On Tuesday, the Judiciary Committee in the House of Representatives held an important legislative hearing to examine the Email Privacy Act (H.R. 699). H.R. 699 would update the Electronic Communications Privacy Act (ECPA) of 1986 to ensure that emails are treated like regular mail and the government cannot compel email services or other third-parties, such as cloud providers, to hand over emails or other documents without a warrant.
The Alliance is encouraged by the hearing, and urges the Committee and the full House of Representatives to swiftly pass the legislation.
ECPA was enacted nearly three decades ago, well before the existence of companies like Google and Dropbox, and has failed to keep pace with evolving technologies. Today, email and storage of a variety of documents, from the mundane to the most sensitive, are part of everyday life.
As it stands, any emails or other documents stored in the cloud for more than 180 days are effectively available for the government to sift through. According to the government, “if it is that old, s/he must not want it anymore.” This line of thinking may have been appropriate in 1986, but it is clearly outdated in 2015, where users are storing emails and other documents for years, if not decades, in the cloud.
Which brings us to the need for swift passage of the Email Privacy Act. Around the country, states are tackling the issue, crafting their own privacy laws to ensure they reflect today’s landscape. While these efforts should be applauded (the Alliance signaled its support for CalECPA in October 2015), a nationwide approach to the problem is far preferable to the current patchwork of laws. Under the current framework, businesses and consumers must navigate multiple laws, spending valuable resources to figure out what is protected in which state.
Even against this backdrop, the bill still faced opposition from some corners during the hearing. The Securities and Exchange Commission (SEC), for its part, argued for a carve-out for civil agencies to gain access to stored information with a court order but did not specify the standard. The SEC claims that without such a provision, agencies would be unable to obtain evidence, allowing alleged perpetrators to conceal information from investigators. In addition, the Tennessee Bureau of Investigation and the National Association of Assistant United States Attorneys argued that law enforcement efforts would be severely hindered and could expose the United States to an increased terrorism risk.
However, none of these arguments hold water. Many law enforcement entities and nearly all service providers are clear that documents will not be handed over to the government without probable cause, making a warrant the de facto standard. Moreover, to address fears of an increased risk of terrorism, the bill explicitly states that the nation’s Foreign Intelligence Surveillance Act (FISA) will not be affected if H.R. 699 is enacted.
Passing the Email Privacy Act would not make it harder to fight crime or protect our nation. The bill would simply codify what countless businesses and law enforcement entities are already doing to protect emails and other documents. Given the bill’s widespread support from both sides of the aisle, and the weak and unfounded arguments against it, Congress should work fast to pass H.R. 699.
U.S. Director of Policy and Government Relations