The 21st century has brought us technological innovations like smartphones, tablets, wearable devices, and the millions of apps that permeate nearly every facet of our lives. Cloud computing has allowed American app developers to reach consumers across the globe, and their businesses thrive on the ability to securely access, share, and store the 2.5 quintillion bytes of data created by users daily. Unfortunately, the Electronic Communications Privacy Act (ECPA), the statute governing law enforcement’s access to stored data, was written long before the advent of the internet and cloud computing. Most importantly, the law does not outline when and how law enforcement can access data stored abroad for criminal investigations. As companies increasingly store data on servers around the world, app developers and businesses of all sizes face serious uncertainties in their operations and success. To combat these challenges, ACT | The App Association’s members have lent their voices in a variety of ways to urge Congress to make updates to ECPA that would help law enforcement keep Americans safe and technology companies grow and create jobs.
In April, 50 executives from app companies gathered in Washington for AppCon, the App Association’s annual conference, to advocate for issues that impact the American app developer community. Through more than 120 meetings with their congressional representatives and senators, our members shared their stories about the legal and financial challenges ECPA’s ambiguity creates, and encouraged support for legislation modeled after the International Communications Privacy Act (ICPA). ICPA would allow our members to operate and grow overseas, while providing legal clarity regarding law enforcement’s access to data stored abroad.
In May, our members kept up their drumbeat, and sent a petition to the Senate Judiciary Subcommittee on Crime and Terrorism ahead of their hearing on law enforcement access to data. The petition urged Senate Judiciary staff to modernize ECPA, and clarify lawful access to data through legislation modeled after ICPA. With support from app companies across the country, the petition showed how ECPA has impacted American app companies businesses everywhere, and left them with a hard decision of cooperating with U.S. law enforcement requests or abiding by foreign laws. By providing clear rules that outline when U.S. law enforcement can access data stored abroad in a manner that avoids conflict with other jurisdictions, Congress can help app and technology companies focus their energies on creating new products, engaging customers overseas, and creating more jobs at home.
Following the petition, several member companies shared their voices through op-eds to highlight the issue for Members of Congress, as well as app developers, app users, businesses, and consumers unfamiliar with lawful access challenges. Charlotte Tschider, owner of cybersecurity firm CyberSimpleSec and law professor in Minneapolis, penned an op-ed to outline the government, privacy, and business perspectives of lawful access to data. Her op-ed also noted the economic challenges to U.S. companies, especially the missed business opportunities, stemming from foreign concerns over the ambiguous authority ECPA gives U.S. law enforcement over their data. Separately, Jeff Hadfield, app developer and owner of Salt Lake City’s 1564B, authored an op-ed to emphasize the threat ECPA’s ambiguity poses to Utah’s tech renaissance, especially local businesses exploring markets overseas. Utah Senator Orrin Hatch, co-author of ICPA, later read excerpts from Mr. Hadfield’s op-ed on the Senate floor to emphasize the importance of this issue for tech companies in Utah, and the United States at large.
In June, the App Association led twelve other industry associations, including BSA | The Software Alliance, Internet Association (IA), and National Association of Manufacturers (NAM) on a letter to the House Judiciary Committee expressing unified support for legislation modeled after ICPA. Together these groups represent companies of all sizes, from a three-person app development company in Alabama to global tech and manufacturing giants with thousands of employees, that face challenges when storing data overseas.
Uncertainty regarding law enforcement access to data impacts technology companies across the United States, and is an issue the App Association will continue fighting on behalf of our members. Underscoring the need for Congress to act quickly are several court cases dealing with U.S. investigators’ access to data stored overseas. Most recently, the Department of Justice (DoJ) filed a petition for certiorari with the U.S. Supreme Court, requesting that it review the Second Circuit’s decision. In that case, the Second Circuit sided with Microsoft in its determination that U.S. warrants for communications content do not extend to data stored overseas. Unfortunately, a ruling by the Supreme Court one way or the other in this case will only partially solve the problems our member companies encounter under current law. A more complete solution is needed to both avoid legal conflicts and provide modern, reasonable authorities for law enforcement to access certain data stored overseas.
If conflicts between U.S. and foreign data access laws continue, we risk quietly killing our most productive businesses and stifling our fastest-growing, most innovative sectors. We will continue pushing Congress to adopt legislation like ICPA that would establish a process for quick law enforcement access to global evidence, protect consumer privacy, and set clear guidelines for companies storing data overseas. Our members deserve laws that match and support their incredible innovations, and we will help keep up their advocacy drumbeat to encourage Congressional action.