the home to seize documents stored in a desk drawer. There is no compelling policy or legal rationale for this dichotomy.

    Later in the testimony, Salgado dives into how ECPA reform is needed to preserve innovation and keep everybody on the same page when it comes to the law:

    ECPA worked well for many years, and much of it remains vibrant and relevant. In significant places, however, a large gap has grown between the technological assumptions made in ECPA and the reality of how the Internet works today. This leaves us, in some circumstances, with complex and baffling rules that are both difficult to explain to users and difficult to apply.

    The current complexity can be demonstrated by the requirements to compel production of communications content such as email. ECPA provides that the government can compel a service provider to disclose the contents of an email that is older than 180 days with nothing more than a subpoena (and notice to the user, which can be delayed in certain circumstances). If the email is 180 days or newer, the government will need a search warrant. The Department of Justice also takes the position that a subpoena is appropriate to compel the service provider to disclose the contents of an email even if it is not older than 180 days if the user has already opened it. The Ninth Circuit Court of Appeals has rejected this view.

    In 2010, the Sixth Circuit held in United States v. Warshak that ECPA violates the Fourth Amendment to the extent that it does not require law enforcement to obtain a warrant for email content. Google believes the Sixth Circuit’s interpretation in Warshak is correct, and we require a search warrant when law enforcement requests the contents of Gmail accounts and other services. Warshak lays bare the constitutional infirmities with the statute and underscores the importance of updating ECPA to ensure that a warrant is uniformly required when government entities seek to compel production of the content of electronic communications.

    The inconsistent, confusing, and uncertain standards that currently exist under ECPA illustrate how the law fails to preserve the reasonable privacy expectations of Americans today. Moreover, providers, judges, and law enforcement alike have difficulty understanding and applying the law to today’s technology and business practices. By creating inconsistent privacy protection for users of cloud services and inefficient, confusing compliance hurdles for service providers, ECPA has created an unnecessary disincentive to move to a more efficient, more productive method of computing. ECPA must be updated to help encourage the continued growth of the cloud and our economy.

    If the above is any indication, Salgado will a solid testimony ready for the House this morning. The other party arguing for ECPA reform – George Washington University Law Professor Orin Kerr – will likely have a similar argument. It will be interesting to see what the representatives of law enforcement – who have a vested interest in keeping the ECPA as is – say in response to these privacy proponents.

  • Email Privacy Hearing Set To Go Before The House On Tuesday

    Late last month, House Judiciary Committee Chairman Bob Goodlatte said that reforming the decades old Electronic Communications Privacy Act was a priority for him in 2013. He’s making good on his word by holding a hearing on the hotly debated issue tomorrow.

    The Hill reports that the House Judiciary Committee has announced who will be attending the hearing on ECPA reform tomorrow. We’ll see representatives from the Justice Department and the Tennessee Bureau of Investigation showing up alongside Google’s Richard Salgado and George Washington University Law Professor Orin Kerr.

    It should be interesting to see what Salgado brings to the debate as he is Google’s director of information security and law enforcement matters. He previously served as a federal prosecutor specializing in computer crime as well. His insight into what the ECPA currently allows and whether it should be limited will be worth paying attention to.

    As for Kerr, his work in the field of Internet privacy has been largely influential for proponents of email privacy. His work was even cited numerous times in the 2008 Quon v. Arch Wireless Operating Co., Inc. ruling that said Internet users have a reasonable expectation of privacy in email. The decision was overturned by the Supreme Court, but you can bet that he’s going to be fighting for an ECPA amendment that better protects privacy tomorrow.

    The two law enforcement representatives will most likely argue that ECPA’s current wording is sufficient. When ECPA reform was in the works last year, law enforcement and lawmakers sympathetic to their cause said that requiring a warrant to access emails would be detrimental to investigations.

    This particular hearing, and any held after it, will have an influence on the current ECPA reform bill that was introduced in the House earlier this month. Rep. Zoe Lofgren’s Online Communications and Geolocation Protection Act would amend the ECPA and protect cell phone owners from warrantless tracking. The bill will undoubtedly be brought up by proponents of both sides at tomorrow’s hearing, and will most likely influence changes in the bill going forward.

  • Can States Do A Better Job Of Protecting Online Privacy?

    In cyberlaw, 2012 was defined by the federal government attempting to pass laws that either broke the Internet, or helped protect it. Neither side was successful, however, and the year was marked by a number of defeated laws on both side. Now a new force is attempting to pass similar laws, and it just might have a chance.

    It was reported this week that at least one state is throwing its hat into the digital privacy legislation arena. The move could trigger more states moving forward with their own digital privacy laws to counter any attempts by the federal government to destroy online privacy. Now only one question remains – will it work?

    Do you think the states can succeed where the federal government has failed? Let us know in the comments.

    One of the major threats facing digital privacy is the practice of warrantless location tracking. In essence, a government agency, usually law enforcement, can request your location data through a smartphone without a warrant. This was put to the test last year in a case involving a drug trafficker that was tracked via location data on his cellphone. This data was procured without a warrant, and the defense argued that this was a violation of his Fourth Amendment rights. The Sixth Circuit Court of Appeals rejected this reasoning in a 2-1 decision that said there was no violation:

    “There is no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured pay-as-you-go cell phone. If a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.”

    In other words, the court said that data stored by third parties is not protected by the Fourth Amendment. Under this logic, any information that we own, but is stored by a third party, is open to warrantless search and seizure. This goes beyond location tracking, and into stored digital communication that is transported via third party services like email, cloud storage, etc.

    This is where the federal lawmakers come in. Rep. Zoe Lofgren has been a major proponent of online privacy for many years, and even introduced an email privacy bill last year to amend the decades old ECPA. She unfortunately failed last year, but it back at it again this year with a greatly expanded bill that covers email and location data – The Online Communications and Geolocation Protection Act.

    “Fourth Amendment protections don’t stop at the Internet. Americans expect Constitutional protections to extend to their online communications and location data,” Rep. Lofgren said. “Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect, and would enable service providers to foster greater trust with their users and international trading partners.”

    As its name implies, Lofgren’s bill contains a number of protections for digital communications and location data. Here’s a breakdown of its core tenets:

  • Require the government to obtain a warrant to access to wire or electronic communications content;
  • Require the government to obtain a warrant to intercept or force service providers to disclose geolocation data;
  • Preserve exceptions for emergency situations, foreign intelligence surveillance, individual consent, public information, and emergency assistance;
  • Prohibit service providers from disclosing a user’s geolocation information to the government in the absence of a warrant or exception;
  • Prohibit the use of unlawfully obtained geolocation information as evidence;
  • Provide for administrative discipline and a civil cause of action if geolocation information is unlawfully intercepted or disclosed.

    • There are a number of factors in Lofgren’s favor this time around that could see this particular bill being passed. There are unfortunately an equal number of factors that could easily see this bill defeated, just like all the other ones.

    Do you think Lofgren’s bill can succeed where other proposed federal law has failed? Let us know in the comments.

    Lofgren’s bill aims to change federal law, and as such, has many obstacles on its way to becoming law. There has to be an easier way to enact change, right? That’s what lawmakers in Texas are betting on as it’s become the first state to propose a digital privacy bill.

    It was revealed this week that both the Texas Senate and House have introduced bills that would require a warrant when requesting location data from in-state cellular carriers. The bill also would require these in-state carriers to submit annual transparency reports revealing how many requests for data were made, and from which agencies the requests came from.

    Unlike Lofgren’s sweeping bill, the Texas bills only target geolocation tracking. The bills don’t introduce any kind of digital communication protection clause as that would be too difficult to enforce on the state level. As is the case with state laws, it wouldn’t have any effect on federal agencies’ ability to request data without a warrant. It would only be good enough to protect citizens from data requests coming from in-state agencies and law enforcement.

    So, what’s the big deal then? Why is this so important when the protections are so weak? In this case, it’s all about the idea, and what it represents. A successful passage of this bill would send a message to other states that it can protect their citizens’ digital privacy in a small way. If enough states pass similar bills, it would also send a strong message to the federal government to enact similar laws on the national level.

    The beauty of our government is how the states can influence national decision making. It’s happened in the past, and is still happening today in various other legal arenas. Digital privacy is an important topic, but the toxic environment in Washington has prevented any meaningful reform. We now have a chance to enact change, no matter how small, across the country one state at a time.

    Do you think the states could kickstart a push for federal law reform? Or are the potential protections offered by states enough? Let us know in the comments.

    [Image: jmtimages/flickr]

  • Zoe Lofgren Tries For ECPA Reform Once Again

    Alongside the much needed Aaron’s Law, Internet superhero Rep. Zoe Lofgren has reintroduced her ECPA amendment into the House for consideration. The new bill keeps many of the protections from last year’s ECPA 2.0 Act, but features a few important additions.

    Lofgren announced today that she has introduced the Online Communications and Geolocation Protection Act in the House. As its name implies, this new bill goes beyond what the original ECPA 2.0 Act hoped to accomplish. For one, the fight is no longer restricted to law enforcement snooping through your emails without a warrant as Lofgren is also targeting law enforcement’s ability to obtain smartphone location data without a warrant as well.

    “Fourth Amendment protections don’t stop at the Internet. Americans expect Constitutional protections to extend to their online communications and location data,” Rep. Lofgren said. “Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect, and would enable service providers to foster greater trust with their users and international trading partners.”

    Here’s a breakdown of the core tenets of this new bill:

  • Require the government to obtain a warrant to access to wire or electronic communications content;
  • Require the government to obtain a warrant to intercept or force service providers to disclose geolocation data;
  • Preserve exceptions for emergency situations, foreign intelligence surveillance, individual consent, public information, and emergency assistance;
  • Prohibit service providers from disclosing a user’s geolocation information to the government in the absence of a warrant or exception;
  • Prohibit the use of unlawfully obtained geolocation information as evidence;
  • Provide for administrative discipline and a civil cause of action if geolocation information is unlawfully intercepted or disclosed.

    • One of the things keeping the ECPA 2.0 Act from getting anywhere was that Lofgren didn’t have any co-sponsors. That all changes with this bill as she has managed to rope in Texas Rep. Ted Poe and Washington Rep. Suzan DelBene as co-sponsors. Both seem genuinely excited to be supporting the bill as well:

    “In the past decade, advances in technology and the Internet have dramatically changed the way we communicate, live and work – and in this constantly evolving world, Congress must be a good steward of policy to ensure our laws keep up,” said Rep. DelBene. “When current law affords more protections for a letter in a filing cabinet than an email on a server, it’s clear our policies are outdated. This bill will update privacy protections for consumers while resolving competing interests between innovation, international competitiveness, and public safety.”

    Poe wins the best statement of the day award, however, for rightly pointing out that the Constitution does not change in the face of new technology:

    “As technology continues to evolve and improve, Congress must ensure that the Fourth Amendment rights of our citizens are protected. We live in a much different world than 1986. It’s time for Washington to modernize this outdated legislation to catch up with the times. Technology may change, but the Constitution does not.”

    The addition of geolocation protection should also help Lofgren get a few friends in the Senate. Sen. Al Franken is probably going to introduce his twice defeated Location Privacy Protection Act into the Senate again, and most of Lofgren’s bill would fit snugly with Franken’s legislation. As for the email protections in Lofgren’s bill, it might be able to buddy up with Rep. Bob Goodlatte’s proposed legislation that seeks to modernize the ECPA.

    I wouldn’t suggest you get too excited though. Law enforcement agencies have fought against any and all ECPA reform over the past few years claiming that it would make their jobs harder. It may very well do that, but Americans have an expectation of privacy the extends into the digital realm. The law needs to be updated to keep up with this expectation.

  • Will Congress Finally Pass An Email Privacy Bill This Year?

    An updated Electronic Communications Privacy Act, or ECPA, was a good idea proposed at the wrong time. The amendment would have protected our privacy in online communications, but its proposal at the end of the last Congress ensured its demise. With a new Congress comes a new chance to pass it, and some lawmakers are taking that chance.

    The Hill reports that House Judiciary Committee Chairman Bob Goodlatte has laid out his priorities for 2013, and the ECPA amendment is near the top. He said that Committee will “look at modernizing the decades-old Electronic Communications Privacy Act to reflect our current digital economy.”

    The amendment’s original sponsor in the Senate, Patrick Leahy, is also reportedly on board with trying to pass the bill again. He and Goodlatte will presumably work together to get something passed this time around.

    Do you think the ECPA can pass the House and Senate this year? Should it be a priority? Let us know in the comments.

    So, why is an updated ECPA important again? The original bill was drafted and passed into law in 1986. It’s intent was to protect electronic communications from government surveillance, but it was written with the technology of the late 80s in mind. Email and other electronic communications have evolved and greatly expanded since then. Some lawmakers and privacy proponents think the bill needs a rewrite to address changes in how we communicate online.

    The current ECPA requires law enforcement to simply obtain a subpoena before going through your email. Beyond that, the only limitation is that they can go through emails that have been opened, or those that are more than 180 days old. It’s kind of ridiculous to think that this was acceptable in the late 80s when there were maybe only a few thousand email messages being sent among a handful of people, but it’s unacceptable when there are billions of email messages being sent out everyday.

    That’s why many lawmakers feel that the ECPA needs to be updated, and Goodlatte isn’t the only one in the House working on a solution. California Rep. Zoe Lofgren has been working on her own version of the bill called ECPA 2.0 Act of 2012, but it was killed with the last Congress. Lofgren will probably reintroduce the bill in this year’s Congress, however, and Goodlatte would be wise to back it. It features a number of protections that any person who communicates over the Internet would appreciate:

  • The government should obtain a warrant before compelling a service provider to disclose an individual’s private online communications.
  • The government should obtain a warrant before it can track the location of an individual’s
    wireless communication device.
  • Before it can install a pen register or trap and trace device to capture real time transactional
    data about when and with whom an individual communicates using digital services (such as
    email or mobile phone calls), the government should demonstrate to a court that such data is
    relevant to a criminal investigation.
  • The government should not use an administrative subpoena to compel service providers to
    disclose transactional data about multiple unidentified users of digital services (such as a bulk
    request for the names and addresses of everyone that visited a particular website during a
    specified time frame). The government may compel this information through a warrant or court order, but subpoenas should specify the individuals about whom the government seeks information.

    • Lofgren’s proposed legislation is probably the best version of ECPA we’re going to see. It outright bans the ability of law enforcement to obtain emails through subpoenas, and it holds said law enforcement accountable for its actions. Other proposed updates to the ECPA may require a warrant when obtaining emails, but the accountability rules on law enforcement aren’t as strong.

    Unfortunately, we probably won’t see a new ECPA as long as law enforcement is opposed to it. The bill piggybacked on the VPPA last year and almost made its way to the President’s desk before being killed by the Senate. Why? Senate Republicans were concerned that the bill would “hamper police investigations.”

    Should Lofgren’s ECPA be adopted by the House? Or should a more law enforcement friendly version prevail? Let us know in the comments.

    A law enforcement friendly version of ECPA won’t have an easy ride through Congress though. There’s a lot of conflicting interests involved in passing bills like this with privacy proponents and law enforcement standing on opposite sides of the aisle yelling their demands at lawmakers. In the end, however, it may not even matter if the ECPA is amended or not.

    Kim Dotcom, founder of Megaupload and Mega, recently announced that he would introduce an encrypted email service that would be immune to snooping by law enforcement. If true, an updated ECPA may not matter anymore.

    If the Mega email client goes mainstream, we may even see others start offering similar services. Could law enforcement still access email? Sure, but only email services under U.S. jurisdiction. If that were the case, users may start moving their email accounts to offshore email clients that promise privacy.

    That being said, there’s still a need for an updated ECPA. There should be an expectation of Congress to keep up with developments in technology and legislate accordingly. How can we expect Congress to act on something far more important, like cybersecurity, when it can’t even comprehend something as simple as email?

    Should Congress focus its efforts on an updated ECPA this year? Would services like Mega email pick up the slack if Congress failed to act? Let us know in the comments.

  • Obama Signs Amended VPPA Into Law: Netflix Users Can Now Share Viewing History On Facebook

    In 2012, Netflix spent the year battling a decades old law that said its users couldn’t share what their viewing history on Facebook or social networks. The company started lobbying Congress and its efforts finally paid off with a bill that passed both the House and the Senate. Now the bill is officially signed into law.

    The Hill reports that an updated Video Privacy Protection Act has been signed by President Obama. The updated law allows users of video services like Netflix to share what they’re watching on social networking services. Now Netflix can bask in the joy of creating Facebook apps that have the potential to drive adoption of its services even more.

    The new VPPA is an update to a bill that was crafted in 1988 after Supreme Court Justice nominee Robert Bork’s videotape rental history was published by the Washington City Paper. It was deemed a massive invasion of privacy, and Congress enacted the VPPA to ban the sharing of any video history without the written consent of the consumer in question.

    Of course, you may be concerned about any privacy implications in the new VPPA. Worry not as the bill has two important clauses that should keep your dirty laundry out of the public eye if you so wish. First and foremost, the rental company in question, in this case Netflix, must give users a “clear and conspicuous” option to stop sharing their viewing history. Furthermore, a consumer’s consent to sharing will automatically expire after 24 months unless they renew it.

    All in all, this updated bill sounds pretty good. In fact, the only downside is that Sen. Patrick Leahy’s attached legislation that would require law enforcement to obtain a warrant when snooping through email was removed from the VPPA in the Senate. But hey, why should you care about warrantless surveillance when you can be showing your friends how many movies you watch on Netflix?

  • The FISA Debate Proves That Congress Doesn’t Care About Your Privacy

    Online privacy was a big ticket item in 2012. More and more people are becoming concerned with just how much of their personal lives are available online for everyone to see. In fact, there’s been a push to adopt certain standards like Do Not Track to better protect the privacy of those who use the Internet day in and day out. Of course, in the end, none of that matters.

    You see, there’s a bill currently up for renewal in Congress that doesn’t care one little bit about your privacy. In fact, it revels in the idea that the Fourth Amendment, which protects against unwarranted search and seizure, doesn’t apply to online communication. Now this bill – FISA – is going to be renewed for 2013, and there’s next to nothing you can do about it.

    Should the Fourth Amendment apply to online communications? Let us know in the comments.

    For a bit of background, FISA, or the Foreign Intelligence Surveillance Act, is a bill that was enacted on October 25, 1978. The initial intent of the bill was to outline the powers of domestic spy agencies when collecting information, both physical and digital, on foreign powers. The bill limited the power of spy agencies to collect information on Americans, but all of that changed with the Patriot Act of 2001 and the Protect America Act of 2007.

    Since the expansion of the bill, many people have come to question the true intention of FISA. Some argue that it’s being used to collect information on Americans without a warrant while others argue that’s an important tool in stopping terrorism. Both sides in the argument are right in their own ways, but there are important concerns that FISA needs to address in the digital age.

    Senators brought forth a number of amendments that would directly address these concerns by making FISA more transparent while protecting the privacy of Americans. Sen. Ron Wyden, friend of the Internet, brought forth an amendment that would make the NSA more transparent on how many Americans have been impacted thus far by the warrantless spying program. For their part, the agency claims that there’s no domestic spying program in place, but NSA whistleblowers insist that there is.

    Another amendment was brought forth by Sen. Rand Paul. He calls it the “Fourth Amendment Protection Act.” The amendment would bring Fourth Amendment protections into the digital age as it would protect Americans from having their data pilfered from third parties like telecoms and email providers. Here’s the relevant text from The New American:

    (a) Except as provided for in subsection (b), the government is prohibited from obtaining or seeking to obtain information related to a person or group of persons held by a third-party in a system of records, and no such information or evidence shall be deemed admissible in a criminal prosecution in a court of law.

    (1) “System of records” shall be defined as any group of records from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular associated with the individual.

    (b) The government may obtain, and a court may deem admissible, information or evidence related to a person held by a third-party in a system of records provided that:

    (1) The individual whose name or identification information the government is using to access the information provides express and informed consent to that search; or

    (2) The government obtains a Warrant, upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    In short, Paul’s bill would extend Fourth Amendment protections to things that you “own” in the digital space. Those in law have battled over this issue with some agreeing that things you create online, even status updates and emails, are yours; while others argue that a person has no ownership over something like a “Tweet.”

    Sen. Jeff Merkley proposed an amendment that would make the government release opinions from the secret FISA court that decides on who can be wiretapped and who can’t. Not all rulings would be made transparent, but rather only those that contain important interpretations of FISA so Americans can know how the government is using FISA.

    Finally, Sen. Patrick Leahy, sponsor of the pro-privacy ECPA update, proposed an amendment that would sunset the privacy infringing amendments to FISA after four years. The current renewal up for debate would add five more years onto the amendments, while Leahy’s amendment would decrease that time for three years. It’s not a major improvement, but at least it’s something.

    Do you think these amendments are good additions to FISA? Should any of them be seriously considered? Let us know in the comments.

    Despite their good intentions, none of these amendments will make into the final FISA. The EFF reports that the Senate systematically shot down every one of the amendments on Thursday night. In fact, the amendments were rejected by an overwhelming number of senators on both sides of aisle.

    The Hill reports that Senate Intelligence Committee Chairwoman Dianne Feinstein disregarded many of the amendments claiming that FISA is already subject to “rigorous oversight.” Wyden responded by saying:

    “I think, when you talk about oversight, and you can’t even get a rough estimate of how many law-abiding Americans had their communications swept up by this law … the idea of robust oversight, really ought to be called toothless oversight if you don’t have that kind of information.”

    Feinstein argued back that she has never sen “a government official engaged in a willful effort to circumvent or violate the law” during her time on the Intelligence Committee. She did, however, state that there have been a “few incidents of non-compliance,” but she chalked those up to “human error or technical defect.”

    Putting the final nail in the argument’s coffin, Feinstein pulled out the terrorism card to support the need for an unamended FISA going forward. She said that there have been over 100 arrests of terrorists over the past four years, and said that a number of those arrests were the direct result of surveillance under FISA. To change the way intelligence is gathered would presumably open the U.S. to more attacks.

    It should be noted that FISA is just one part of the digital privacy landscape. The Senate has already approved ECPA, or the Electronics Communications Privacy Act. The bill would require law enforcement to obtain a warrant when collecting emails of domestic citizens. The bill would do nothing, however, if the email was sent from a U.S. citizen to a friend overseas. The NSA has jurisdiction over that and FISA allows them to gather all that information without a shred of transparency. If you believe whistleblowers, the spy agency is even collecting emails sent to friends in the U.S.

    FISA was pushed through Friday in an effort to quickly pass the bill before the bill expired on Dec. 31. The amendments were most likely rejected as the majority of Congress is too focused on the current fiscal cliff negotiations instead of debating a privacy bill.

    Regardless, there will come a time when digital privacy needs to be debated. It should have happened during the FISA debate, but now it must wait until another chance arises. 2013 may just prove to be that chance as more privacy infringing bills will undoubtedly pop up.

    Do you think online privacy is an important issue? Should Congress take it up again in the near future? Let us know in the comments.

  • Law Enforcement Now Wants Wireless Carriers To Store Your Text Messages As Evidence

    Last week, the ECPA amendment that would greatly enhance Americans’ privacy has passed its first hurdle in the Senate. Now the bill will head for a proper vote in the Senate and House next year. If passed in its current state, the bill will force law enforcement to obtain a warrant when snooping through your email. Law enforcement groups wont give up without a fight though, and are even adding other communication methods to the negotiation table.

    CNET reports that law enforcement groups have submitted a proposal to the US Senate asking them to pass a law that would require wireless carriers to Americans’ text messages for two years. The groups argue that text messages, much like email, are increasingly required in criminal investigations.

    What information would be stored under the proposed law? It’s not exactly clear at the moment, but it could go in two directions. Either law enforcement wants access to all of your texts including what you said in them, or they just want the metadata that includes the sender and recipients of the text. My guess is on the former considering law enforcement’s push to have nearly limitless access to Americans’ emails.

    While it sounds like a flagrant abuse of power and an imminent invasion of privacy, the law enforcement groups do have one point that should be considered. There needs to be a standard on if and how wireless carriers store text messages. Among companies, there’s no consensus on how long this data must be stored as some companies keep records for years while others keep no records at all.

    It should be noted that this is just a proposal for now. There’s no telling if the Senate will take it up as an added amendment to the ECPA early next year, but chances are pretty good. Law enforcement really wants the warrant requirement to die, but it may not get that. Setting a standard for how long wireless carriers must hold onto text messages would be a nice consolation prize.

    ECPA is going to be a hot ticket item as the 113th Congress begins early next year. There are going to be a lot more amendments proposed from both sides of the aisle, and it has the potential to get really messy.

    In short, this is one to bust out the popcorn for. It’s gonna be good.

  • ECPA Clears Senate Committee, Will Go To Vote Next Year

    Sen. Patrick Leahy’s ECPA amendment is an important one. It would require the authorities to obtain a warrant before pilfering emails. The current bill allows the authorities to access email with only a subpoena if the email in question is over 180 days old. There was a lot of resistance on the part of law enforcement when the amendment was first brought up, but concerns of privacy won out in the end.

    The Hill reports that the Senate Judiciary Committee voted today in favor of Leahy’s ECPA amendment, privacy protections and all. Leahy expects the bill to go to vote before the Senate and the House next year. He also says that he will negotiate with the House when the bill comes next year to ensure its passage.

    While the committee overwhelmingly voted in favor of the bill, there were a few members who felt the bill doesn’t do enough to provide the tools law enforcement needs to catch criminals. Sen. Chuck Grassley of Iowa voted in favor, but said that the bill will need some work before it goes up for vote.

    It’s noted that Leahy’s ECPA amendment conceded to law enforcement in one area – the time delay allotted to law enforcement before they must inform an individual that their emails were seized. The current ECPA’s time delay is 90 days, but Leahy’s amendment sought to increase the delay to 180 days. Sen. Mike Lee of Utah successfully introduced an amendment that reduced the delay back to 90 days for civil cases.

    Leahy attached the ECPA amendment to another digital privacy bill that will be going before the Senate and House next year – the Video Privacy Act. The proposed changes to the VPPA would allow consumers to share their video history on social networks. Understandably, Netflix has been the biggest proponent of the change since it’s been forced to pay out once before for violating the archaic law.

    If the bill passes, your email will be secure and your Netflix history will be available for posting on Facebook. I call that a win-win situation.

  • Should Law Enforcement Be Required To Obtain Warrants When Snooping Through Email?

    Senator Patrick Leahy was one of the good guys back in September. He was proposing a rewrite to the 26-year-old Electronic Communications Privacy Act that would require the feds to obtain a warrant to read your email. The Justice Department didn’t like that requirement and complained. It looks like it worked as the bill is just a shadow of its former self.

    CNET’s Declan McCullagh reports that Leahy has rewritten his rewrite of the ECPA that would allow law enforcement to obtain full access to your Internet accounts without a warrant. All they would need is a simple subpoena and they could access everything about your digital life with you being none the wiser.

    Should law enforcement be allowed to access your private email with just a subpoena? Let us know in the comments.

    So, what would the bill let authorities do exactly? CNET has a great breakdown of all the new powers:

  • Grants warrantless access to Americans’ electronic correspondence to over 22 federal agencies. Only a subpoena is required, not a search warrant signed by a judge based on probable cause.
  • Permits state and local law enforcement to warrantlessly access Americans’ correspondence stored on systems not offered “to the public,” including university networks.
  • Authorizes any law enforcement agency to access accounts without a warrant — or subsequent court review — if they claim “emergency” situations exist.
  • Says providers “shall notify” law enforcement in advance of any plans to tell their customers that they’ve been the target of a warrant, order, or subpoena.
  • Delays notification of customers whose accounts have been accessed from 3 days to “10 business days.” This notification can be postponed by up to 360 days.

    • The above is already bad enough, but which departments would be able to access your information without a warrant? It’s not just the traditional authorities as the bill states that the Federal Reserve, the Federal Trade Commission, the Federal Maritime Commission, the Postal Regulatory Commission, the National Labor Relations Board, and the Mine Enforcement Safety and Health Review Commission would have nothing stopping them from gaining access to your personal information.

    Would you be okay with multiple federal agencies having access to your private communications? Let us know in the comments.

    As expected, the proposed bill has already generated a lot of controversy once CNET broke the story. What’s interesting, however, is that Leahy is now claiming that the proposed rewrite was just one draft among many. Leahy’s spokesperson David Carle told Forbes writer Kashmir Hill that the CNET report was wrong, and a Senate Judiciary aide sent the following statement to the publication:

    “Senator Leahy does not support broad carve outs for warrantless searches of email content. “He remains committed to upholding privacy laws and updating the outdated Electronic Privacy Communications Act.”

    McCullagh took to Twitter to defend his work, and said that Senate Judiciary aides were telling him on Tuesday that Leahy’s privacy infringing rewrite of ECPA was the one being considered for a vote next week. He attributes Leahy’s change in tune to the already sizable public outcry that has emerged following the piece.

    At this point, it’s hard to tell exactly how different ECPA will look from the original incarnation. Leahy could very well introduce a bill similar to his original rewrite that would make law enforcement seek warrants to obtain access to your email. He could introduce a bill that would seriously infringe upon America citizens’ privacy. It’s too early to tell right now, and the mixed signals being sent by Leahy aren’t helping.

    Leahy’s proposed rewrite will be hitting the Senate next week, but California Rep. Zoe Lofgren is looking to introduce her own ECPA rewrite to the House. It’s called the ECPA 2.0 Act of 2012, and it looks to be a massive overhaul of the ECPA that takes privacy more seriously than Leahy’s original rewrite did. Here’s the main components of Lofgren’s bill:

  • The government should obtain a warrant before compelling a service provider to disclose an
    individual’s private online communications.
  • The government should obtain a warrant before it can track the location of an individual’s
    wireless communication device.
  • Before it can install a pen register or trap and trace device to capture real time transactional
    data about when and with whom an individual communicates using digital services (such as
    email or mobile phone calls), the government should demonstrate to a court that such data is
    relevant to a criminal investigation.
  • The government should not use an administrative subpoena to compel service providers to
    disclose transactional data about multiple unidentified users of digital services (such as a bulk
    request for the names and addresses of everyone that visited a particular website during a
    specified time frame). The government may compel this information through a warrant or court order, but subpoenas should specify the individuals about whom the government seeks information.

    • Not only does Lofgren’s bill require law enforcement to obtain warrants, but it outright prohibits the use of subpoenas to gain access to the account information of multiple users. It protects the privacy of individuals, but it also keeps law enforcement and government accountable for its actions. The rumored rewrite of Leahy’s bill that would only require a subpoena removes all accountability from law enforcement, and would only encourage agencies to act with reckless abandon.

    It’s sad to say, but Lofgren’s bill will probably never see the light of day. The Justice Department and other law enforcement agencies came out in full strength against Leahy’s original rewrite of the ECPA. They claim that requiring warrants would only hurt their ability to catch the bad men doing unspecified bad things.

    The law enforcement lobbying groups will keep any significant reform to privacy bills buried until both sides can come to some kind of compromise. It’s important that law enforcement is able to do their job without any kind of unnecessary impediments, but the privacy of American citizens does not need to be compromised in the process.

    The warrant has worked for over 200 years, and I have no reason to doubt its effectiveness in the digital age. Law enforcement agencies obviously don’t agree which will require some creative thinking on the part of law enforcement, lawmakers and regular citizens (maybe even Reddit) to create a bill that satisfies the needs of all parties in this age of digital communications.

    Do you think the warrant is effective in the digital age? Or do you think law enforcement should have new powers on the Internet? Let us know in the comments.