On April 6, 2011, the Senate Committee on the Judiciary held a hearing on “The Electronic Communications Privacy Act: Government Perspectives on Protecting Privacy in the Digital Age.” Representatives from the Department of Justice (PDF link) and the Department of Commerce (PDF link) testified.
A key issue is whether to update the federal laws related to privacy and protection from unreasonable searches of e–mails and other electronic communications.
As more electronic communications are saved long–term at the service provider’s facility (instead of the early days of e–mail where the messages were typically downloaded from the service provider and saved long–term locally by the person once it was opened), privacy advocates are asking Congress to update the federal laws. The general concept was that these laws protected a person’s privacy while the electronic communications were in transit from the sender to the recipient (while the communication was held by the service provider), but these laws did not offer the same level of protection if the communication was held long–term by the service provider.
On March 30, 2011, a group of technology companies and privacy advocates issued a joint statement urging Congress to update the federal laws regarding government access to e–mails, voicemails, and other electronic data stored by electronic communications service providers in the cloud. As described in an April 7, 2011, article at Wired.com, the government can request and collect a person’s e–mails stored at your service provider without a warrant if it is older than 180 days. The source of the government’s authority to do this is 18 U.S.C. § 2703 of the Stored Communications Act (18 U.S.C. § 2701–2712), which is part of the Electronic Communications Privacy Act of 1986. Technology has definitely changed since 1986!
Under 18 U.S.C. § 2703 of the Stored Communications Act, for electronic communications, such as e–mails and voicemails, that are in “electronic storage” by a provider of electronic communications services for 180 days or less, the government generally needs a search warrant to compel disclosure of the contents. Otherwise, the government can generally use a court order under 18 U.S.C. § 2703(d), without a search warrant, to obtain the contents if “there are reasonable grounds to believe that the contents…are relevant and material to an ongoing criminal investigation.”
If the electronic communication has been opened but the data is stored for 180 days or less, the government might assert that the data is no longer in the protected category “electronic storage” and assert that no search warrant is needed. In other words, the government argues that the 180–day protection applies while the electronic communication is “in transit” from sender to recipient. The Ninth Circuit Court of Appeals in Theofel v. Farey-Jones, 359 F.3d 1066 (2004), disagreed with this argument, stating that opened electronic communications still are in “electronic storage” and still require a search warrant within the first 180 days of storage. Page 123 of the Department of Justice manual “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations” (PDF link to Chapter 3) states that “federal law enforcement within the Ninth Circuit is bound by the Ninth Circuit’s decision in Theofel, but law enforcement elsewhere may continue to apply the traditional interpretation of ‘electronic storage.’ ” Additional information on how the government can request your electronic communications is summarized at the EFF’s Surveilance Self–Defense Web site.
As technology continues to evolve and we move more of our personal data to storage “in the cloud,” it is important for federal laws to keep pace. It will be interesting to watch what the Senate Committee on the Judiciary recommends following this hearing. On a related topic, I previously wrote about the March 16, 2011, Senate Committee on Commerce, Science, & Transportation hearing on The State of Online Consumer Privacy.
