The privacy of Americans’ email has an expiration date.
Because of the Electronic Communications Privacy Act (ECPA) — passed in 1986, long before electronic communications became prevalent in the United States — email content is easily accessible to many civil and law enforcement agencies as soon as it is at least 180 days old.
Fortunately, politicians on both sides of the aisle are now backing the movement to change the outdated law.
The Email Privacy Act, which is up for a vote in the House of Representatives, would remove the expiration date on privacy.
“The federal government is using an arcane 1986 law to conduct warrantless searches of the personal email accounts and other digital communication of the American people,” Rep. Kevin Yoder, R-Kan., co-sponsor of the legislation, said in February. “The last time Congress updated our email privacy laws, we were two years removed from the release of the first Macintosh computer. It’s time Congress modernized these outdated statutes to ensure that the rights protected by the Fourth Amendment extend to Americans’ email correspondence and digital storage.”
The Fourth Amendment to the United States Constitution protects Americans from “unreasonable searches and seizures,” and those who support reforming the ECPA believe allowing civil agencies and law enforcement to access older data is a violation of that right. Something that happened six months ago could obviously have significant relevance to someone’s privacy, and giving agencies carte blanche to access the information means everyone’s front door could be, in a relatively short time, blown wide open.
“There’s a simple reason why the Email Privacy Act is the most sponsored bill in Congress,” Gabe Rottman of the American Civil Liberties Union told Truthdig. “Americans overwhelmingly believe email should be protected by a warrant, just like a phone call or snail-mail letter.”
According to Rottman, who is a legislative counsel and policy adviser at the ACLU’s Washington Legislative Office, “this bill would make that modest but essential change, and bring our email privacy laws into the age of broadband and cloud computing.”
Without such a change in the ECPA, however, agencies like the U.S. Securities and Exchange Commission, the IRS and others can simply obtain data stored in the cloud by sending a company like Google a subpoena demanding access to that data when it is 180 days old or older. Users might not even realize their privacy had been breached, because the government can deal directly with the email service providers. On the other hand, if these agencies want the same data before it is 180 days old, they need to obtain a warrant.
“We all have email accounts, we all store lots of personal and private information in the cloud with emails and our contact lists and our photos, and it’s really a detailed record of our whole lives,” Chris Calabrese, the vice president for policy at the Center for Democracy & Technology (CDT), said in an interview. “It makes sense that we have the same privacy protections in our digital inbox as we have in our home, and that’s basically what this bill does.”
The Email Privacy Act currently has 272 sponsors—including both Republicans and Democrats—in the House of Representatives, Calabrese pointed out. The Senate version, called the ECPA Amendments Act, has also received vocal support from officials in that chamber. Advocacy groups like the ACLU, CDT and many Internet companies are lobbying to get them passed.
One reason that the bills—which were first introduced in 2013—have not yet passed is because civil agencies have fought against them. When contacted by Truthdig, representatives from both the IRS and the SEC had no comment on the legislation. According to Calabrese, the agencies do not want to give up their access to information.
A law enforcement agency can usually obtain a warrant when it needs such information, but the target of such a warrant would be aware of the investigation. Civil agencies, however, have no ability to independently obtain a warrant. In lieu of a warrant, the SEC or IRS could simply demand information from specific people, and the targeted parties could face criminal charges if they refused to comply with the warrant. But as the law stands now, the agencies can instead subpoena Google or Apple to get the information directly.
“Civil agencies have lots of options for exercising authority here now,” Calabrese told Truthdig. “They can issue a subpoena directly to you, for example. What we’re talking about here is protecting you from someone going to Google and going behind your back. You’d never know.”