Google and other tech industry players testified in Washington this week that the 30-year-old Electronic Communications Privacy Act (ECPA) needs and overhaul. The law, written in 1986, was meant to set warrant rules around government agencies’ access to personal data in the cloud.
Debate on the issue is taking center stage in Washington after gaining attention over the past few months, and reform legislation is now making its way through Congress.
The current ECPA allows government agencies to force Internet companies and network providers to hand over the content of email communications, without a warrant in some cases. That’s mainly because the law is too old to have explicitly laid out warrant rules for 21st century cloud technology.
“This pre-digital era law no longer makes sense: users expect, as they should, that the documents they store online have the same Fourth Amendment protections as they do when the government wants to enter the home to seize documents stored in a desk drawer,” said Richard Salgado, Google’s director for law enforcement and information security, in a blog post.
Salgado points out that the ECPA was found to be unconstitutional by the Sixth Circuit Federal Court of Appeals in United States v. Warshak back in 2010, adding that Google requires that law enforcement have a warrant to access any data on its servers.
One of the circumstances in which law enforcement can currently exploit vagaries in the ECPA is to obtain access to data owned by a foreign citizen without a warrant. The Department of Justice, for example, can claim that right when the data is stored in the servers of an American company, regardless of data privacy rights granted the citizen by his own country’s laws.
Some believe this use of the ECPA is hurting U.S. tech companies’ trade relations with other countries. The App Association’s Morgan Reed had this to say about that claim during testimony in front of a Senate committee Wednesday:
“For American tech companies to remain global leaders, we must be clear with our trading partners that their citizens can store data in their home country with a U.S. company and retain the privacy protections provided by their sovereign government,” Reed said. Google’s Salgado also testified at the hearing Wednesday.
The App Association supports a bipartisan piece of legislation called the Law Enforcement Access to Data Stored Abroad Act (LEADS) to fix the problems in the ECPA. The legislation establishes a clear set of rules governing how law enforcement can access data stored abroad.
The White House in July endorsed a petition to have the ECPA law upgraded. At its We The People petition website, the White House yesterday endorsed a petition called “Reform ECPA: Tell the Government to Get a Warrant.”