Google, together with Microsoft, AT&T, AOL, Intel, the ACLU, the Electronic Frontier Foundation and a number of other organizations launched a new effort to modernize the Electronic Communications Act (ECPA) today. ECPA, which was enacted in 1986, sets standards for low enforcement access to electronic communications and other data. According to this coalition of technology companies, which calls itself Digital Due Process, ECPA has been outpaced by technological advances like cloud computing and is now a “patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies.”
ECPA: Outdated and Convoluted
In an announcement earlier today, Google specifically noted that while the ECPA was originally designed to protect citizens from unwarranted government intrusion (while still giving law enforcement the necessary tools to ensure public safety), ECPA is now completely outdated. Indeed, as Google notes, ECPA became law before most people even knew what email was and long before the “cloud” became a buzzword.
Today the law gives more protection to data you store locally than to data stored in the cloud – an issue the Digital Due Process coalition is trying to rectify. The coalition also wants to ensure that government agencies get a search warrant before they can track the location of your cell phone. Digital Due Process also wants to protect citizens (and its member organizations) against unnecessary bulk data requests from government agencies.
As CNET’s Declan McCullagh noted yesterday, ECPA is notorious for being extremely convoluted. Digital Due Process also noted that the ECPA standard are not clear (especially with regards to access to location information), that it’s not clear how the Fourth Amendment applies to new services and information and that some fo the standards are simply illogical.
More Resources
- The current law
- Legal analysis of the current law from the Digital Due Process coalition (PDF)
Digital Due Process wants the U.S. Congress to completely rewrite the law, but to focus on a handful of issues: access to email and other private communications stored in the cloud, access to location information, and the use of subpoenas to obtain transactional data.
Here are the four ways Digital Due Process wants to modernize the ECPA:
- Better protect your data stored online: The government must first get a search warrant before obtaining any private communications or documents stored online;
- Better protect your location privacy: The government must first get a search warrant before it can track the location of your cell phone or other mobile communications device;
- Better protect against monitoring of when and with whom you communicate: The government must demonstrate to a court that the data it seeks is relevant and material to a criminal investigation before monitoring when and with whom you communicate using email, instant messaging, text messaging, the telephone, etc.; and
- Better protect against bulk data requests: The government must demonstrate to a court that the information it seeks is needed for a criminal investigation before it can obtain data about an entire class of users.