Cybersecurity & Tech Surveillance & Privacy

Email Privacy, Overseas Jurisdiction, and the 114th Congress

Paul Rosenzweig
Friday, March 6, 2015, 9:00 AM
Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere. I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year two separate but related bills are being considered in the House and Senate that bear on these issues. One, the Leahy-Lee bill (Yoder-Polis in the House) addresses email privacy.

Published by The Lawfare Institute
in Cooperation With
Brookings

Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere. I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year two separate but related bills are being considered in the House and Senate that bear on these issues. One, the Leahy-Lee bill (Yoder-Polis in the House) addresses email privacy. The current structure of ECPA, which was adopted in 1986, stems from a time when nobody could imagine that anyone would ever store lots of data (like emails) for long periods of time — the expense was too great. So ECPA adopted an odd rule that communications stored for longer than 180 days would be accessible by law enforcement through a subpoena rather than by a warrant.  This had the result of making long-term stored email less well protected than, say, diaries or letters or your telephone communications.  Who knew that Gmail was in the future? Recognizing this technological oddity, the Leahy-Lee bill would update ECPA to require a warrant for access to the content of stored communications. After the Senators announced their plans to reintroduce the bill, they have done so and it how has 16 co-sponsors.  The companion House bill was introduced with 228 co-sponsors (i.e. more than 1/2 the House of Representatives) and now has 248 co-sponsors. Meanwhile, Senator Hatch (along with Senators Coons, Heinrich and Heller) has introduced the LEADS Act (the Law Enforcement Access to Data Stored Abroad Act) (which also has a House companion).  Besides making the same warrant for email fix that applies to long-term stored content, the LEADS Act would also require the the US government to secure a warrant to access content stored by service providers in overseas data centers.  Currently, they can be accessed through a subpoena-like process.  The status and virtues of the existing law are highly contested, and the LEADS Act attempts to resolve that dispute. Will either bill succeed this time around?  Only time will tell.  I am comforted that there is bipartisan support for the general idea of reform.  To be sure, some questions may need further addressing, not the least of which is the SEC's benighted effort to secure a carve-out for itself -- a result that would have the perverse effect of driving civil investigations as a subterfuge for criminal ones.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare