Leahy Includes ECPA Reform, Cybersecurity On Judiciary Agenda for 113th Congress

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) Jan. 16 said that reform of the Electronic Communications Privacy Act, which has implications for the government's access to sensitive data stored by “cloud computing” providers, will be among his top priorities for the 113th Congress.  

With cloud computing, users may store and manage data such as email messages on remote computer networks operated by third parties. Uncertainty about ECPA's protection of cloud data is seen by some as a hindrance to the growth of the industry.

“I will keep pushing to update our privacy laws to address emerging technology and the internet, including the Electronic Communications Privacy Act and cybersecurity laws,” Leahy said, according to the text of a speech he presented at the Georgetown University Law Center.

In November 2012, the Judiciary Committee approved a Leahy proposal (H.R. 2471 Substitute) that included provisions to update ECPA by requiring the government to obtain a search warrant based on a showing of probable cause when seeking access to electronic communications, including in the case of remote computing service providers (11 PVLR 1702, 12/3/12).

The measure, which prompted concerns from the law enforcement community, was advanced on a committee voice vote but ultimately did not make it to the Senate floor.

Sen. Chuck Grassley (R-Iowa), the panel's ranking member, said that, although he was willing to cooperate with reporting the bill out of committee, he continued to have reservations about the ECPA provisions that he wanted to address. That dialogue is expected to resume in the current Congress.

ECPA reform supporters include cloud providers Microsoft Corp. and Google Inc., as well as privacy groups.

The 112th Congress failed to reach agreement on cybersecurity legislation (11 PVLR 1680, 11/19/12). A key area of contention over the cybersecurity bill (S. 3414) was language calling for voluntary cybersecurity standards for critical parts of the private sector.

Leahy made ultimately unsuccessful attempts to add privacy protections to the legislation, including an amendment to establish national data security breach notification rules (11 PVLR 1228, 8/6/12).

In the wake of the inability of Congress to pass cybersecurity legislation, President Obama is mulling whether to issue a cybersecurity exective order (12 PVLR 31, 1/7/13).

Leahy's prepared speech, as well as a link to an archived webcast of his presentation, is available at http://www.leahy.senate.gov/press/113-sjc-agenda-speech.

Request Bloomberg Law: Privacy & Data Security