House Judiciary Continues Email Privacy Law Overhaul Debate

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller and Ayanna Alexander

U.S. technology companies are often in an “untenable situation” when law enforcement requests customer data stored abroad, House Judiciary Committee Chairman Bob Goodlatte (R-Va.) said at a June 15 hearing.

U.S. tech sector and bipartisan lawmakers have pushed for updates to the nearly 30-year-old Email Communications Privacy Act (ECPA) and its related Stored Communications Act (SCA). ECPA bans unauthorized interception of electronic communications. The SCA, which is part of ECPA, prohibits unauthorized access of electronic communications in a storage facility.

Tech giants such as Alphabet Inc.'s Google, Apple Inc., Amazon.com Inc., and Microsoft Corp. have supported updates to ECPA and the SCA.

Updating the law would lift legal uncertainty that U.S. technology companies and email service providers say they face. They often have overseas data centers and get requests from law enforcement agencies for data related to investigations. However, ECPA remains unclear as to how much and which data stored abroad is available under such requests, they say.

The “rapid growth of international communications infrastructure” has caused issues to arise concerning law enforcement access to data stored abroad, with “U.S. technology companies at the center,” Goodlatte said. At the moment, U.S. companies often have to decide, as was shown in the 2016 decision by the U.S. Court of Appeals for the Second Circuit in Microsoft v. U.S. and others that followed, between complying with foreign or domestic laws for stored data, he said.

Richard Salgado, director of law enforcement and international security at Google, said in response to questions from Rep. Doug Collins (R-Ga.) that ECPA “is pretty aged” and updates to the law are “quite urgent.” ECPA overhaul “increases privacy protections and enhances law enforcement access” to data stored abroad, he said.

Twelve technology trade groups and associations in a June 15 letter to House Judiciary leaders supported a change in the law. They said that virtually every U.S. company is “now part of the global digital economy in some way. They use cloud computing to store customer data, correspond via email, and make transactions online. To keep growing our economy and creating jobs, U.S. businesses need Congress to modernize the laws governing cross-border access to digital information.”

ECPA Update Measures

The House Feb. 6 passed a measure to update ECPA. The Email Privacy Act (H.R. 387), introduced by Rep Kevin Yoder (R-Kan.), would require law enforcement to obtain a warrant before obtaining data “that is in electronic storage with or otherwise stored, held or maintained by that service,” regardless of the age of the communications.

On the Senate side, Sen. Orrin Hatch (R- Utah) recently introduced the International Communications Privacy Act, which would establish a legal framework for law enforcement bodies to use warrants to obtain emails sent to or from any U.S. citizen, even if that person—or the server being used to send and store emails—is overseas. The Senate has yet to take up the measure.

Salgado said that the tech sector seeks updates to ECPA “to codify the requirement that U.S. governmental entities obtain a search warrant in order to compel service providers to disclose the content of users’ communications.”

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com; Ayanna Alexander in Washington at aalexander@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Further information on the hearing is available at http://src.bna.com/pUh.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.