On July 5, 2019, China’s Standing Committee of the National People’s Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment.  The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.

The State Cryptography Administration (“SCA”) previously issued an initial draft of this law for public comment on April 13, 2017 (“the 2017 Draft”) (see Covington’s alert on the previous version here).  After the release of the 2017 draft, the regulatory regime in China for commercial encryption products was revamped significantly (see Covington’s previous alert here).  The State Council removed certain approval requirements for the production, sale, and use of commercial encryption products in late September 2017, and the SCA issued further notices reducing the burden imposed on manufacturers, distributors and users of commercial encryption products.  The draft Law proposes further changes to this revamped regime, including for example introducing different categories of encryption, and establishing license requirements for certain imports and exports, while carving out items in “general use.”

The comment period ends on September 2, 2019.


Continue Reading China Releases Updated Draft Encryption Law for Public Comment

On April 27, the House of Representative unanimously passed the Email Privacy Act.  As previously reported, the proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant.

However, while there is widespread support to require

In a unanimous vote, the House Judiciary Committee approved the Email Privacy Act, a long-awaited update to the 30-year-old Electronic Communications Privacy Act (ECPA).  The proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant. 

Continuing a flurry of recent legislative activity (see posts here and here), the California legislature on Tuesday passed a bill requiring that California law enforcement agencies obtain a search warrant to compel the production of communications content (e.g., emails and social media messages) from providers of electronic communication services.  A service provider may provide stored content to law enforcement without a search warrant if the service provider, in good faith, believes that an emergency involving the danger of death or serious physical injury to a person require disclosure without delay.  The bill—S.B. 467—was introduced by Senator Mark Leno and is sponsored by the Electronic Frontier Foundation and supported by the ACLU of California.  It will be enacted into law and become effective on January 1, 2014 if signed by Governor Jerry Brown or if Governor Brown has not vetoed the bill before October 13, 2013. 

Currently, the Stored Communications Act (“SCA”) (part of the federal Electronic Communications Privacy Act (“ECPA”)) requires law enforcement to obtain a search warrant for stored communications held by a service provider for less than 180 days or that have not been opened by the recipient, but only requires less rigorous forms of legal process—for example, a subpoena—for opened, stored communications held for more than 180 days.  (This distinction arose because in 1986 when the SCA was enacted, email typically was hosted on service providers’ servers temporarily and then downloaded by users after a short period of time).


Continue Reading CA Passes Legislation Requiring Search Warrant For Disclosure of Stored Content

A New Jersey federal court recently held that an employee’s Facebook wall posts were protected by the Stored Communications Act (“SCA”), 18 U.S.C. § 2701 et seq., in one of the first cases to analyze the SCA’s application to the Facebook wall.  Ehling v. Monmouth-Ocean Hospital Service Corp.., No. 2:11-cv-3305 (WMJ) (D.N.J. Aug. 20, 2013).  An important factor in the court’s ruling was the fact that the employee had configured her privacy settings to restrict her posts to her Facebook “friends.”

The court found that the employer had not violated the SCA by viewing the employee’s wall, however, because a co-worker, who was one of her Facebook friends, showed the post to their employer without any prior prompting by the employer.  

This ruling provides further reason for employers to avoid unauthorized access to an employee’s social media activities.  The court’s holding is consistent with the passage by 11 states of laws prohibiting employers from demanding social media passwords from employees.  But employers that learn of social media activity by employees through passive means may still be able to take action based on that information.


Continue Reading Federal Court Finds Stored Communications Act Applies to Facebook Wall Posts

According to a number of media outlets, the Senate Judiciary Committee will consider proposed amendments to the Video Privacy Protection Act (“VPPA”) and to Title II of the Electronic Communications Privacy Act, better known as the Stored Communications Act (“SCA”).  The amendments reportedly will be offered by Judiciary Chairman Patrick Leahy (D-VT), and likely will

Yesterday, deeming LinkedIn’s motion to dismiss suitable for decision without oral argument, Judge Koh of the U.S. District Court for the Northern District of California dismissed all eight claims in Low v. LinkedIn with prejudice, ending this litigation.  Covington successfully represented LinkedIn in this case, in which plaintiffs alleged that the purported transmittal to certain

Last week, Judge Ware of the Northern District of California denied a motion to amend his November 2011 dismissal, with prejudice, in In re Facebook Privacy Litigation, a case in which plaintiffs had argued that Facebook improperly transmitted users’ personal information, including User ID numbers or usernames, to third party advertisers.

In his most recent Order, Judge Ware reaffirmed his prior holding that plaintiffs had not stated a claim under the Stored Communications Act (“SCA”) based on an exception to the statute that allows a service provider to divulge the contents of a communication to, or with the lawful consent of, “an addressee or intended recipient” of the communication.


Continue Reading Court Won’t Undo Dismissal of in re Facebook Privacy Litigation