A Privacy Update

Jul 28 2017

The Fourth Amendment to the Constitution states plainly that Americans cannot be subjected to “unreasonable searches and seizures” of our “persons, houses, papers, and effects.”

But what about emails, text messages, and digital documents? Do they qualify for protection under the Fourth Amendment?

Any reasonable observer would answer yes, given how much intimate and personal information we share through those mediums every day. Electronic communications and records are the “papers and effects” of an online age. They should clearly be protected from government snooping.

It is stunning, then, that current law does not give provide sufficient protection to electronic communications. This needs to change, and it will if I and several of my colleagues are successful.

America’s online privacy laws are based on a bill passed way back in 1986, the Electronic Communications Privacy Act (ECPA).

This well-intended bill prohibited the federal government from intercepting electronic communications and accessing some stored data. That’s because its authors understood that electronic communications were no different than phone calls or letters transmitted by homing pigeon.

But when Congress wrote the ECPA in 1986, the “Internet” as we know it did not exist—its predecessor, ARPANET, was used only by academic researchers, the military, and a few hobbyists. Congress did not anticipate that within a few decades the Internet would be used by billions to communicate, read the news, and even shop for groceries.

So they carelessly included a provision in ECPA that permitted the government to access many forms of archived data without getting permission from a judge. Under the provision, electronic records stored with third-party service providers for longer than 180 days are deemed “abandoned,” in the same way that a physical storage unit can be abandoned. Government agents can then access “abandoned” records by subpoenaing the third party.

As a result, we know that government agencies such as the IRS Criminal Tax Division have advised agents that they can rummage through Americans’ old emails without a search warrant—all because, in the words of the FBI, we shouldn’t have a “reasonable expectation of privacy” in our emails.

This provision may have seemed harmless in 1986, the year Metroid and Legend of Zelda debuted in 8-bit graphics on the NES. Practically nothing was stored in a digital form back then. But the law is dangerously outdated in 2017, when any citizen can store all of his personal records online in perpetuity through services like Google Drive and Dropbox.

Since 2013, I have worked with Sen. Pat Leahy (D-VT) and several other colleagues to protect Americans’ papers and effects wherever they are found—whether in a server farm, the Cloud, or a safe deposit box.

This week we re-introduced two bills that would go a long way to accomplishing this goal, the ECPA Modernization Act and Email Privacy Act.

The bills would bring online privacy protections up to par with the protections we expect for other forms of communication.

They would require government agents to obtain a search warrant based on probable cause to access our records, with reasonable exceptions for national security searches and emergency situations.

The ECPA Modernization Act is a little broader than the Email Privacy Act, since it also requires law enforcement to get a warrant before they can track your location by using your cell phone location data, but both these bipartisan bills are long overdue updates to our federal privacy laws.

The federal government never relinquishes its power over our lives easily. It has fought these reforms at every turn.