The bill amends the Electronic Communications Privacy Act of 1986, a major online-privacy law, to require state or federal government agencies to get a warrant to access the contents of any email or other electronic record, no matter how old those communications are.
Sens. Mike Lee (R-Utah) and Patrick Leahy (D-Vt.) and Reps. Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) introduced the bill in February. It has received strong bipartisan support. The Senate Judiciary Committee, which must approve it before it can go to the full Senate, hasn’t taken it up yet. But the committee is holding a hearing tomorrow about the need to reform ECPA, so a vote on the bill could come soon.
The Electronic Communications Privacy Act Amendments Act is a short bill by congressional standards, but it’s important to understand its provisions and how they could affect your privacy.
What is the biggest change that ECPA Amendments Act would make?
The bill adds a warrant requirement for communications that were previously considered so old as to be irrelevant to their participants and unworthy of privacy protections.
Right now, emails and other electronic messages older than 180 days are considered to have been “abandoned” by the people who sent and received them. Law-enforcement agencies don’t need to get a warrant to force a company like Google or Facebook to turn over those communications. Agencies just need to assert in writing that they need the communication to further an active investigation.
When Congress enacted the Electronic Communications Privacy Act, so few people were communicating electronically that nobody was preserving records for very long. Email wasn’t as big a part of most people’s lives as it is now, and there were few reasons to care about old messages. Emails flew back and forth and were quickly forgotten. Hence the lack of concern over what were then considered archaic messages.
“The privacy concerns are very real now in a way that people didn’t contemplate in 1986 when this law was passed,” Sen. Lee told the Daily Dot.
This is the key provision of the bill:
A governmental entity may require the disclosure […] of the contents of a wire or electronic communication […] only if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) that is issued by a court of competent jurisdiction directing the disclosure.
This warrant requirement also applies to requests for information about customers, including their names, addresses, telephone metadata (call times, durations, phone numbers), service length and type information, and payment methods.
What else does this bill do?
The ECPA Amendments Act also requires that a government agency notify people when it acquires their records. For law-enforcement agencies, the notice must come no later than 10 business days after the records are acquired; for all other agencies, the deadline is three business days.
The notice must include a copy of the warrant and must inform the person about the nature of the investigation “with reasonable specificity.”
There is also a provision requiring the Government Accountability Office (GAO) to study state and federal government agencies’ use of ECPA over the five years preceding this bill’s enactment. The report would be due on Sept. 30, 2017.
That notification provision sounds great and very transparent. Is there a catch?
The government can request that a notice be delayed if it has a reason to believe that sending the notice would jeopardize someone’s life or physical safety or seriously interfere with the investigation. Each delay can last at most 180 days for law-enforcement agencies or 90 days for other agencies.
The government can also ask a court to temporarily bar a company from publicly revealing that the government took some of its records. This is known as a “gag order.” The same 180- and 90-day rules apply here as they did with delays on notices to customers.
The government can request (and courts can grant) an unlimited number of notice delays and gag orders.
This bill seems like a no-brainer. Who is supporting it?
More than 110,000 people petitioned the White House to support ECPA reform in late 2013. The Obama administration responded positively and said that it was “encouraged by the strong bipartisan support for updating this legislation.”
More than 70 tech companies, open-Internet groups, libertarian associations, privacy watchdogs, and business trade groups have signed letters to the House and Senate supporting the respective versions of the bill.
“Anyone out there who believes in this, either as a business or as an individual, ought to be making more noise about this issue, to be talking about the fact that there is dangerous potential for abuse under the law as it exists right now, and we need this reform,” Lee said. “This is a very modest reform that is many years overdue. It’s time that we get his done.”
Supporters have varying reasons for wanting to see the ECPA reformed. It’s easy to understand why Google and Facebook signed the letters: Government agencies are asking them to turn over communications without a warrant, and it looks good if they can fight back by supporting reform. Libertarian and open-Internet groups are ideologically committed to more stringent standards for government surveillance and data collection. And business associations are concerned about their members losing money if consumers react strongly to the conversation about warrantless data access.
Lee, a member of the Tea Party Caucus with libertarian leanings, said that his bill was about preserving the core guarantees of the Fourth Amendment.
“The concerns underlying the Fourth Amendment are very, very real today,” he said. “They have grown a little more complicated in the electronic age, and in many ways, they’ve become even more important today because of the manner in which electronic communication can facilitate and expedite the work of government.”
So why has it taken until 2015 for someone to introduce a bill like this?
Well, that’s the thing—it hasn’t.
The bill’s sponsors introduced the exact same legislation in 2013 during the 113th Congress. The Senate Judiciary Committee, chaired at the time by the bill’s cosponsor Patrick Leahy, passed it unanimously. The House version garnered 218 cosponsors, a bipartisan majority that made it a legislative unicorn in these partisan times.
But the bill subsequently languished in Congress. After the Senate committee passed it, it never went to the full Senate. The House committee with jurisdiction over it never even voted on it.
Now, its supporters are trying again. The House version has more than the 218 votes it needs to pass; ECPA reform is considered one of the most bipartisan pieces of legislation in the current Congress.
“As times change, as technology changes, as our society’s use of technology changes,” Lee said, “we’ve got to update our laws to reflect the changed circumstances and this is a change that’s long overdue.”
Illustration by Max Fleishman