The revelations by Edward Snowden of the U.S. government’s widespread electronic surveillance stunned most Americans, including policy makers and elected officials at the highest levels of government.
The unanticipated extent of the various surveillance programs sent shock waves through our international relations as well, provoking other nations to consider changes to their Internet infrastructure, in some cases leading countries to lay undersea data cables that relieved their reliance on the United States, and to consider regulations that require data about their citizens to be stored in data centers within their borders, subject to their own laws and regulations.
And of course this extensive surveillance has provoked considerable controversy within the United States. To some, Snowden is a hero, while to others he’s a villain. The truth is, he’s probably a mixture of both. But regardless of your opinion of Snowden’s actions, the information is now out: The federal government is engaged in surveillance of electronic data transmission to a more massive extent than most people would have guessed, and much of it is almost assuredly outside of Fourth Amendment requirements of probably cause and a specific warrant.
There is an obvious tension between the general right to privacy and the efforts of government agencies to protect America from terrorist and other threats. It’s clear to many that current federal surveillance programs far exceed what is permitted under the Constitution, but law enforcement hawks have posed opposition sufficient to prevent civil libertarians from legislatively rolling back some of these programs. What is most stunning is that nothing has changed despite intense public outrage in the almost two years since the Snowden revelations.
Here’s the good news: Short of resolving these major disagreements over the NSA, FISA courts and warrantless wiretaps, Congress can still make a down payment on Americans’ electronic privacy. There is an easy, noncontroversial way for Congress to make a significant step toward improving Americans’ electronic privacy that doesn’t require Lindsay Graham to become a civil libertarian or Justin Amash to become a proponent of the NSA.
The Electronic Communications Privacy Act of 1986 (ECPA) is the main federal law that governs data stored electronically, including email, business data, your photographs, social media, etc. But ECPA literally predates the Internet, so it predates the widespread use of home computers, email, and social media. It predates cloud storage. Almost any 30 year-old law probably requires updating, but ECPA is so out-of-date that it demands it.
Because ECPA is so outdated, right now virtually all of your electronic life is subject to warrantless search and seizure. In the strange kind of twist of law that arises when laws are written before we understand what we’re regulating, ECPA currently gives protection to electronic data that is more recent than 180 days old. But if it’s older than 180 days, as almost all of it is, it has no protection against warrantless search and seizure.
ECPA cries out for immediate reform. Right now, law enforcement agencies can demand your electronic data for any reason, and no one—not you, not your employer, not your cloud storage company, and not your social media sites—has a basis under the current ECPA to refuse.
As proof of its bipartisan appeal, Sen. Pat Leahy (Vt.), a liberal Democrat, and Sen. Mike Lee (Utah), a Tea Party Republican, have co-sponsored legislation to bring ECPA up-to-date with current and future communications technology.
Updating ECPA for the Internet Age would allow Congress to show that it is sensitive to Americans’ privacy concerns and to reaffirm our Fourth Amendment protections. It would clarify the law so that law enforcement agencies could obtain access to what they need by following proper, constitutional procedures, and it would protect individuals and small businesses that don’t have the resources to navigate the ambiguities unnecessarily created by the current ECPA’s outdated provisions. It would give users of cloud services confidence that the data they upload has at least basic constitutional privacy protections. And it would give Congress an opportunity to work together and actually get something done that the American people would almost universally see as beneficial to their daily lives.
It’s a win for Congress and for the American people, and it needs to move now, before presidential politics gums up the works in Congress.
Giovanetti is president of the Institute for Policy Innovation (IPI), an independent, nonprofit public policy organization based in Dallas.