New bill would halt warrantless requests for consumers’ geolocation data

Zoe Lofgren with Moving Internet Symbol in Background

Let’s see those warrants, officers.

A bipartisan group of U.S. lawmakers took aim Tuesday at an almost 30-year-old communications law, pushing for new restrictions on federal government surveillance targeting American citizens. 

Reps. Zoe Lofgren (D-Calif.), Ted Poe (R-Texas), and Suzan DelBene (D-Wash.) introduced the Online Communications and Geolocation Protection Act in an attempt to improve online privacy protections.

The bill is meant to update the 1986 Electronic Communications Privacy Act (ECPA), which the bill’s sponsors said “has failed to keep pace with rapidly evolving technology, leading to weak and convoluted privacy protections from government access to user data.”

Lofgren and her co-sponsors said the ECPA no longer adequately protected the privacy of consumers and businesses, who increasingly rely on cloud computing and location-based services that are vulnerable to warrantless and generally unaccountable government spying.

This is what computers looked like when the Electronic Communications Privacy Act (ECPA) was signed into law.

This is what computers looked like when the Electronic Communications Privacy Act (ECPA) was signed into law.

Gary Brownell/Flickr (CC BY-SA 2.0)

“Fourth Amendment protections don’t stop at the Internet,” Lofgren said, “and Americans rightly expect Constitutional protections to extend to their online communications and location data.”

The lawmakers highlighted the fact that the ECPA does not require law enforcement to obtain a warrant before accessing Americans’ online communications. If the content is more than 180 days old, it can be accessed using only a subpoena. Many federal agencies are capable of issuing subpoenas themselves without any judicial oversight.

Furthermore, the lawmakers said, the ECPA in its current form offers inadequate protections to Americans who rely heavily on mobile devices operating location-based services. GPS wasn’t widely available for civilian use until roughly 14 years after the ECPA became law.

Under the new Online Communications and Geolocation Protection Act, which would require government agencies to obtain a warrant to access online content, those agencies would also need a warrant to force a service provider like Google or Yahoo to disclose geolocation data. The bill expressly prohibits such providers from disclosing a user’s geolocation in the absence of a warrant.

“Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect,” Lofgren said, “and would enable service providers to build greater trust with their users and global trading partners.”

Additionally, the new bill would “provide for administrative discipline and civil cause of action if geolocation information is unlawfully intercepted or disclosed.”  

“Technology may change, but the Constitution does not,” Poe said. “Whether an individual’s property is physical or digital, it must be protected from snooping government eyes, as required under the Fourth Amendment. It’s time for Washington to modernize this outdated legislation and protect individual privacy.” 

DelBene added, “In this constantly evolving world, Congress must be a good steward of policy to ensure our laws at least keep pace. When current law affords more protections for a letter in a filing cabinet than an email on a server, it’s clear our policies are outdated.”

Illustration by Jason Longo | Remix by Jason Reed 

Dell Cameron

Dell Cameron

Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.