Momentum Builds for Reform of Electronic Communications Privacy Act

leave a comment

Business, legal, and academic leaders urged reform of the Electronic Communications Privacy Act (ECPA) during hearings last week before the Senate Judiciary Committee and a Subcommittee of the House Committee on the Judiciary. Enacted in 1986, the ECPA regulates government access to citizens’ electronic communications while seeking a balance between the demands of law enforcement and privacy protection. A broad coalition of interests, spearheaded by the group Digital Due Process, has been advocating ECPA reform because of the staggering changes in electronic communication since 1986, including the growth of email and cloud computing.


Email

Senator Patrick Leahy (D-VT) highlighted in his opening statement that “a single e-mail could be subject to as many as four different levels of privacy protections under ECPA.” Brad Smith, General Counsel for Microsoft, eviscerated the arbitrary legal standards in a serious of rhetorical questions during the Senate Judiciary Committee hearing:

“Why should email in someone’s inbox be treated different from something in someone’s sent folder?” asked Smith. “Why is something unread in my junk folder subjected to greater privacy than something read in my inbox? Why does an email I sent in April have fewer privacy protections than one I sent in September?”


Cloud Computing

Internet users are increasingly storing important photos, documents, emails, and more online in the “cloud.” Businesses are also looking at the cloud as a cost-effective storage system. Edward Felten, Professor of Computer Science and Public Affairs at Princeton University, described the cloud in his testimony before the House committee as “rather than keeping the only copy of your data on your own computer, you rent computing resources from a service provider, and that provider keeps the primary copy of the your data.”

But the ECPA could never have predicted the growth of online storage in 1986. Michael Hintze, Associate General Counsel for Microsoft, summarized the problem for the House Subcommittee:

“When law enforcement officials seek data or files stored in the cloud, such as Web-based email applications or online word processing services, the privacy standard that is applied is often lower than the standard that applies when law enforcement officials seek the same data stored on an individual’s hard drive in his or her home or office.”


A Potential Solution

Digital Due Process has proposed that electronic communication such as email be disclosed “only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage, or the provider’s access to or use of the communications in its normal business operations.”

While no one expects Congress to reform the ECPA in the very near future or as precisely as Digital Due Process would hope, there is growing consensus among academics, businesses, legal advocates, and political leaders that the status quo is unacceptable.

Written by

September 27th, 2010 at 11:34 pm

Leave a Reply

Search the Blog