Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
U.S. tech companies are hopeful that a bipartisan group of lawmakers will finally be able to enact an update to the federal email privacy statute governing how they respond to law enforcement requests for customer data, panelists and lawmakers said at a May 24 Senate Judiciary Subcommittee on Crime and Terrorism hearing.
The push for a modernized Electronic Communications Privacy Act (ECPA) would eliminate legal uncertainty facing U.S. technology companies, especially cloud computing services and email providers that store customer information in data centers outside the country, such as Alphabet Inc.'s Google and Microsoft Corp.
ECPA bans unauthorized interception of electronic communications. The Stored Communications Act, which is part of ECPA, prohibits unauthorized access of electronic communications in a storage facility. An update to the outmoded laws would give companies increased clarity as they try to expand in the growing cloud services marketplace, privacy attorneys told Bloomberg BNA.
Subcommittee Chairman Sen. Lindsey Graham (R-S.C.) said at the hearing that “from a congressional point of view, we can fix” law enforcement access to data abroad issues “or we can help criminals.”
Cameron F. Kerry, privacy and data security senior counsel at Sidley Austin LLP in Boston, told Bloomberg BNA that the U.S. needs to “take the lead” in setting email privacy standards, and Congress should address the issue. The U.S. is “home to the world’s leading internet, technology and cloud companies,” so those companies tend to be “hit the hardest,” he said.
ECPA “needs to be updated to reflect today’s digital world,” Kerry, who served as acting secretary at the Department of Commerce, said. The government and private sector, he said, need to find a “more balance approach that takes into account factors like where the data is located and where the data subject is.”
Morgan Reed, president at ACT | The App Association in Washington, told Bloomberg BNA that changes to ECPA will help clarify how companies should “handle the various legal requirements.” Leading U.S. cloud computing providers may see the biggest hit to their revenues and growth opportunities without necessary clarifications, he said.
ECPA reform bills seek to erase distinctions between how email services and remote computing providers are treated in regard to email privacy. Bills now pending in Congress would generally require the government to obtain a warrant to compel disclosure of customer content regardless of the age of the communications.
U.S.-based cloud companies support changes to ECPA because, as the law stands now, there are different requirements to obtain electronic communications depending on the service provider and how long the data are stored.
One proposal to update the law would require email privacy updates, and a warrant for law enforcement access to stored communications by eliminating language in ECPA treating emails more than 180 days old as abandoned and, thus, obtainable with a subpoena or court order.
In a case involving Microsoft emails stored on servers in Ireland, the U.S. Court of Appeals for the Second Circuit ruled that the SCA doesn’t contemplate extraterritorial application and that the term of art, “warrant,” used in the SCA was intended to protect privacy rights.
Brad Smith, Microsoft’s president and chief legal officer, said under questioning from Graham that the privacy issues of most concern involve data belonging to a foreigner located abroad. In prepared testimony, Smith said that law enforcement access to stored data laws “are outdated in many respects” around the world.
Steven Wasserman, treasurer of the National Association of Assistant U.S. Attorney, told Bloomberg BNA that although there should be a “warrant requirement for accessing emails,” email privacy bills so far don’t take into account warrant exceptions in emergency situations. Law enforcement requests for data “should be treated as any other search warrant under the Fourth Amendment,” he said.
There are “obstacles to obtaining” data stored abroad, Brad Wiegmann, deputy assistant attorney general, testified. Criminals will be able to evade detection without changes, he said. Wiegmann declined to tell Bloomberg BNA whether he supports a specific ECPA update bill. The DOJ didn’t immediately respond to Bloomberg BNA’s email requesting comment.
Updating the decades-old ECPA has been before Congress for many years. Various bills have cleared the House but hit roadblocks in the Senate.
In this Congress, the Email Privacy Act ( H.R. 387) introduced by Rep. Kevin Yoder (R-Kan.) passed the House Feb. 6. It has the backing of some of the largest cloud computing companies in the U.S., including Microsoft, Amazon.com Inc. and Google, according to Bloomberg Government data. House Judiciary Committee Chairman Bob Goodlatte (R-Va.) said he has prodded the Senate to take up the measure.
Sen. Orrin Hatch (R-Utah) took to the Senate floor May 23 to discuss the bipartisan International Communication Privacy Act, which aims to “set clear rules for when and how U.S. law enforcement can access electronic data based on the location and national of the person whose data is being sought,” Hatch said on the Senate floor.
Hatch’s bill, which he plans to reintroduce after it died in committee in the last Congress, would establish a legal framework for law enforcement bodies to use warrants to obtain emails sent to or from any U.S. citizen, even if that person—or the server being used to send and store emails—is overseas.
However, changes to ECPA are already hitting resistance in the Senate. For example, Sen. John Cornyn (R-Texas), a subcommittee member, has pushed for an expansion of the FBI’s use of national security letters to require access.
With assistance from George R. Lynch in Washington
To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Further information on the hearing is available at http://src.bna.com/pbp.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)