Privacy Protection for Documents Stored in the Cloud Gets DoJ Nod

As House subcommittee weighs overhaul of 1986 statute to strengthen privacy in the cloud, senators introduce their own legislation to update Electronic Communications Privacy Act. Department of Justice affirms the Obama administration's support for an overhaul.

By Kenneth Corbin
Tue, March 19, 2013

CIO — The Department of Justice is giving a qualified endorsement of an update to a 1986 privacy law that leading cloud-service providers, public-interest groups and others argue is woefully out of step with the current methods of sending and storing communications.

In testimony before a House subcommittee on Tuesday, Elana Tyrangiel, acting assistant attorney general at the DoJ's Office of Legal Policy, affirmed the Obama administration's support for an overhaul of the Electronic Communications Privacy Act (ECPA) to provide stronger privacy protections for Webmail, documents stored online and other cloud services.

Google, Microsoft and Facebook Join Reform Advocates

Advocates of ECPA reform, including tech heavyweights like Google, Microsoft and Facebook, point to incongruities in the law concerning the ways that law enforcement authorities can access personal communications.

As the law currently stands, authorities can obtain emails and other communications that have been stored with a third-party provider for more than six months on the strength of a subpoena, rather than a warrant issued by a judge.

In spite of periodic updates to ECPA, Tyrangiel says, "many have noted, and we agree, that some of the lines drawn by the statute have failed to keep up with the development of technology and the ways in which we use electronic and stored communications."

"We agree, for example, that there is no principled basis to treat email less than 180 days old differently than email more than 180 days old. Similarly, it makes sense that the statute not accord lesser protection to open emails than it gives to emails that are unopened," she adds.

"Acknowledging these things is an important first step," Tyrangiel says . "The harder question is how to update the statute in light of new and changing technologies while maintaining protections for privacy and adequately providing for public safety and other law enforcement imperatives."

Senate Looks to Revise ECPA

There is also movement in the Senate to overhaul ECPA. The same day that the House Judiciary Committee's subcommittee on crime held its hearing, Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah) introduced a bill to revise the statute, dispensing with the "180-day rule," among other reforms.

When ECPA was enacted, "no one could have imagined just how the Internet and mobile technologies would transform how we communicate and exchange information today," Leahy says in a statement. "Privacy laws written in an analog era are no longer suited for privacy threats we face in a digital world."

Earlier this year, a bipartisan group of House members introduced their own ECPA-reform bill in a bid to strengthen the protections for cloud and location-based services.

Continue Reading

Our Commenting Policies