As the Electronic Communications Privacy Act (ECPA) turns 25 years old this week, calls are increasing for an update to bring this aging law into the age of cloud computing.  Senators Ron Wyden (D-Ore.) and Mark Kirk (R-Ill.) this week joined with the Digital Due Process Coalition to call for significant revisions of the law, which establishes standards for law enforcement access to electronic communications and associated data.  The Digital Due Process Coalition is composed of a diverse group of companies, associations, and privacy advocates that includes Apple, Amazon, Facebook, Microsoft, the Center for Democracy and Technology, EFF, and a number of notable academics in the field of Internet law.  The group’s guiding principles would require law enforcement to:

  • Obtain a search warrant before compelling a service provider to disclose a user’s private communications or documents stored online;
  • Obtain a search warrant before tracking the location of a cell phone or other mobile communications device;
  • Obtain a court order based on demonstrating relevance to an authorized criminal investigation, before obtaining transactional data in real time about when and with whom an individual communicates using e-mail, instant messaging, text messaging, the telephone, or any other communications technology.
  • Obtain a court order based on demonstrating relevance to an authorized criminal investigation, before obtaining transactional data about multiple unidentified users of communications or other online services when trying to track down a suspect.

Most law enforcement, industry, and consumer advocates would concede that ECPA, which was passed before the Internet was widely available, is outdated.  Efforts to modernize the bill have been made repeatedly, particularly in 1998 and 2000.  ECPA sets inconsistent and increasingly irrational standards over the life of electronic content.  For example, access to an email may depend on whether it is stored by the service provider or on a local computer, and whether it is opened by its recipient.  An electronic document may be protected by the Fourth Amendment when stored locally, but potentially available to law enforcement without a warrant if stored in the cloud. 

But differences in views with respect to how the law should be updated have complicated the legislative process.  The Department of Justice (DOJ), concerned that lawmakers may revise ECPA in a way that hinders prosecutors in expediently obtaining digital data to assist in investigations, supports only clarifications in the law that would reflect the DOJ’s interpretation of the current law.  However, Senators Wyden and Kirk, along with Representative Jason Chaffetz (R-Utah) in the House) have introduced legislation consistent with the Digital Due Process Coalition’s goals.  A similar bill was introduced by Senate Judiciary Chairman Patrick Leahy (D-Vt.) earlier this year.  Senator Leahy noted today during a floor speech that he is aiming to mark up the bill “before the end of the calendar year.”

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kurt Wimmer Kurt Wimmer

Kurt Wimmer is a partner concentrating in privacy, data protection and technology law.  He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies.  Mr. Wimmer is rated…

Kurt Wimmer is a partner concentrating in privacy, data protection and technology law.  He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies.  Mr. Wimmer is rated in the first tier by Legal 500, designated as a national leader in Chambers USA, and is included in Best Lawyers in America in four categories.  He represents companies and associations on public policy matters before the FTC, FCC, Congress and state attorneys general, as well as in privacy assessments and policies, strategic content ventures, copyright protection and strategy, content liability advice, and international matters.