Main Nav

ECPA Reform Update: House Hearing and Senate and House Bills Introduced

ECPA reform is an important topic for Congress this session.  Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has championed this reform and says that it is an important agenda item for the Committee.  House Judiciary Committee Chairman Robert Goodlatte (R-VA) said that modernizing the privacy act to "reflect our current digital economy" will be a priority for his committee. 

On March 19, 2013, the House Judiciary Committee's Subcommittee on Crime, Terrorism, Homeland Security and Investigations held a hearing on “ECPA Part 1: Lawful Access to Stored Content." The law, written in 1986, allows the government to argue that private online messages older than 180 days are not protected by the Fourth Amendment and that the government can access the messages without a warrant.  A video of the hearing is available here.

Witnesses included:

  • Orin Kerr
    George Washington University Law School

Ms. Tyrangiel (DOJ) testified that the Administration is not opposed to a blanket warrant standard to apply to all emails, even when they are 180 days old or opened.  However, her testimony is also notable for a number of reasons including these two:  (i) it offers no defense of the 180-day rule (the ECPA provision, ruled unconstitutional in the 2010 Warshak case, that permits law enforcement to use a subpoena to access to email content more than 180 days old); and (ii) it offers no defense of the provision in current law on which DOJ relies to argue that opened email loses the warrant protection in current law.  This is contrary to what those arguing for reform are stating.  For example, the Digital Due Process (DDP) principles propose no change to that rule, either for paper documents or electronic documents stored in the home, both of which would be treated the same.  Moreover, under the DDP proposals, the government would retain the ability to serve a subpoena on the creator (or recipient) of communications stored in “the cloud.” Under the DDP principles, the only time a warrant would be required would be when the government seeks to compel a service provider, rather than the creator (or recipient), to disclose the contents of a communication.  The DDP principles would apply the same rule in that case as has existed for over a century for compelling the Post Office to disclose the content of letters in its possession.  Clarifications such as these are important for campuses that operate networks and/or provide cloud services.

On March 19, 2013, Sen. Patrick Leahy (D-VT) and Sen. Mike Lee (R-UT) introduced a bill, entitled the Electronic Communications Privacy Act Amendments Act of 2013, that would reform the 1986 Electronic Communications Privacy Act (ECPA). This bipartisan sponsorship will give ECPA reform a strong boost. Sen. Leahy, the Chairman of the Senate Judiciary Committee, is also the author of the original ECPA law.  Sen. Lee was a strong voice for Constitutional rights when the Judiciary Committee marked up a nearly identical bill last year. (Note: See previous EDCAUSE blog for background information.)

The Leahy-Lee bill would amend ECPA to require government officials to obtain a warrant in order to require ISPs or other online service providers to disclose the private communications of their users (except in emergency cases). This would include personal or proprietary documents stored with providers of “cloud” services, which are increasingly being utilized by campuses. Under ECPA, the warrant requirement applies only to email up to 180 days old and does not apply at all to documents stored in the cloud. The goal of the Leahy-Lee legislation is to ensure that the warrant standard, which now applies to letters send in the mail, is extended to email.

As noted by the Center for Democracy and Technology (CDT), the legislation would maintain existing emergency exceptions to the warrant requirement so law enforcement can act quickly in those occasions when there is no time to go to a judge. It also leaves in place the provisions of current law that require providers – without a warrant – to affirmatively report child pornography and other child abuse of which they become aware.

On March 6, 2013, Reps. Zoe Lofgren (D-CA), Ted Poe (R-TX) and Suzan DelBene (D-WA) have introduced legislation, the Online Communications and Geolocation Protection Act (H.R. 983), that would strengthen the privacy of Internet users and wireless subscribers from overbroad government surveillance by requiring the government to get a warrant based on probable cause before intercepting or forcing the disclosure of electronics communications and geolocation data.

EDUCAUSE is a member of the Digital Due Process coalition working to update ECPA and we will continue to monitor and report on this issue.