March 20, 2013

Lawmakers propose change to "outdated" email privacy law

Two senators have introduced legislation to amend what they say is an outdated privacy bill by requiring law enforcement to obtain a warrant before they peruse citizens' emails and other electronic communications.

Lawmakers on Tuesday discussed making overdue changes to the Electronic Communications Privacy Act (ECPA), first drafted in 1986.

Currently, ECPA gives police the authority to obtain emails that are older than 180 days with only a subpoena, which is easier to obtain than a search warrant. Changes under the proposal, introduced Tuesday by Sens. Patrick Leahy, D-Vt., and Mike Lee, R-Utah, would require law enforcement to obtain a warrant for all emails, no matter how old they are.

At a House Judiciary Subcommittee on Crime, Terrorism, Homeland Security and Investigations hearing, Rep. James Sensenbrenner, R-Wis., called ECPA in its current state “complicated, outdated and largely unconstitutional.”

“Americans should not have to choose between privacy and the internet,” he said.

While the updated bill seeks to eliminate the 180-day email rule, there remains a provision that still allows authorities to retrieve internal corporate email with only a subpoena, according to an analysis of the proposed ECPA changes, posted on Leahy's website.

At the hearing, Richard Salgado, Google's director of law enforcement and information security, also spoke on the need to reform the privacy law, saying it does not contain adequate privacy safeguards.Google compiles a semi-annual "Transparency Report" that chronicles, by country, the requests it receives for user account information. More than a third of the requests come from U.S. law enforcement agencies.

“As the benefits of internet computing become more obvious and widespread, its growth shouldn't be artificially slowed by the outdated technology assumptions that are currently baked into parts of ECPA,” Salgado wrote on Google's Public Policy blog. “Nor should the progression of innovation and technology be hobbled by pre-internet ECPA provisions that no longer reflect the way people use the services or the reasonable expectations they have about government access to information they store on internet services.”

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.