Senators Push for Update to Electronic Privacy Law
A 24-year-old law setting the rules on how law enforcement agencies can obtain electronic records needs to be updated because it's out of step with modern technology and privacy expectations, U.S. Senator Patrick Leahy said Wednesday.
Wed, September 22, 2010
IDG News Service — A 24-year-old law setting the rules on how law enforcement agencies can obtain electronic records needs to be updated because it's out of step with modern technology and privacy expectations, U.S. Senator Patrick Leahy said Wednesday.
Changes to the Electronic Communications Privacy Act (ECPA) will be a priority for the Senate Judiciary Committee, the Vermont Democrat and committee chairman said.
An update to ECPA is needed because Web-based e-mail messages, information stored in cloud-computing environments and mobile-phone location information don't enjoy the same legal protections from government snooping as other types of digital data, several committee members said during a hearing Wednesday.
"The content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent," Leahy said. "There are also no clear standards under that law for how and under what circumstances the government can access cell phone, or other mobile location information when investigating crime or national security matters."
Critics of ECPA have called the law confusing and inconsistent.
The U.S. Department of Justice has asserted that under ECPA, federal agents do not need a court-issued warrant to request the contents of e-mail on Web- or cloud-based services, even though agents would need a warrant to see an e-mail stored on a laptop or a document stored in a file cabinet, critics have noted. The ECPA also doesn't require a warrant for unopened e-mail stored with a vendor for longer than 180 days, although law enforcement agencies would need court approval to access unopened e-mail less than 180 days old.
In addition, under the law, police need a warrant to track a suspect by GPS, but not to track a suspect using less precise cell tower location information.
A rewrite of the ECPA would help law enforcement agencies by clearing up confusion about the rules, said James Dempsey, vice president for public policy at the Center for Democracy and Technology (CDT), a digital rights group. A balance between law enforcement needs and privacy that ECPA established in 1986 has been lost, he said.
"Nineteen eight-six was light years ago in Internet time," he added. "Powerful new technologies create and store more and more information about our daily lives and permit the government to conduct surveillance in ways or at a depth and precision that were simply impossible 24 years ago."
While ECPA has been amended 18 times, in most cases, the changes expanded police access to electronic records, Dempsey said. Congress has never completed a comprehensive examination of the law, he said.