Posted in Our Blog on April 28, 2016
On Wednesday, April 27, 2016, the US House of Representatives passed the Email Privacy Act by a vote of 419-0 in a burst of bipartisanship rarely seen in Congress. The bill now must pass through the Senate and receive a signature from President Obama before it becomes law, though both of these things are widely expected to happen.
Advocates for privacy are calling the Act a major victory. The Act updates a law currently on the books that allows law enforcement and government agencies to obtain, without a warrant, anything stored on your email server. That law, passed in 1986 (when very few people used email or the internet), gives the government access to your emails and other files that are at least 180 days old. The 1986 law reasoned that no email user would keep a file of any kind for more than 180 days… why would they use up all that precious hard drive space? Files stored on a server for 180 days were considered by the government to be “abandoned,” and thus fair game. To get those “abandoned” files, the government agency would merely have to issue a subpoena to the email company; they would not have to go before an independent judge and present probable cause.
“The government is essentially using an arcane loophole to breach the privacy rights of Americans,” Representative Kevin Yoder of Kansas (architect of the bill) said. “They couldn’t kick down your door and seize the documents on your desk, but they could send a request to Google and ask for all the documents that are in your Gmail account. And I don’t think Americans believe that the Constitution ends with the invention of the Internet.”
The Fourth Amendment to the Constitution prevents the government from searching physical items in your house without a warrant, but no law has been passed that would extend that protection to emails and data files. As Rep. Suzan Delbene of Washington State said during the Email Privacy Act debate, “Under current law, there are more protections for a letter in a filing cabinet than an email on a server.”
Last time we updated our #EmailPrivacy laws cell phones looked a lot different. Let’s pass the #ECPA. #GetAWarrantpic.twitter.com/Acnip8zeoz
– Congressman Rod Blum (@RepRodBlum) April 27, 2016
In practice, the Email Privacy Act will not change much. Under the 1986 law, a law enforcement agency can legally seize your email and data without a warrant, but the internet companies such as Google and Apple will generally not cooperate unless the government presents a warrant. Yes, the company would probably eventually be ordered by a court to turn over the data, but in time-sensitive investigations, law enforcement agencies have seen it as more efficient to obtain a warrant and avoid the endless back-and-forth negotiating with lawyers for the tech giants.
The Email Privacy Act will put that “handshake agreement” operation into law. And that is very important! Acknowledging that data files should be as protected as physical files is a first step toward more robust internet privacy laws.
No. The NSA’s monitoring of email metadata (as revealed in 2013 by Edward Snowden) is regulated by different federal laws dealing with national security. The Email Privacy Act will have an impact at the local law enforcement level and on civil regulatory agencies.
But for those of us who work on the internet and are concerned with our security online, this law is a victory because it expands (albeit modestly) our rights to privacy.