A popular cloud privacy bill stalls in the Senate

Sponsors of the email warrant bill pull it after a senator pushes to include expansion of an FBI surveillance program

US Capitol

The U.S. Capitol in Washington.

Credit: Elizabeth Heichler

A bill to give email and other documents stored in the cloud new protections from government searches may be dead in the U.S. Senate over a proposed amendment to expand the FBI's surveillance powers.

The Electronic Communications Privacy Act Amendments Act would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months.

Under U.S. law, police need warrants to get their hands on paper files in a suspect's home or office and on electronic files stored on his computer or in the cloud for less than 180 days. But under the 30-year-old ECPA, police agencies need only a subpoena, not reviewed by a judge, to demand files stored in the cloud or with other third-party providers for longer than 180 days.

A similar bill passed the U.S. House of Representatives by a 419-0 vote in April. But sponsors of the Senate bill, Senators Mike Lee and Patrick Leahy, pulled the bill from consideration by the Senate Judiciary Committee last week after another committee member insisted on pushing forward with an amendment that would expand the FBI's controversial National Security Letter (NSL) surveillance program.

The amendment from Senator John Cornyn, a Texas Republican, would allow the FBI to use the administrative subpoena NSL program to obtain electronic data from communications providers.

Under the amendment, the FBI, through NSLs, would not need court-ordered warrants to obtain IP addresses, routing and transmission information, session data, a person's browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.

Lee, a Utah Republican, and Leahy, a Vermont Democrat, called the Cornyn amendment a "poison pill" that kills their ECPA revamp. 

An ECPA revamp is "functionally dead until Cornyn withdraws his poison pill amendment," a spokeswoman for Lee said by email.

A spokeswoman for Leahy sounded a more optimistic note, saying the sponsors of the bill would continue pushing for its passage this year. "But I will keep working with Republicans to see if we can find a path forward on a version of the bill that can be signed into law," Leahy said during a committee meeting on Thursday.

Cornyn suggested the committee would approve his amendment, and the bill, if amended, would pass both the Senate and the House.

"It strikes me as odd that somebody could call an amendment a poison pill when, I believe, the amendment enjoys the support of a majority of this committee," he said in a statement. "Hving said all that, I support the warrant for content provisions, and I’m happy to continue the conversation.”

Some privacy advocates and tech companies have been pushing  Congress to update ECPA since 2011. Unlike in 1986, when ECPA was first passed, computer users now use the cloud to store many personal documents, and those documents should enjoy the same privacy protections as those stored for shorter periods or stored in file cabinets, they have argued.

An expansion of the NSL program, as advocated by Cornyn and the FBI, would expand government surveillance in a bill that's intended to increase privacy protections, opponents have argued.

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies