Bipartisan Lawmakers Introduce Trio of Email Privacy Overhaul Bills

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Email service providers and cloud computing companies would gain clarity on legal standards for law enforcement access to stored communications under three bipartisan Senate bills.

The bills, introduced July 27, would take different approaches to update the decades-old Electronic Communications Privacy Act (ECPA). The 1986 law allows access to consumer emails stored more than 180 days with a subpoena or a court order. ECPA generally requires the government to obtain a warrant to access data stored for less time. Warrants must be supported by probable cause —a higher standard than needed for subpoenas or other court orders.

Tech and cloud computing industry groups support updating ECPA. Companies such as Microsoft Corp., Alphabet Inc.'s Google, and Yahoo Inc., are uncertain about what customer communications they must provide to law enforcement agencies, even when served with a court order or subpoena.

The House passed its version of an ECPA update in February. The Senate bills are the first signs of life for the issue there this year. It’s unclear whether or when the Senate Judiciary Committee will consider any of the measures, which together signal that there isn’t agreement yet in the Senate about how to rewrite the law.

Congress will face challenges “striking the right balance for businesses and consumers,” Georgette Spanjich, vice president and co-founder of public policy consulting group Plurus Strategies in Washington, told Bloomberg BNA July 28. Privacy is a “big issue where everyone—industry, law enforcement, and consumers—need a seat at the table,” she said.

The growth of the cloud computing industry and the proliferation of internet of things connected devices highlights the need for an ECPA update, the Consumer Technology Association said in a July 27 statement. The Senate bills would help bring the law “up to speed with modern technology” and U.S. citizens’ will “know their personal data is protected, no matter where it is stored,” the consumer group said.

U.S. citizens and companies “expect and deserve strong, meaningful protections for their emails, texts, photos, location information, and documents stored in the cloud,” Sen. Mike Lee (R-Utah), who introduced two of the ECPA update measures, said in a July 27 statement. “It’s time for Congress to enact broad reforms to ECPA.”

The bills wouldn’t affect other government methods to access communications without a warrant, such as through national security letters authorized by the USA PATRIOT Act.

Three Bills

The Senate measures take different approaches to updating ECPA.

The Email Privacy Act ( S. 1654), introduced by Lee and co-sponsored by Sens. Patrick J. Leahy (D-Vt.) and six other Republican and Democratic senators, is companion legislation to the Email Privacy Act ( H.R. 699), which passed the House in February. The Senate bill would update ECPA to require law enforcement agencies to obtain a search warrant before accessing consumer communications no matter how long they are stored.

The ECPA Modernization Act ( S. 1657), also introduced by Lee and co-sponsored by Leahy, includes a warrant requirement for access to consumer communications, but would also require a warrant for access to historical and real-time geolocation information, prohibit the use of communications and geolocation data obtained in violation of ECPA, and require notice within 10 days to individuals whose electronic communications were sought under a warrant.

The International Communications Privacy Act (S. 1671), introduced by Sen. Orrin Hatch (R-Utah) and co-sponsored by Sens. Dean Heller (R-Nev.) and Christopher Coons (D-Del.), also contains search warrant requirement provisions for stored consumer communications.

Matt Whitlock, communications director for Hatch, told Bloomberg BNA July 28 that the text of the reintroduced Hatch bill isn’t available because the senator “didn’t want it to get buried” in the health-care debate. Hatch is “planning to announce” ICPA in more detail next week, Whitlock said.

Industry Support

Fred Humphries, corporate vice president of U.S. government affairs at Microsoft , said in a July 27 statement that “ECPA fails to address the global and pervasive nature of data use and storage” and updates to the law will help protect U.S. “privacy rights” and “help law enforcement keep people safe.”

Industry associations—including BSA|The Software Alliance, CompTIA, the U.S. Chamber of Commerce, TechNet, among others—wrote a letter July 27 to Hatch and Coons throwing their support behind the Hatch bill because it “modernizes the U.S. approach” to privacy protections and “law enforcement access to data.” The legislation strikes a “delicate balance between citizens’ inviolable privacy rights and the law enforcement community’s imperatives for gathering evidence” in criminal investigations, the letter said.

Separately, BSA|The Software Alliance said in a July 27 statement that it supports Lee and Leahy’s ECPA Modernization Act and looks “forward to working with Congress to pass ECPA reform legislation.”

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Text of the Email Privacy Act (S. 1654) is available at http://src.bna.com/rcH.Text of the ECPA Modernization Act (S. 1657) is available at http://src.bna.com/rcI.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security