Privacy Protection for Documents Stored in the Cloud Gets DoJ Nod
As House subcommittee weighs overhaul of 1986 statute to strengthen privacy in the cloud, senators introduce their own legislation to update Electronic Communications Privacy Act. Department of Justice affirms the Obama administration's support for an overhaul.
Tue, March 19, 2013
The path to revising ECPA has been slowed by the protests of law enforcement agencies, which have warned that reforms undertaken in the name of protecting privacy could impede criminal investigations.
Richard Littlehale, a special agent with the Tennessee Bureau of Investigation, told lawmakers that irrespective of the level of proof required to obtain access to emails and other communications, law enforcement authorities face other, more significant "logistical hurdles," chiefly the failure of service providers to turn over records in a timely fashion.
"The reality is that legal barriers are not the only ones that keep communications out of our hands," Littlehale says.
"As Congress considers simplifying the legal requirements for obtaining communications records, and whether or not to change the standards law enforcement must meet to obtain those records, these other barriers to access must have a place in the discussion," he notes in his written testimony:
"I urge Congress to ensure that regardless of the level of process it ultimately decides is appropriate, steps are taken to guarantee that law enforcement will be able to access the required communications transactional records reliably and quickly once that process is obtained."
In counterpoint at Tuesday's hearing was Google's Richard Salgado, the search giant's director of law enforcement and information security, who was especially critical of what he described as an arbitrary distinction between communications older than six months and those that are newer.
"ECPA was passed in 1986, when electronic communications services were in their infancy. With the dramatic changes that we've seen since then, the statute no longer provides the privacy protection that users of these services reasonably expect," Salgado says. "If one could discern a policy rationale for this 180-day rule in 1986, it's not evident any longer and contravenes users' reasonable expectation of privacy."
TechAmerica, a leading industry trade group, commended both the leaders of the House subcommittee and Sens. Leahy and Lee for unveiling their bill on Tuesday, what the group dubbed "ECPA Reform Day on Capitol Hill."
Revamping that statute is a top legislative priority for TechAmerica, according to Kevin Richards, the group's senior vice president of federal government affairs, who says Leahy's bill "presents a big step toward making sure that the information Americans store in the cloud receives the same level of protection as the information stored in the physical world."
ECPA a Tricky Political Issue
But given the opposing views that law enforcement authorities and cloud providers take as a starting point in the debate, ECPA reform -- hardly a new issue -- has proven difficult as a political proposition.