If the Fourth Amendment to the Constitution of the United States were being drafted today, James Madison, and George Mason before him, would likely not have used the word “papers” to describe various types of personal communications protected from unreasonable and warrantless search or seizure by government.
Much has changed since then, but the idea communicated in the amendment is as clear as ever: that the people and anything they own must be protected from unreasonable and warrantless government searches and seizures. There should be little doubt that such a basic protection must extend into the electronic realm as well.
The Electronic Communications Privacy Act (ECPA) was passed 30 years ago to extend the already-existing restrictions on government wiretapping of telephone calls to the transmission of electronic data by computers. But time and use of technology moved on while the law became as dated as a 5 ¼ inch floppy disk.
Under the law, stored “communications” data (such as emails) kept for more than 180 days is considered “abandoned,” which has been interpreted to mean that the owner no longer has any expectation of privacy in what was stored. Therefore, law enforcement can access that data without a warrant. Data less than 180 days old requires the government to obtain a search warrant to acquire the data. But, many decades later and with computing power doubling 20 times since then, the initial concept of “transmission of electronic data by computers” bears almost no relation to technology and practices today.
Today we save data, lots of data, for a long time. An increasing amount of personal data, most easily described as “communications,” is being stored in “the cloud,” which is the remote storage of data with multiple redundant systems to ensure that it’s not lost. So, rather than storing pictures, financial information, or just backups of personal emails to a computer’s hard drive, cloud computing enables the storage of that information on remote servers designed to hold data for a long time.
Clearly, ECPA needs to be updated to remove the arbitrary and outdated 180-day rule, and to ensure that a warrant is obtained before stored electronic data is released. This is not a debate about whether personal materials can be searched, but rather how and with what safeguards for citizens. Without an update to ECPA our constitutional protections are at risk when we operate electronically, and our rights sacrificed for the convenience of government.
There are many good reasons for updating ECPA, such as enhancing the ability of U.S. companies to compete effectively in the cloud-computing market, and so that law enforcement can always access electronic communications in all appropriate situations. But none of these are as critical, or as fundamental, as updating the law to protect our fundamental rights.