Illustration by Jason Reed (Licensed)
A popular online privacy bill easily cleared its first hurdle in the House on Tuesday.
The House Judiciary Committee unanimously passed (28-0) the Email Privacy Act, which eliminates a loophole allowing authorities to get some electronic records without a warrant. The bill, sponsored by Rep. Kevin Yoder (R-Kan.), has more than 300 sponsors and is expected to sail through the full chamber.
The Email Privacy Act requires law-enforcement agencies to get a warrant in order to demand that tech companies turn over online communication records, such as emails, instant messages, and private social-media messages. It amends the Electronic Communications Privacy Act (ECPA), which only required a warrant for messages newer than 180 days.
ECPA took effect in October 1986, when email was the only widely used electronic communication method and few people stored messages for more than a few weeks. It currently lets authorities use administrative subpoenas, which do not require a judge's approval, to get records older than 180 days.
"As more and more communications are now stored in the cloud, updating privacy laws for the digital age is essential."
"Our nation’s laws must be brought up-to-date with advances in technology to clarify issues of electronic privacy and third-party involvement, which is why the significance of this legislation cannot be overstated," committee member Rep. Jerrold Nadler (D-N.Y.) said in a Wednesday statement.
Lawmakers supporting electronic communications privacy reform have pushed several bills in both chambers in recent years attempting to close the 180-day loophole. Technology groups were quick to cheer the committee vote for moving ECPA reform to its furthest stage yet.
"As more and more communications are now stored in the cloud, updating privacy laws for the digital age is essential," Ed Black, president and CEO of the Computer and Communications Industry Association, said in a statement. "The bill the Committee approved today sets an important standard of protection—government access to email content should require a warrant."
"Americans expect that their data will receive Fourth Amendment protections regardless of the means used to store it," Daniel Castro, vice president of the Information Technology and Innovation Foundation, said in a statement, "and this legislation will help bridge that divide."
Gary Shapiro, president of the Consumer Technology Association, said in a statement that "it's clearly time for federal law to reflect the realities of today's technology, and we urge the House to prioritize consumers' right to privacy and quickly pass this bill."
Yoder and lead co-sponsor Rep. Jared Polis (D-Colo.) agreed on Monday to last-minute tweaks by Rep. Bob Goodlatte (R-Va.), the committee's chairman. Goodlatte removed a provision requiring authorities to notify people whose records they acquired after 10 days and added language clarifying that the bill did not eliminate Congress's own ability to use a subpoena to get records.
"This amendment retains the core goal of H.R. 699 to establish a uniform warrant requirement for stored communications content in criminal investigations, while also protecting and preserving privacy and public safety interests," Goodlatte said as the committee prepared to vote.
While the government would not have to notify people whose messages it acquired, tech companies would be allowed to notify their customers directly. But under a delayed-notice provision, the government could ask a court to gag the company if there were a reasonable belief that notification would endanger a life, an investigation, or a trial.
These gag orders, each lasting for up to 180 days, would be infinitely renewable.
Goodlatte's changes also carved out stored documents from the bill's purview, limiting it to sent and received communications. A cloud-hosted file would be considered a stored document, while a file attached to an email would be considered a communication. Thus, under the amended legislation, authorities could still use subpoenas to acquire cloud-hosted files.
Importantly, Goodlatte did not add an exception to the warrant requirement for civil agencies like the Federal Trade Commission and the Securities and Exchange Commission. These agencies, whose missions differ from those of the FBI and the Drug Enforcement Administration, opposed ECPA reform on the grounds that requiring warrants for their work would stymie their investigations.