Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) Jan. 16 said that
reform of the Electronic Communications Privacy Act, which has implications for
the government's access to sensitive data stored by “cloud computing” providers,
will be among his top priorities for the 113th Congress.
With cloud computing, users may store and manage data such as email messages
on remote computer networks operated by third parties. Uncertainty about ECPA's
protection of cloud data is seen by some as a hindrance to the growth of the
“I will keep pushing to update our privacy laws to address emerging
technology and the internet, including the Electronic Communications Privacy Act
and cybersecurity laws,” Leahy said, according to the text of a speech he
presented at the Georgetown University Law Center.
In November 2012, the Judiciary Committee approved a Leahy proposal (H.R. 2471 Substitute)
that included provisions to update ECPA by requiring the government to obtain a
search warrant based on a showing of probable cause when seeking access to
electronic communications, including in the case of remote computing service
providers (11 PVLR 1702, 12/3/12).
The measure, which prompted concerns from the law enforcement community, was
advanced on a committee voice vote but ultimately did not make it to the Senate
Sen. Chuck Grassley (R-Iowa), the panel's ranking member, said that, although
he was willing to cooperate with reporting the bill out of committee, he
continued to have reservations about the ECPA provisions that he wanted to
address. That dialogue is expected to resume in the current Congress.
ECPA reform supporters include cloud providers Microsoft Corp. and Google
Inc., as well as privacy groups.
The 112th Congress failed to reach agreement on cybersecurity legislation (11
PVLR 1680, 11/19/12). A key area of contention over the cybersecurity bill (S. 3414) was language
calling for voluntary cybersecurity standards for critical parts of the private
Leahy made ultimately unsuccessful attempts to add privacy protections to the
legislation, including an amendment to establish national data security breach
notification rules (11 PVLR 1228, 8/6/12).
In the wake of the inability of Congress to pass cybersecurity legislation,
President Obama is mulling whether to issue a cybersecurity exective order (12
PVLR 31, 1/7/13).
Leahy's prepared speech, as well as a link to an archived webcast of his
presentation, is available at http://www.leahy.senate.gov/press/113-sjc-agenda-speech.