When Congress passed the Electronic Communications Privacy Act in 1986, the Internet was still in its infancy. Google was just an absurdly big number most people had never heard of. And Apple’s Macintosh Plus computer had a whopping 1MB of memory and retailed for $2599. Back then, if an email had to be sitting in a server for more than 180 days, there was a good chance the account was abandoned.
Since then, everyone knows that important emails can sit filed away in servers for years. Increasingly more of our private lives are being lived out in the digital space through tweets and text messages. And we have learned that the National Security Agency has been gathering a huge trove of Americans’ private emails and phone call metadata.
Surely by now, almost 30 years later, Congress has acted to update ECPA and implement safeguards to keep government agencies from searching through our data as they please?
That would be a no – at least not yet. ECPA is still on the books, and even though it was created long before anyone could conceive of Google, Facebook, or smartphones, it currently governs how law enforcement is able to access our Google docs, Facebook messages, and emails. The real-life ramifications of this are chilling, as law enforcement can search personal data like emails or information on cloud computing services that is more than 180 days old using an administrative subpoena – which requires a much less rigorous standard than a warrant.
This afternoon, Senators [mc_name name=’Sen. Orrin Hatch (R-UT)’ chamber=’senate’ mcid=’H000338′ ] (R-UT), Chris Coons (D-DE), and [mc_name name=’Sen. Dean Heller (R-NV)’ chamber=’senate’ mcid=’H001041′ ] (R-NV) introduced the Law Enforcement Access to Data Stored Abroad (LEADS) Act to address outdated laws like this one. It seeks to set up an improved legal framework for the digital age that balances the needs of law enforcement agencies to access electronic communications with the individual’s right to privacy.
The LEADS Act would bring much-needed reform by doing several key things. First and foremost, it would require a warrant to access stored content regardless of how old it is. It would also affirm that warrants under ECPA do not extend extraterritorially (with an exception for content of U.S. citizens and residents stored outside of the country). Both of these provisions send a clear message that countries should not impose data localization requirements, meaning we would have a clear, consistent system for responding to data requests from foreign governments. They also ensure that your personal information is indeed private in a meaningful way.
In the LEADS Act, which died once in committee last term, Congress has an opportunity to dramatically bolster privacy rights and civil liberties. It has strong bipartisan support and would undoubtedly bolster an already thriving online world that emerged apart from international borders. Privacy is not an “us versus them,” issue, it’s a fundamental American right – both for your inbox and your mailbox.