A long, long time ago in a chamber not far away, congressional leaders enacted a law that would impact the fate of our most treasured communications for decades to come. Today, we seek the help of the Senate to reform these outdated laws – they are our only hope.
In 1986 in the heart of our nation’s capital, Members of Congress enacted the Electronic Communications Privacy Act (ECPA) to establish due process requirements on law enforcement requests for electronic communications. The law imposed different requirements to access electronic content stored for less than 180 days than for the same content stored for longer. At the time, our congressional leadership could not predict the advent of cloud computing or the significant role emails and stored communications play in our lives. However, more than thirty years later, the law remains the same, even though our technologies have evolved at warp speed.
Because this three-decades-old law has not been updated, emails, messages, and other content stored electronically are treated differently in the eyes of law enforcement than tangible communications data stored in a file cabinet. The rules that would normally require a judge to prove probable cause before issuing a warrant to access physical documents do not apply to electronic communications older than six months. Instead, access to these electronic communications only requires a prosecutor-issued subpoena. Very different requirements for the very same information.
Imagine this. Princess Leia is fleeing Empire agents with valuable blueprints that hold the key to destroying Darth Vader’s Death Star. A quick-thinking woman, Leia emails a photo of the plans to herself for safekeeping. She evades the agents for more than half a year, but is finally approached by law enforcement to hand over the plans to assist their investigation of efforts to subvert the Empire’s reign. Under ECPA, the agents would need to prove probable cause before a judge issues a warrant to legally retrieve the physical Death Star plans. However, they would only need a prosecutor to write a subpoena to obtain the same plans included within Leia’s email. Therein lies the problem.
We may not live in a Star Wars universe, but ECPA still applies in this galaxy, in this nation. The Galactic Senate cannot help us modernize outdated data access laws, but the U.S. Senate can.
We urge the U.S. Senate to consider the Email Privacy Act (H.R. 387/ S. 1654), which would update ECPA to better align with modern privacy expectations. Specifically, the legislation would establish a warrant standard for government access to data that treats all information equally, regardless of where, how, and how long the information is stored. The bill also limits the use of blanket gag orders that have no expiration date and allows order recipients to notify the target of an investigation about the request for data – with some exceptions. Most of all, the Email Privacy Act would establish clear rules around lawful requests for information for criminal investigations and explain businesses’ responsibilities and expectations under the law. This bill would help restore faith in consumer privacy and the preservation of consumer data.
The work to update lawful access laws does not have to be an epic battle. This year, Congress secured a victory by passing the Clarifying Lawful Overseas Use of Data (CLOUD) Act to establish a framework to address conflicts in U.S. and foreign governments’ data access laws. Last year, the House unanimously passed the Email Privacy Act to establish uniform warrant for content rules. Now is the Senate’s time to shine.
This May the Fourth, we thank Senators Patrick Leahy, Dean Heller, Jeanne Shaheen, Steve Daines, Richard Blumenthal, and Cory Gardner for their leadership in introducing the Email Privacy Act in their chamber, and we urge all Senators to pass this important privacy legislation in our modern, digital world. This bill needs your vote – you’re our only hope.