Email Privacy Faces a Key Test Next Week

Senate Judiciary Chairman Patrick Leahy (D-VT) announced late yesterday that he will bring legislation before the committee requiring law enforcement to use a probable-cause warrant to access all non-public internet communications such as email. This legislation is a key piece of efforts to reform the Electronic Communications Privacy Act (ECPA), first passed in 1986 and not substantially updated since.

In 1986 email was a novelty. Congress was so unsure of how to handle it that they treated it like a combination of phone call and letter. Lawmakers assumed that email would be largely transient and that companies providing email services wouldn’t hold onto messages for long periods. As a result they structured ECPA so that email older than 180 days would be treated as discarded and receive a very low level of privacy protection.

Similarly, at the time of ECPA’s passage, the widespread sharing of digital information by computers was something that was only done by large companies. Big businesses would outsource things like payroll to third parties to do the number crunching. (This type of third-party data processing is actually how Ross Perot made his billions.) Given this market, Congress also decided in ECPA to treat the sharing of digital information as just another business record—something that can be gathered by law enforcement without a warrant.

Neither of these policy decisions was necessarily wrong in 1986, but the practical effect today is an enormous hole in privacy protections. Email that is saved in Gmail, Yahoo and other email systems for longer than six months—all of the really interesting stuff!—can be accessed with an administrative subpoena. Similarly, no matter what privacy setting you use, information that is shared with third parties like Google and Facebook—photos, private journals kept online, Facebook pages viewable by only a few close friends—is accessible by police without a judge’s approval. All the government has to do is swear it’s relevant to an investigation.

In a wide ranging article on administrative subpoenas, Wired Magazine notes they have frequently been abused:

FBI agents given such powers under the Patriot Act quickly began to abuse them and illegally collected Americans’ communications records, including those of reporters. Two scathing reports from the Justice Department’s Inspector General uncovered routine and pervasive illegal use of administrative subpoenas by FBI anti-terrorism agents given nearly carte blanche authority to demand records about Americans’ communications with no supervision.

The article quotes a spokesman for the Drug Enforcement Administration as saying, “It’s a tool in the toolbox we have to build a drug investigation. Obviously, a much, much lower threshold than a search warrant.”

Law enforcement has resisted changes to ECPA, arguing that it is critical to investigations. Of course no one is disputing that electronic evidence can be necessary to convict criminals. The question is, what standard should police have to meet to gather that evidence? The Fourth Amendment to the Constitution contemplates a balance, one where people are “secure in their persons, houses, papers, and effects, against unreasonable searches and seizures … and no Warrants shall issue, but upon probable cause.”

Now Chairman Leahy is moving to restore that critical balance. He is trying to ensure that digital communications are treated the same way as letters, records stored in desk drawers, and other personal communications: accessible only with a warrant based on probable cause.

If you want to join him in that effort, please let the members of the Senate Judiciary Committee know that ECPA must be updated and our communications protected.