A law that has been coming under fire from tech firms and privacy advocates for years may finally be headed for reform thanks to the new Email Privacy Act.
The Electronic Communications Privacy Act (ECPA) of 1986, is a law that allows Feds to search any electronic communications stored by third-party data banks. In effect, the outdated law means that any emails that are over 180 days old or have been opened are considered to be ‘abandoned.’ ECPA allows for those ‘abandoned’ emails to then be forced out of the hands of the company that is storing them, without the need for a warrant.
While back in 1986, when there was no world wide web and storage space was severely limited that may have been appropriate, for some time now privacy advocacy groups and large tech firms (like Google and Facebook) have been ringing alarm bells. The legislation is out of date and does not fairly represent the modern world – with its almost infinite amount of storage space – and worldwide user base.
When the law was conceived, nobody could have easily predicted the way things are now, with smartphones and internet connectivity being a constant in day to day life. Now that electronic communication saturates every part of life, it is clear that the ECPA gives law enforcement agencies vast, overreaching powers over private data which are not only unfair but can be considered a dangerous violation of privacy.
In 2012, the ECPA Modernization Act started to gain some traction. It was inspired by the 2010 case of US vs. Warshak, when the Sixth Circuit Court of Appeals ruled against the ECPA’s ‘abandoned’ email clause. Citing that third party companies should not have to hand over emails to law enforcement without ‘probable cause’. ECPA Modernization Act sought to make it law that probable cause be a prerequisite for collecting any electronic data stored in third party data banks. These included not just emails, but other types of data like private documents and social networking data.
Fast Forward to four years on, and sadly those reforms to the antiquated ECPA legislation have not yet been passed through Congress, but that may be about to change. On Wednesday, for the first time, the reforms managed to move out of the committee – where it had stalled every time previously. Now called the Email Privacy Act, on Wednesday the bipartisan ECPA reform bill passed by an incredible 419 votes to zero in the House. Meaning that the government’s use of ECPA to unfairly collect electronic communications may finally be numbered.
The Email Privacy Act would put an end to the ECPA’s ‘abandoned’ clause, and like the proposed 2012 Modernization Act would force government agencies to seek a warrant citing reasonable probable cause before being allowed access to any data stored on the cloud. Good news for privacy indeed.
Why the Email Privacy Act is so Important
The reality is that the reform should have come much sooner, with supporters of the reform to the outdated surveillance law claiming that the loophole is used by government agencies thousands of times a day to collect people’s emails without their knowledge. According to documentation acquired by ACLU, for example, the IRS has been using the ‘abandoned’ clause to search for tax discrepancies for years.
Earlier this month, Microsoft also filed a lawsuit against the Justice department for its use of the ECPA. In that case, Microsoft claims that the government often uses ECPA to stop the firm from notifying its users when their data has been requested by a government organisation. Microsoft feels that using the legislation in that way goes against the US constitution.
Now, finally, the tides seem to be changing. On Tuesday, ahead of the winning vote, the technology industry showed that it strongly supports the Email Privacy Act with an open letter to Congress. Google, Microsoft, Twitter, Facebook, and Yahoo were all amongst the signatories which also included privacy advocacy groups from around the US. Add to that the 314 co-sponsors in the House itself and it certainly would appear that this time the bill has the support it needs to go the whole way. At least that is the hope.
Chris Calabrese, who is senior policy director at the Center for Democracy and Technology, and was amongst those who signed the open letter believes that opinion has indeed swayed enough,
“This is the furthest it’s ever gotten. It’s now literally the most popular bill in the House. The political will builds to a point where you need to address it.’
Also amongst the signees is the Electronic Frontier Foundation (EFF) which is part of the Digital Due Process Coalition. That coalition has been pushing for this reform ever since Sixth Circuit’s ruling in U.S. v. Warshak back in 2010. While EFF is happy that this Bill has passed through the house of Representatives and is headed for the Senate, it still has some issues with the bill,
‘While we applaud the passage of H.R. 699, the bill isn’t perfect. In particular, the Email Privacy Act doesn’t require the government to notify users when it seeks their online data from service providers, a vital safeguard ensuring users can obtain legal counsel to fight for their rights. However, companies may continue to provide notice to users of government requests—prior to compliance—something many companies commit to in our annual Who Has Your Back report.’
Despite this one drawback, however, there can be no doubt that the Email Privacy Act is a huge move in the right direction for privacy in the US. Although for now (despite the overwhelming vote in favor on Wednesday), it is still unclear what the bill’s prospects will be in the House of the Senate – especially considering it is an election year (which may help it to stall).
Like members of the Digital Due Process Coalition, however, we strongly hope that the Bill will pass through the Senate without any amendments that weaken it, and we firmly encourage you to follow the EFF’s advice to write to your local Senator to ‘demand their support for strong privacy protections for your online data!’