ecpa reform – Techdirt (original) (raw)

Stories filed under: "ecpa reform"

Congress Tries Once Again To Require Warrants To Search Emails

from the will-it-actually-happen? dept

The efforts to reform ECPA — the Electronic Communications and Privacy Act — have been going on for basically two decades at this point. The law, which was passed in 1986, has a whole bunch of problems, with the biggest one (as we’ve discussed dozens of times) being that it considers any email that’s been on a server for more than 180 days “abandoned,” and thus freely searchable by law enforcement without a warrant. That’s because there was no concept of cloud computing back in 1986. People who got email “retrieved” those emails off of a server and downloaded them to local storage. Many in Congress have been trying to fix this for so, so, so many years. And it always gets blocked. The IRS and the SEC have both been fairly proactive in trying to block ECPA reform bills that will require a warrant (funny: I thought it was the 4th Amendment that made such a warrant necessary, but, silly me, no one cares about the 4th Amendment any more).

Last year, a plan to fix ECPA, called the Email Privacy Act, with an astounding 315 co-sponsors, passed the House unanimously. As we noted at the time, this is fairly incredible. In these contentious times — especially on issues related to surveillance and law enforcement — to have a unanimous vote on a law that says “get a warrant” if you want access to emails, is quite incredible. But, of course, even with that much support on that side of Congress, the Senate has a way of killing ECPA reform each and every year. Last year, a few Senators — including Jeff Sessions, who is likely to be our next Attorney General — tried to bury it with ridiculous amendments that would expand surveillance.

On Monday, the reintroduced Email Privacy Act easily passed the House via a voice vote, showing that our Congressional Members still recognize how important this is. Of course, now it gets to go back to the Senate, and we saw how well that worked last year. And then we have to believe that President Trump will sign the bill. Stranger things have happened, of course, but it still seems like a longshot that real ECPA reform will become law this year. It’s great that Rep. Kevin Yoder, along with Reps. Jared Polis, Bob Goodlatte, John Conyers, Ted Poe, Suzan DelBene, Will Hurd, Jerry Nadler, Doug Collins and Judy Chu keep pushing this bill. I disagree with many of the folks on that list on a number of other issues we cover, but the fact that they’re willing to support basic 4th Amendment concepts for email is worthy of recognition. Now, hopefully, the Senate won’t try to muck it up again.

Filed Under: 4th amendment, ecpa, ecpa reform, email, email privacy act, irs, kevin yoder, sec, warrants

Senator Jeff Sessions Looks To Blast A Giant Hole In The 4th Amendment For 'Emergency' Response

from the yikes dept

Yesterday we wrote about an already troubling attempt by Senator John Cornyn to attach a dangerous amendment to the Senate’s ECPA reform bill that would massively expand what kinds of electronic communications the FBI has access to (as we noted, the FBI already pretends it has access to this very info, so really this law would be papering over the FBI’s illegal collection of this info). But there’s another amendment, put forth by Senator Jeff Sessions, that is just as, if not more, troubling. It’s basically creating a massive loophole in the 4th Amendment, saying that any and all basic oversight can be tossed out the second the FBI declares the situation to be an “emergency.”

The amendment would allow the government to bypass the warrant requirement in times of claimed emergency. Specifically, it would mandate that providers turn over sought-after data in response to a claimed emergency from federal, state, or local law enforcement officials. Under current law, companies are permitted, but not required, to comply with such emergency ? and warrantless ? requests for data.

There are two huge problems with this proposal. First, it appears to be responding to a problem that doesn?t exist. Companies already have discretion to make emergency disclosures to governmental officials, and proponents of the legislation have failed to identify a single instance in which providers failed to disclose sought-after information in response to an actual, life-threatening emergency. To the contrary, the data suggest that providers do in fact regularly cooperate in response to emergency requests. (See the discussion here.)

Second, and of particular concern, the emergency disclosure mandate operates with no judicial backstop. None. Whatsoever. This is in direct contrast with the provisions in both the Wiretap Act and Foreign Intelligence Surveillance Act (FISA) that require companies to comply with emergency disclosure orders, but then also require subsequent post-hoc review by a court.

Even a long-term law enforcement guy, James Trainum, is worried about the impact of such a law:

In my 27 year career in law enforcement, the majority of which I spent as a homicide detective with the Metropolitan Police Department of Washington, D.C., I sought and obtained communication records in the majority of my investigations. I encountered no problems obtaining these records under the current law and in the rare, truly emergency situation, the law posed no undue burden. I have found that complying with the requirements to obtain records in a non-emergency situation actually helped me build stronger cases because, by following the rules, the evidence was unassailable in court. Unfortunately, too many of my colleagues, for whatever reason, would try to take the shortcuts that the new law would encourage.

Changing the emergency exception law is unnecessary. The law permits providers to disclose private communications to the government whenever they have a good-faith belief that such disclosure is required to respond to an emergency. Furthermore, emergency exceptions are quite uncommon. For example, in 2014 Google received only 342 emergency requests, compared to 20,280 subpoenas and search warrants, and information was provided in response to the vast majority of those emergency requests. If a provider finds a problem with the request, law enforcement can always revise it to address concerns.

As we’ve discussed, back in April the House voted unanimously to fix ECPA. And while the Senate has dragged its feet until now, it’s disappointing to see Senators like Sessions and Cornyn now try to attach dangerous amendments to ECPA reform that basically destroy whatever good that is in there. Both of those Senators should be ashamed — and their colleagues should reject these proposals.

Filed Under: 4th amendment, ecpa, ecpa reform, emergencies, jeff sessions, warrants

FBI Pushing For Legislation That Will Legalize Its National Security Letter Abuses

from the fighting-terrorism-means-never-having-to-say-you're-sorry dept

One of the more interesting things to sneak out around the edges of the FBI’s redaction bars in Yahoo’s document dump of National Security Letters was the sheer amount of information the agency was demanding. The FBI — using letters it writes and approves with no outside oversight — wants all of the following in exchange for a piece of paper backed by nothing but the FBI’s “national security” claims.

In preparing your response to this National Security Letter, you should determine whether your company maintains the following types of information which may be considered by you to be an electronic communications transactional record in accordance with Title 18 United States Code § 2709.

Subscriber name and related subscriber information

Account number(s)

Date the account opened or closed

Physical and or postal addresses associated with the account

Subscriber day/evening telephone numbers

Screen names or other on-line names associated with the account

All billing and method of payment related to the account including alternative billed numbers or calling cards

All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and or user names identified by you as belonging to the targeted account in this letter

Internet Protocol (IP) addresses assigned to this account and related e-mail accounts

Uniform Resource Locator (URL) assigned to the account

Plain old telephone{s) (POTS), ISDN circuit(s), Voice over internet protocol (VOIP), Cable modem service, Internet cable service, Digital Subscriber Line (DSL) asymmetrical/symmetrical relating to this account

The names of any and all upstream and providers facilitating this account’s communications

This is odd because the FBI is not entitled to all of this information when using NSLs, as Gabe Rottman of CDT points out.

There are a few statutes that authorize the issuance of NSLs, but the most important—and the one with the greatest potential for abuse—is 18 U.S.C. § 2709, titled “Counterintelligence Access to Telephone Toll and Transactional Records.” As the name suggests, the authority was meant to be limited to phone records. It allows the FBI to issue NSLs to telecommunications companies to secure “the name, address, length of service, and local and long distance toll billing records of a person or entity” if the FBI certifies that they are relevant to a terrorism or espionage investigation. (The statute does mention the phrase “electronic communication transactional records,” but it still limits the types of covered records to name, address, length of service, and billing records–i.e., the equivalent of phone records.)

So, the FBI is asking for far more than it’s allowed to get with an NSL. It’s apparently hoping some NSL recipients won’t know they’re not required to turn over all of this information. Certainly, Yahoo knows, having battled the FBI (and the FISA court) over government demands for information. But the FBI issues thousands of these every year, and not every recipient is going to know what it does or doesn’t have to turn over to the feds.

This perhaps explains the push to expand the FBI’s NSL capabilities. Secret language in the Senate’s secret intelligence bill looks to add email metadata and possibly browsing history to the list of records the FBI can acquire with NSLs. FBI Director James Comey has been stumping for this change, claiming the only thing standing between the FBI and records it always should have had access to in the first place is a typo.

On top of that, Sen. John Cornyn is attempting to “fix” the ECPA… by making even more of a mockery of the words behind the acronym: Electronic Communications Privacy Act. This is what Cornyn wants to give the FBI warrantless access to:

Name, physical address, email address, telephone number, instrument number, and other similar account identifying information.

Account number, login history, length of service (including start date), types of service, and means and sources of payment for service (including any card or bank account information).

Local and long distance toll billing records.

Internet Protocol (commonly known as ‘IP’) address or other network address, including any temporarily assigned IP or network address, communication addressing, routing, or transmission information, including any network address translation information (but excluding cell tower information), and session times and durations for an electronic communication.

As you can see, some of those records are already being requested by the FBI with NSLs, even though it has no legal basis to do so. It appears the FBI is pushing for codification of practices it already uses. That’s the intelligence community way: it’s better to ask for legislative fixes than permission. It’s a forgiveness that pardons past behavior and permanently shields the agency from future legal challenges.

Filed Under: ecpa, ecpa reform, emails, fbi, national security letters, nsls

Senate Intelligence Committee Expands FBI NSL Powers With Secret Amendment To Secret Intelligence Bill

from the you'll-find-out-about-the-additions-when-you're-told-you-can't-talk dept

The annual intelligence authorization is under way, with the Senate deciding how much money the nation’s spy agencies will receive next year, along with anything else they can slip in while no one’s looking. The entire discussion takes place behind closed doors, so there’s very little stopping the Intelligence Committee’s many surveillance fans from amending the bill to increase intelligence agencies’ powers.

Fortunately, there’s still one person on the inside who continues to perform his oversight duties.

A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.

If passed, the change would expand the reach of the FBI’s already highly controversial national security letters.

[…]

The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”

Wyden did not disclose exactly what the provision would allow, but his spokesperson suggested it might go beyond email records to things like web-surfing histories and other information about online behavior. “Senator Wyden is concerned it could be read that way,” Keith Chu said.

The FBI’s history of abusing NSLs is well-documented. These letters allow the agency to route around judicial oversight by chanting “national security” while composing their requests. (Bonus feature: recipients are forbidden from talking about them… indefinitely.) Increasing the FBI’s access with no corresponding increase in oversight is definitely not a good idea, considering it has never shown interest in self-restraint.

The FBI historically has not had access to email records via NSLs, although it did spend several years doing exactly that before being shut down by the DOJ. It obviously wants that access again and FBI Director James Comey claims the only thing standing between it and the access it always thought it had is a “typo.”

If this secret amendment passes along with the authorization bill, it would weaken attempts to reform the ECPA — the 1986 law that gives the government warrantless access to emails and other online documents more than 180 days old. But rather than fix the Senate intelligence authorization bill, legislators are looking to carve a hole in the recently (and unanimously) passed Email Privacy Act.

Sen. John Cornyn, R-Texas, is expected to offer an amendment that would mirror the provision in the intelligence bill.

Privacy advocates warn that adding it to the broadly supported reform effort would backfire.

“If [the provision] is added to ECPA, it’ll kill the bill,” Gabe Rottman, deputy director of the Center for Democracy and Technology’s freedom, security, and technology project, wrote in an email to The Intercept. “If it passes independently, it’ll create a gaping loophole. Either way, it’s a big problem and a massive expansion of government surveillance authority.”

The FBI should be sending out fruit baskets to the Senate Intelligence Committee for both expanding its surveillance reach and undercutting a much-needed reform effort. Secret laws made by secretive committees during closed-doors sessions doesn’t seem very “American,” but much like the super-secretive NSLs the FBI loves so much, the routine invocation of “national security” tends to ward off the scrutiny this process desperately needs.

Filed Under: 4th amendment, appropriations, ecpa, ecpa reform, fbi, national security letters, nsls, senate intelligence committee, surveillance, warrants

SEC And Chuck Grassley Still Trying To Stop Email Privacy Act That Got UNANIMOUS Support In The House

from the because-fuck-the-4th-amendment,-that's-why dept

Hey, remember last week, when lots of folks were super excited about the US House of Representatives unanimously voting in favor of the Email Privacy Act? They voted 419 to 0. That kinda thing doesn’t happen all that often. I mean, sure it happens when condemning ISIS, but they couldn’t even make it when trying to put sanctions on North Korea. Basically, something needs to be really, really screwed up to get a unanimous vote in the House. And the Email Privacy Act, which goes a long way (though not far enough) towards fixing ECPA (the Electronic Communications Privacy Act of 1986) that makes it way too easy for the government to snoop on your electronic communications, actually got that unanimous vote.

So it should be moving forward and well on its path to becoming law, right? Right?!? Well… about that. You see, as we’d mentioned in the past, the SEC has been the main voice of opposition to the Email Privacy Act, since it (along with the IRS), kinda like the fact that they can snoop through emails without a warrant. Never mind that it’s probably unconstitutional, it makes their jobs so much easier. And, really, isn’t that the important thing?

Apparently, Senator Chuck Grassley thinks so. And, hey, bad luck for, well, everyone, because Grassley just happens to be the guy in charge of moving the bill forward on the Senate side. And he’s not having any of it right now, claiming that there are “concerns” about the bill:

?Members of this committee on both sides of the aisle have expressed concerns about the details of this reform, and whether it?s balanced to reflect issues raised by law enforcement,? said Sen. Charles Grassley, the chairman of the Senate Judiciary Committee, on Thursday.

Concerns? It didn’t seem like anyone in the House was concerned about it because (I should remind you) it passed unanimously. And that’s because it’s really only making fairly common sense changes to the law to require a warrant (as required by the 4th Amendment) to snoop on emails.

And just what “law enforcement” issues have been raised? Sounds like it’s our friends at the SEC yet again:

The Securities and Exchange Commission is still fighting a House-passed bill to require law enforcement to get a warrant before obtaining messages from email providers. ?[The Email Privacy Act] would create a dangerous digital shelter for fraudsters,? SEC Enforcement Director Andrew Ceresney said in a statement to POLITICO. ?The privacy interests the bill addresses can be fully achieved without blocking civil law enforcement agencies like the SEC from obtaining the evidence it needs to protect investors.?

No. Actually, it doesn’t create a “digital shelter for fraudsters.” That’s SEC Enforcement Director Andrew Ceresney lying through his teeth. It just means that the 4th Amendment needs to be obeyed when obtaining emails that are hosted on cloud providers. Just like a warrant is needed to obtain someone’s personal papers. It’s not creating a digital shelter. It’s harmonizing the rules for digital content so they match the rules for physical documents and communications. And, in doing so, protecting the privacy and the very concept of the 4th Amendment.

Either way, all that momentum in the House may be for nothing if the SEC and Grassley get their way.

Filed Under: chuck grassley, congress, ecpa, ecpa reform, email, email privacy act, house, irs, privacy, sec, senate

House Votes Unanimously In Favor Of Requiring A Warrant To Search Emails

from the yay! dept

The push to reform ECPA — the Electronic Communications Privacy Act — have been going on basically as long as this site has been in existence (i.e. nearly 20 years). There are lots of problems with ECPA, but the big one that everyone points to is that it considers any communication that’s on a server more than 180 days to be “abandoned” and accessible without a warrant. That perhaps made some amount of sense back in 1986 when the law was written, because everything was client-server and you downloaded your email off the server. But in an age of cloud computing and webmail it makes no sense at all. Still, the IRS and the SEC really, really liked the ability to use ECPA to snoop on people’s emails.

In the past few years, Congress has kept supporting reform, but it always dies when some part of the administration complains and tries to block it. And yet, each time it enters Congress, it gets more and more sponsors. And, finally, the full House has voted to pass the Email Privacy Act. It was no surprise that it passed. The bill had an astounding 315 cosponsors. Seriously:

Still, it’s impressive that the bill ended up passing unanimously, 419 votes to 0 (and 14 missing votes). On an issue like this, that’s surprising. You figured there would be some Congressional rep from somewhere arguing that this would let terrorists and child predators off the hook or something.

The bill is certainly not perfect, and could be improved, but it’s nice to see the House get the basics right. Now, we wait and see what happens in the Senate… Will the Senate ignore a unanimous House and let this bill just die, or will it finally do the right thing and protect email privacy?

Filed Under: 4th amendment, congress, ecpa, ecpa reform, email, house, kevin yoder, privacy, warrant

Microsoft Sues Government Over Its ECPA-Enabled Gag Orders

from the silent-service dept

Microsoft isn’t the first company to sue the government over its gag orders. Google, Yahoo, Twitter, and a small ISP called Calyx Internet Access have all taken the government to court over its various demands for secrecy it ties to its National Security Letter requests.

But the more the merrier. Sooner or later, someone’s going to have to side with the recipient. As Microsoft alleges in its announcement of the lawsuit, the secrecy problem is getting worse, instead of better — despite the national discussion over domestic surveillance, expanded government power and the ongoing circumvention of due process.

It’s not that Microsoft believes the government is never entitled to secrecy. It’s that the demand for secrecy seems to be its default position.

To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the government’s warrant would create a real risk of harm to another individual or when disclosure would allow people to destroy evidence and thwart an investigation. But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.

The government is demanding information from Microsoft while telling it to shut up nearly 150 times a month.

Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data.

Worse, in a majority of these cases, Microsoft has been ordered to maintain its silence indefinitely.

Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.

The lawsuit claims these gag orders violate multiple rights of multiple parties. Those whose data is being requested are having their Fourth Amendment rights violated by the undisclosed searches. Microsoft’s First Amendment rights are being violated by the accompanying gag orders.

At the center of Microsoft’s lawsuit is a terrible law: the ECPA.

Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them. Yet the Electronic Communications Privacy Act (“ECPA”) allows courts to order Microsoft to keep its customers in the dark when the government seeks their email content or other private information, based solely on a “reason to believe” that disclosure might hinder an investigation. Nothing in the statute requires that the “reason to believe” be grounded in the facts of the particular investigation, and the statute contains no limit on the length of time such secrecy orders may be kept in place.

[…]

That antiquated law (passed decades before cloud computing existed) allows courts to impose prior restraints on speech about government conduct—the very core of expressive activity the First Amendment is intended to protect— even if other approaches could achieve the government’s objectives without burdening the right to speak freely. The statute sets no limits on the duration of secrecy orders, and it permits prior restraints any time a court has “reason to believe” adverse consequences would occur if the government were not allowed to operate in secret. Under the statute, the assessment of adverse consequences need not be based on the specific facts of the investigation, and the assessment is made only at the time the government applies for the secrecy order, with no obligation on the government to later justify continued restraints on speech even if circumstances change…

As the lawsuit points out, the outdated law isn’t built to handle the reality of cloud computing. Unfortunately, law enforcement agencies like the FBI are perfectly willing to exploit the loopholes this mismatch provides. Rather than approach individuals under investigation and search their home or place of business (if that’s where the communications are stored/originate) the government uses the ECPA to demand information from virtually unrelated parties like service providers, simply they provide cloud storage options.

The Fourth Amendment’s requirement that government engage only in “reasonable” searches necessarily includes a right for people to know when the government searches or seizes their property. See Wilson v. Arkansas, 514 U.S. 927, 934 (1995). For example, if the government comes into a person’s home to seize her letters from a desk drawer or computer hard drive, that person in almost all circumstances has the right to notice of the government’s intrusion. The same is true when the government executes a search of a business to seize emails from the business’s on-site server. But Section 2705(b) subjects Microsoft’s cloud customers to a different standard merely because of how they store their communications and data: the statute provides a mechanism for the government to search and seize customers’ private information without notice to the customer, based upon a constitutionally insufficient showing. In so doing, Section 2705(b) falls short of the intended reach of Fourth Amendment protections, which do not depend on the technological medium in which private “papers and effects” are stored.

It also points out how the government has used the law to treat physical searches and digital searches completely differently, thanks to the flaws in the legislation. While physical “sneak-and-peek” searches can be performed without notification of the target, the silence can only be maintained for 30-90 days. But if it goes after cloud backups, it can approach Microsoft and hit it with an indefinite demand for silence.

Considering how many ECPA reform false starts there have been over the years, Microsoft’s demand — if granted — could render some of that effort moot. It could also help fill in some of the gaps created by the recent carve-outs that have allowed the bill to finally move out of committee.

For these reasons, Microsoft asks the Court to declare that Section 2705(b) is unconstitutional on its face.

To sum up using all the metaphors, this swing for the fences could kill several birds with one stone if the court finds in favor of Microsoft: ECPA will be hobbled badly and will no longer be the go-to justification for government gag orders and, if the gag orders themselves survive, they’ll likely be limited to something less than “indefinitely” and be held to a higher level of scrutiny when they’re issued.

Filed Under: ecpa, ecpa reform, email, gag orders, law enforcement, nsls
Companies: microsoft

Congress Might Actually Be Moving Forward On Fixing Outdated Email Privacy Law!

from the didn't-see-that-coming dept

We’ve been talking about and asking for ECPA reform for many, many years, and it might finally be moving forward. ECPA is the Electronic Communications Privacy Act, which details how the government can get access to your electronic communications. The law was written in the early 1980s, and as you’ve probably noticed, we live in a very different world these days as it pertains to electronic communications. One key example: the law says that messages left on a server for more than 180 days are considered abandoned and can be searched without a warrant. That may have made some sense (though, not really) in a client-server era, where everyone downloaded their messages leading to them being deleted from a server, but it makes no sense at all in an era of cloud computing.

The main foes against updating ECPA have been government agencies that have investigatory powers, but not the ability to get a warrant — mainly the SEC and the IRS, with the SEC being the real stumbling block. The SEC really liked the fact that it could snoop through emails without a warrant. So, even with massive support in Congress, ECPA reform never went anywhere.

So it was a bit surprising to folks this week to see Rep. Bob Goodlatte announce that the Judiciary Committee will now markup the ECPA reform bill, meaning that the bill is moving forward again. It’s not entirely clear why it’s happening now, but at the very least, it sounds like the SEC’s constant protests may no longer be an obstacle. Hopefully it does move forward, and whatever results from the process leads to much stronger privacy protections on electronic communications, such as actually requiring a warrant, like the 4th Amendment says should happen.

Filed Under: bob goodlatte, ecpa, ecpa reform, electronic communications, email, irs, judiciary committee, markup, sec, surveillance

Important California Privacy Bill Signed Into Law: Police Need A Warrant To Look At Your Data

from the now-for-federal-reform dept

For a long time now, we’ve been talking about the need for ECPA reform. ECPA — the Electronic Communications Privacy Act — is a truly outdated piece of law that law enforcement regularly abuse to conduct warrantless searches on your digital information. There are a number of problems with it, but the most cited one is the fact that it considers emails to be “abandoned” if they’ve been on a server for 180 days, and thus no warrant is needed to read those emails. That may have made sense in the mid-1980s when the law passed and the few people who used email downloaded their emails from a server to a local disk, but it makes no sense at all in the cloud era. However, actually getting ECPA reform through Congress has proven difficult, in large part because some in law enforcement really like this ability to snoop on your emails.

Thankfully, here in California, Governor Jerry Brown has just signed a new bill, for CalECPA, which protects users’ digital information here in California. Just like the federal ECPA should do, CalECPA requires a warrant for access to digital records, including emails and text messages — and the same goes for geographical location information.

This is a big win for EFF and the ACLU, who have been pushing for this law to make it through the California Assembly and then have Governor Brown sign it. Now, if only we could do something similar at the federal level…

Filed Under: calecpa, california, ecpa, ecpa reform, email, jerry brown, location info, privacy, text, warrant

White House Vaguely Agrees Outdated ECPA Should Be Reformed But Only With An Eye On The Government's 'Interests'

from the SOMEONE-SHOULD-REALLY-FIX-THAT-SOMETIME dept

The Obama administration must be doing a little housecleaning in preparation for the 2016 winner. After months of highly-sporadic and belated responses to We The People petitions, it’s answered two big ones (that have been sitting around forever) in a single day. It’s also issued a handful of other responses to open petitions, some of which are little more than “we decline to respond,” accompanied by a link to the site’s Terms of Participation.

It took on two big petitions today. The first was a response to a request to pardon Snowden, which it denied under its “No Good Whistleblowing Goes Unpunished” policy. The second asked for a long-delayed rewrite of an outdated law.

The Electronic Communications Privacy Act has been in need of reform for years. If nothing else, the law’s misleading name needs to be changed. One of the more notorious aspects of the law is that it gives email less privacy protection than snail mail, which is already an exceedingly low bar.

The administration agrees that reform of this law — which treats email older than six months as “abandoned” and thus easily-accessible by law enforcement — is needed. However, it does so both belatedly, vaguely and disingenuously.

The We The People petition calling for ECPA reform was posted November, 12, 2013. It passed the 100,000-signature threshold roughly 30 days later. At that point, a response was “required.” 593 days later, that response has finally arrived.

It’s obvious that many — and arguably, most — Americans today use email as one of their primary means of communication. Particularly in an era where we keep so much of our lives online, the content housed there deserves strong privacy protections — which is at the core of what ECPA was designed to do. But over time, technology has evolved.

Which is why our policy teams agree with you: ECPA is outdated, and it should be reformed.

This is good news. Or it would be if there were any particular plan to get something done. While the response agrees that the outdated law’s take on email privacy protection is pretty much terrible, the administration doesn’t seem too willing to push for any specific reform effort.

We know there are still important details being worked out across government and in the halls of Congress. We aren’t going to endorse a single ECPA-reform bill at this time. As any given bill goes through committee and makes its way to the House and Senate floors, the draft is negotiated and modified to address concerns and strengthen the bill.

In other words, we like the idea of reform so much we’re going to do nothing about it. While efforts have been made over the past few years, they’ve been stalled/gutted to appease law enforcement and (yes, really) regulatory agencies’ interests. Very little forward motion has been made and without something stronger than “we’ll probably support whatever actually makes its way to the President’s desk” propelling this reform, it could still be several more years before the already-outdated law is rewritten to properly address a communication method that originated nearly 45 years ago.

Finally, the response sends a mixed message about reform in the very last sentence.

That said, we’re encouraged by the strong bipartisan support for updating this legislation in both chambers of Congress, and are looking forward to seeing this law address today’s technological realities while preserving the interests we must protect.

This seems to indicate it will be more supportive of a bill that has the backing law enforcement and other government agencies. A warrant requirement for emails older than six months isn’t that much of an imposition, but so far, it’s been a tough idea to sell. This last sentence shows the administration finds the government’s “interests” worth protection. The privacy interests of millions of Americans? Not so much.

Filed Under: 4th amendment, ecpa, ecpa reform, email, obama administration, privacy, warrant, we the people