How would you feel if the government could access a trove of information about who you are, what you do, who your friends are and what they do by collecting it from email and cellphone providers, search engines, social networking sites, and other websites every day? If you'd be outraged, hold on to that feeling.
Back in 1986 — in a bygone era before email, the modern Internet, Facebook, the widespread use of cellphones and sharing economy sites — the government passed the Electronic Communications Privacy Act. And believe it or not, this is still the law that protects the privacy of your electronic life in 2015.
A petition demanding reforms to ensure that emails cannot be accessed without a warrant achieved the necessary 100,000 signatures on the White House website to get a response. You see, right now, the ECPA considers remotely stored digital files more than 180 days old to be abandoned and forces service providers to hand over those files whenever law enforcement demands — without the need for a warrant. This means that all those old emails in your inbox aren't granted basic due process protections.
At a pace resembling the snail mail of the 1980s — or, more appropriately, correspondence prior to the Pony Express — the White House responded to the petition 593 days later. It agrees that ECPA is outdated and needs reform but suggests that Congress should do the heavy legislative lifting. Unfortunately, civil agencies within the same administration are still fighting to oppose reform in order to maintain easy access to private information.
Thank goodness Congress has been moving on some of these concerns. Bipartisan legislation such as the Email Privacy Act and the ECPA Amendments Act would close the 180-day loophole and beef up other privacy protections. The Law Enforcement Access to Data Stored Abroad, or LEADS, Act also includes those reforms, but it would add an international component in response to Department of Justice efforts to exert global authority over digital data.
During a criminal investigation into the actions of an Irish citizen who stored information on a cloud system with servers located in Ireland, DOJ asserted a right to access that information on the basis that the Irish company is a subsidiary of Microsoft, a U.S. company. This power grab would not only subvert mutual legal assistance treaties, which govern law enforcement requests for access to information across borders, but also expose U.S. citizens to similar infringements by foreign governments.
The case is making its way through the courts, but the LEADS Act would immediately resolve the dispute and update ECPA in favor of greater privacy protections while also ensuring that mutual legal assistance treaties are capable of meeting modern law enforcement needs.
Even a Justice Department official acknowledged at a hearing that "there is no principled basis to treat email less than 180 days old differently than email more than 180 days old." Unfortunately, the same official said civil regulatory agencies should be exempt from the warrant requirement, which would effectively gut the new protections.
In a letter to the Senate Judiciary Committee, the chairwoman of the Securities and Exchange Commission made the same request, arguing that the SEC and other civil regulatory agencies should be exempt from the warrant requirements because they lack the authority to issue warrants.
If the SEC were to succeed in watering down ECPA reform for itself, every civil agency would receive the same snooping power. As opposed to having to subpoena individuals the same way they would for information held on a hard drive or in a physical file, civil agencies want backdoor access to information stored online. That means agencies such as the IRS and EPA could demand emails from service providers without their owners' knowledge and without due process protections. And seeing as providers have no way of determining what is relevant to an investigation, it would guarantee that unrelated and sensitive personal information would end up in the hands of government agents.
If the Obama administration were serious about its pledge to support ECPA reform and protect digital privacy, it would instruct its agencies to stop fighting for exemptions.