The revelations by Edward Snowden of the U.S. government’s widespread electronic surveillance stunned most Americans, including policy makers and elected officials at the highest levels of government.
There is an obvious tension between the general right to privacy and the efforts of government agencies to protect America from terrorists and other threats. It’s clear to us that current federal surveillance programs far exceed what is permitted under the Constitution’s Fourth Amendment, but law enforcement hawks have posed opposition sufficient to prevent civil libertarians from legislatively rolling back some of these programs.
Here’s the good news: Short of resolving these major disagreements over the NSA, FISA courts and warrantless wiretaps, Congress can still make a down payment on Americans’ electronic privacy. There is an easy, noncontroversial way for Congress to make a significant step toward improving Americans’ electronic privacy that doesn’t require Lindsay Graham to become a civil libertarian or Justin Amash to become a proponent of the NSA.
The Electronic Communications Privacy Act of 1986 (ECPA) is the main federal law that governs data stored electronically, including email, business data, your photographs, social media, etc. But ECPA predates the Internet, so it predates the widespread use of home computers, email, and social media. It predates cloud storage. Almost any 30 year-old law probably requires updating, but ECPA is so out-of-date that it demands it.
Because ECPA is so outdated, right now virtually all of your electronic life is subject to warrantless search and seizure. In the strange kind of twist of law that arises when laws are written before we understand what we’re regulating, ECPA currently gives protection to electronic data that is more recent than 180 days old. But if it’s older than 180 days, as almost all of it is, it has no protection against warrantless search and seizure.
ECPA cries out for immediate reform. Right now, law enforcement agencies can demand your electronic data for any reason, and no one—not you, not your employer, not your cloud storage company, and not your social media sites—has a basis under the current ECPA to refuse.
As proof of its bipartisan appeal, Sen. Pat Leahy (Vt.), a liberal Democrat, and Sen. Mike Lee (Utah), a Tea Party Republican, have co-sponsored legislation to bring ECPA up-to-date with current and future communications technology.
Updating ECPA for the Internet Age would allow Congress to show that it is sensitive to Americans’ privacy concerns and to reaffirm our Fourth Amendment protections. It would clarify the law so that law enforcement agencies could obtain access to what they need by following proper, constitutional procedures, and it would protect individuals and small businesses that don’t have the resources to navigate the ambiguities unnecessarily created by the current ECPA’s outdated provisions. It would give users of cloud services confidence that the data they upload has at least basic constitutional privacy protections. And it would give Congress an opportunity to work together and actually get something done that the American people would almost universally see as beneficial to their daily lives.
It’s stunning that nothing has changed in the almost two years since the Snowden revelations. It’s time now for Congress to at least make a down payment on reining in unconstitutional government surveillance and restoring Americans’ electronic privacy.