But what about emails, text messages, and digital documents? Do they qualify for protection under the
Any reasonable observer would answer yes, given how much intimate and personal information we share through
those mediums every day. Electronic communications and records are the “papers and effects” of an online age. They should clearly be
protected from government snooping.
It is stunning, then, that
current law does not give provide sufficient protection to electronic communications. This needs to change, and it will if I and several of my
colleagues are successful.
America’s online privacy laws are based on a
bill passed way back in 1986, the Electronic Communications Privacy Act (ECPA).
This well-intended bill prohibited the federal government from intercepting electronic communications and accessing
some stored data. That’s because its authors understood that electronic communications were no different than phone calls or letters transmitted
by homing pigeon.
But when Congress wrote the ECPA in 1986, the
“Internet” as we know it did not exist—its predecessor, ARPANET, was used only by academic researchers, the military, and a few
hobbyists. Congress did not anticipate that within a few decades the Internet would be used by billions to communicate, read the news, and even shop
So they carelessly included a provision in ECPA that
permitted the government to access many forms of archived data without getting permission from a judge. Under the provision, electronic records stored
with third-party service providers for longer than 180 days are deemed “abandoned,” in the same way that a physical storage unit can be
abandoned. Government agents can then access “abandoned” records by subpoenaing the third party.
As a result, we know that government agencies such as the IRS Criminal Tax Division have advised
agents that they can rummage through Americans’ old emails without a search warrant—all because, in the words of the FBI, we
shouldn’t have a “reasonable expectation of privacy” in our emails.
This provision may have seemed harmless in 1986, the year Metroid and Legend of
Zelda debuted in 8-bit graphics on the NES. Practically nothing was stored in a digital form back then. But the law is dangerously outdated
in 2017, when any citizen can store all of his personal records online in perpetuity through services like Google Drive and Dropbox.
Since 2013, I have worked with Sen. Pat Leahy (D-VT) and several other colleagues to protect
Americans’ papers and effects wherever they are found—whether in a server farm, the Cloud, or a safe deposit box.
This week we re-introduced two bills that would go a long way to accomplishing this goal, the ECPA
Modernization Act and Email Privacy Act.
The bills would bring online privacy
protections up to par with the protections we expect for other forms of communication.
They would require government agents to obtain a search warrant based on probable cause to access our records, with
reasonable exceptions for national security searches and emergency situations.
The ECPA Modernization Act is a little broader than the Email Privacy Act, since it also requires law enforcement to
get a warrant before they can track your location by using your cell phone location data, but both these bipartisan bills are long overdue updates to
our federal privacy laws.
The federal government never relinquishes its
power over our lives easily. It has fought these reforms at every turn.