111 K Street NE
Washington, DC 20002
- Toll Free 1.888.564.6273
- Local 202.783.3870
Top Ten Reasons to Reform Digital Privacy Rights
By Scott Alford
Mark Zuckerberg, CEO of Facebook, was two years old when the Electronic Communications Privacy Act (ECPA) was passed. ECPA, our digital privacy law, desperately needs an update. When Congress passed ECPA in 1986, today’s mass-marketed, high capacity computers were the stuff of sci-fi dreams. Digital technology is now a staple of modern American life. Originally, the ECPA legislation was an attempt to balance online privacy with law enforcement while further enhancing technological development. However, time has shown that privacy has not been respected. The opposite has happened, the federal government’s “national security” “rights” have greatly expanded. ECPA regulation should be reformed to adapt to current technology and to protect Constitutional rights in the digital realm. Here are the top ten reasons to reform Digital Privacy Standards.
1. Digital Privacy Standards Are Outdated
ECPA was forward-looking legislation when it was created and the internet was still experimental. While the law has been patched and mended for over thirty years, much of it remains archaic. "No one could have imagined just how the Internet and mobile technologies would transform how we communicate and exchange information today," said Senator Leahy (D-VT), "Three decades later, we must update this law to reflect new privacy concerns and new technological realities." Digital Privacy Rights need to be brought “up to high speed,” to cover recent technologies and ensure we protect citizens’ constitutional rights.
2. The Law is too Complex and Vague
Digital Rights Standards establish horribly confusing guidelines for how the government can access electronic information. Compounding this complexity is a series of paradoxical court decisions resulting in mixed enforcement and confusing judicial precedent. The law must be made consistent and simple.
The legal framework of ECPA impedes the justice system and impedes law enforcement efforts and greatly complicates the training of computer crime investigators. ECPA must set a consistent standard regardless of technology or platform or whether the information is stored or transferred. The law must be simplified and made clear and consistent to protect rights, advance technology, and enhance Constitutional protections.
3. Loopholes and Unreasonable Exemptions Permit Government Abuse
At the time ECPA was created, storing data long-term would have been technologically impossible or prohibitively expensive, so it went unaddressed. Under modern technology, ECPA rules weaken protection on emails and documents. For example, if the document is stored on a desktop computer, it is fully protected by the warrant requirement of the Fourth Amendment. However, ECPA permits the same document to be searched without a warrant if it is stored with a service provider -on the cloud or if it’s an email stored longer than 180 days
Under the law, a single email or document is subject to separate legal standards as its written, sent and opened. Current loopholes in our privacy laws must be closed for a short list of reasonable exceptions to ensure that electronic information receives full warrant protection regardless of their age or nature.
4. Weak Digital Privacy Enforcement
Under current ECPA provisions, digital privacy and non-digital goods don’t share the same level of protection. ECPA protections should be modernized to comply with the Fourth Amendment’s protections against “unreasonable searches and seizures.” ECPA should apply the same strict standards of personal privacy for electronic and non-electronic information.
If evidence is illegally obtained by breaking into someone house, it cannot legally be used in court. The same should apply if an agency of government doesn’t specifically get a warrant for digital evidence. Rep. DelBene. (D-WA) summed it up, “When current law affords more protections for a letter in a filing cabinet than an email on a server, it’s clear our policies are outdated.” The law must require equal protection of rights under the law.
5. Unconstitutional Bulk Data Requests
ECPA must ban government from using general warrants to search private information. With just a few general “warrants,” the government spied upon billions of emails. Generalized warrants violate the intent of the Founders on the Fourth Amendment and the process of obtaining warrants must be reformed.
If the federal government needs to access digital records, they must give specific data requests. The Fourth Amendment specifies that warrants must be “supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” General digital warrants are inconsistent with the rights affirmed by the Constitution. ECPA must be reformed to protect our rights.
6. Safeguarding Against Government GPS Tracking
Over 80 percent of the American people own cellular phones. Yet, most are unaware that location information broadcast from their phones divulges personal information. Geo-location data traces more than just where people go but often their personal activities and communication. Therefore, when government has good reasons to track a phone using its Global Positioning System, a warrant should be required.
Under ECPA requirements, government agencies have the authority to track your past or present GPS data without a warrant. This must be reformed. Rep. Lofgren correctly stated, “Fourth Amendment protections don’t stop at the Internet. Americans expect Constitutional protections to extend to their online communications and location data.”
7. ECPA Violates Third Party Doctrine with Metadata
ECPA needs to extend better protection to metadata, which encompasses call duration; call location, and time of the call. The Third Party Doctrine say that if your information is stored with a third party (or a middleman), there should be a “reasonable expectation of privacy .”
The law should extend stronger protection of data held by private companies by requiring warrants and limiting subpoenas for federal acquisition of meta-data. Instead of exempting meta-data requirement for Federal bureaucracies, ECPA should provide warrant requirements.
8. ECPA Inhibits Technological Advancement: Cloud
Cloud computing is the future of business. Private businesses are becoming increasingly dependent upon cloud computing for affordable file storage, file sharing, and enhanced collaboration. Google and numerous other businesses have explained ECPA’s silence on cloud privacy protection, which makes it vulnerable to government intrusion. This privacy concerns has become a notable barrier to economic growth.
Google’s Director of Law Enforcement and Information Security testified that “By creating inconsistent privacy protection for users of cloud services and inefficient, confusing compliance hurdles for service providers, ECPA has created an unnecessary disincentive to move to a more efficient, more productive method of computing.” If Congress doesn’t enact reform, cloud computing services are in danger of being designed for foreign servers where the US will have no access regardless of warrants. Congress should remove this roadblock from the market.
9. Email: Losing your Rights After 180 Days
Our Constitutional protection doesn’t expire; no exceptions. However, ECPA currently mandates that privacy protections on email expire after 180 days. “When ECPA was enacted; email was primarily a means of communicating information, not storing it.” Senator Lee (R-UT) explained, “Today, we use our email accounts as digital filing cabinets, where we store many of the personal documents and sensitive information that the Fourth Amendment was meant to protect.”
According to Google, 68 percent of data requests were subpoenas under the ECPA 180 day mandate. Despite the 6th circuit court ruling in United States v. Warshak that the 180 day provision violates the Fourth Amendment, the use of subpoenas persists. ECPA should create stricter protection of email and social messaging activities. Natural rights require eternal protection.
10. Insufficient Oversight and Reporting Requirements
Government bureaucracies have violated privacy rights with practically unchecked exceptions provided by ECPA. The level of government oversight for organizations operating under the EPCA privacy provisions increase. In the status quo, the greatest accountability comes from private companies like Google, Twitter, and LinkedIn who have provided transparency reports about the volume of warrants of the Federal government. However, ECPA reform must allow for oversight to assure government checks and balances.
The Government Accountability Office should be authorized to issue reports and provide analysis on law enforcement’s of use the warrant requirements through ECPA. This would help ensure more government accountability and oversight.