The Electronic Communications Privacy Act (ECPA) was enacted in 1986 to protect user data from government oversight and significant portions haven’t been updated since.
That’s a problem, advocates say, because the law is now completely outdated. The law currently gives more protection to data you store locally and less to data kept in the cloud – an obvious problem in the age of Gmail, Facebook and Amazon Web Services.
Cloud computing haunted by privacy concerns
Technology companies and privacy advocates have been calling for Congress to update the legislation for years (see Coalition of Tech Companies Wants to Give You Digital Due Process). The law leaves consumers unprotected, they argue, and dampens the cloud computing sector’s economic prospects.
As the law stands, providers can do little to assure users that their data will remain protected if someone in law enforcement or government wants to look at it. In many cases, law enforcement can compel providers to disclose information without a search warrant.
Google recently disclosed that it had received 3,580 requests for user data from U.S. law enforcement in the second half of 2009. The number of requests Google rose to 4,287 in the first half of 2010.
An urgent need
“Prompt action by Congress to strengthen federal laws safeguarding the privacy of information stored in the cloud is growing more important by the day as Americans become ever more reliant on cloud computing in all aspects of life,” a group of advocates wrote in a statement submitted to House Committee on the Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties during its hearing on ECPA today.
In the absence of laws guaranteeing the protection of data in the cloud, some providers are letting users store encrypted data without handing over the key. Encryption is less desirable because it eliminates the advertising subsidy for some services (Gmail ads wouldn’t work if emails were encrypted), adds the cost of encrypting the data and can slows services down. “In many ways, therefore, ECPA’s failure to protect our digital communications and documents amounts to a “tax” on Americans,” the group wrote.
The group proposed that law enforcement must obtain a search warrant from a judge based on probable cause in order to have access to digital data and communications.
Google, Microsoft back reform
The reform is backed by a number of high-profile companies including Google, Microsoft and AT&T as well as the American Civil Liberties Union.
Microsoft lawyer Brad Smith had an especially good line during today’s hearing. “E-mail in someone’s in-box should not be subject to a different standard than e-mail in your sent-box,” Smith said. “The reality today is that ECPA increasingly falls short of a common-sense test.”[photo via Brynn_Avon]