Two congressmen are trying to update a 1986 law that currently allows the government warrant-free access to any cloud-based data older than 180 days.
According to the Electronic Communications Privacy Act (ECPA), the government is allowed to acquire email or other content stored online without a warrant, assuming the data has been online for at least 180 days. Two congressmen are proposing the act be updated with a piece of sweeping legislation that will bring the law out of the Reagan era, reported Wired.com.
“Communications technology is evolving at an exponential rate and, as such, requires corresponding updates to our privacy laws,” said Rep. Jerrold Nadler, who is sponsoring the package with Rep. John Conyers Jr., reported Wired. “This new legislation will ensure that ECPA strikes the right balance between the interests and needs of law enforcement and the privacy interests of the American people.”
A Senate committee has been looking into ECPA for more than a year.
The proposed legislation would, according to Nadler's website, "amend the law to require the government to obtain a probable cause search warrant anytime it compels the contents of wire or electronic communications. It would also:
• provide a uniform standard and set notice rules when the government accesses the contents of communications;
• amend the law to provide the same statutory suppression remedies for electronic communications as are currently provided for wire and oral communication surveillance. Currently, an aggrieved person can suppress wire or oral surveillance, but not electronic.
• add new – and, in some instances, modify existing – reporting requirements to ensure that Congress has sufficient information for effective oversight and possible future reforms."
Recent technological changes have raised privacy concerns surrounding the 180-day rule on private data. Before cloud storage became a common technology, email only resided on servers on its way to a person's local inbox. Any data that was online for more than 180 days was considered abandoned, because limited bandwidth made cloud storage an impractical solution.
The government has been quietly using the law for years, which applies to all cloud-based services including Facebook, files stored on Dropbox, or any other service that uses online storage. Google said that government agencies across the United States requested user data 6,321 times for the six months ending December 2011, up from 5,950 the six months prior. Google (and ISPs) do not release numbers on how often private data is actually released to the government.
In a story last year about ECPA's 25th birthday, PC World reported that law enforcement entities have opposed changing the privacy act on the grounds it would hinder investigative capabilities. But the legislation's anachronisms have created "some bizarre anomolies in the law," the website reported.
"The outdated Electronic Communications Privacy Act (ECPA) is allowing the government to engage in a shopping spree in the treasure trove of information about who you are, where you go, and what you do, that is being collected by cell phone providers, search engines, social networking sites, and other websites every day," the American Civil Liberties Union says on its webpage about ECPA.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.