Tech Firms, Privacy Groups Want New E-Privacy Law
A coalition of tech vendors and privacy groups is calling on the U.S. Congress to update a 24-year-old law to better protect users of e-mail, cloud computing services and mobile phones from government surveillance.
Tue, March 30, 2010
IDG News Service — A coalition of tech vendors and privacy groups is calling on the U.S. Congress to update a 24-year-old law to better protect users of e-mail, cloud computing services and mobile phones from government surveillance.
The newly formed Digital Due Process Coalition wants Congress to revamp the 1986 Electronic Communications Privacy Act (ECPA) to ensure that e-mail messages, documents stored on cloud computing services and location-based mobile-phone information enjoy the same privacy protections as information stored in a file cabinet or on a PC hard drive.
ECPA needs to be updated because, in some cases, digital information stored in the cloud doesn't enjoy the same legal protections as other data, said Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, a privacy and digital rights group that has spearheaded the coalition. In other cases, the privacy protections for digital data are unclear, he said during a press conference Tuesday.
ECPA doesn't work for many of the ways people use digital information today, said Michael Hintze, associate general counsel at Microsoft (MSFT), a member of the coalition. "A lot of the distinctions in the statute are illogical or unclear or inconsistent, which creates challenges in terms of compliance," he said. "As more and more people embrace the benefits of cloud computing ... we just don't believe that the balance between privacy and law enforcement should be fundamentally turned on its head."
Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect's PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.
The coalition's suggested changes to ECPA "would make it clear that all of that data, as it moves from the desktop to the cloud and back again, to the handheld device, without regard to platform, private content should be protected," Dempsey said.
The group wants ECPA changed so that law enforcement officials have to get warrants before demanding Internet service providers and cloud computing providers turn over private documents stored online and before mobile carriers turn over tracking information about customers. The coalition also wants court review that any real-time surveillance of communications such as text messages and instant messages is relevant to a criminal investigation, and it wants courts to review law enforcement requests for transactional data of multiple unidentified users.