Privacy and Security are High on the Senate Judiciary Committee’s Agenda for the New Congress

On January 16, 2013, Sen. Patrick Leahy (D-VT), the chairman of the Senate Judiciary Committee, set out the agenda of the Judiciary Committee in the 113th Congress with updates to key legislation, including laws on email privacy and cybersecurity. Updating the Electronic Communications Privacy Act (ECPA), a law that Sen. Leahy wrote and guided through the Senate in 1986, continues to be an important issue for the Committee.  Leahy has also been involved with cybersecurity issues and has authored legislation that would stiffen penalties for hackers. 

ECPA set standards for law-enforcement access to electronic communications and was a forward-looking statute when enacted.  However, technology has advanced dramatically since 1986, and ECPA has been outpaced.  Consequently, ECPA is now a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for service providers (including campus networks), for law enforcement agencies, and for all who use mobile phones and the Internet.  For example, under current law, email stored with a third-party provider such as Google or Yahoo that is older than 180 days can be accessed by law-enforcement officials with only subpoena, while a document stored on a desktop computer for the same amount of time would require a warrant. (See EDUCAUSE blogs of September 14, 2012, August 3, 2012, May 18, 2011, and October 14, 2011for further information.)

The Digital Due Process coalition, of which EDUCAUSE is a member, has advocated that Congress needs to update the law.  EDUCAUSE joined with the Association of Research Libraries, businesses, and other trade associations in a letter sent to the Senate Judiciary Committee in 2012 urging support for ECPA reform. The coalition argues that the out-of-date protections in ECPA for access to e-mail and other electronics could hamper the growth of cloud computing and other technologies.

As part of Data Privacy Month on January 29, 2013, Greg Nojeim, Senior Counsel at the Center for Democracy & Technology and the Director of its Project on Freedom, Security & Technology, will brief EDUCAUSE’s Higher Education Chief Privacy Officers group and the Higher Education Information Security Council (HEISC) Working Groups on Government, Risk, and Compliance and Technologies, Operations, and Practices on ECPA reform and its implications for higher education.  A summary of that briefing will be available after the event.

HEISC has produced Guidelines for Responding to Compulsory Legal Requests for Information as a resource for campus staff who may receive such requests. It delineates and defines the types of compulsory legal requests, common issues concerning these requests, and further information resources.

EDUCAUSE will continue to monitor and report on this issue.