Main Nav

Electronic Communications Privacy Act Modernization Act of 2012

The Electronic Communications Privacy Act Modernization Act of 2012 (H.R. 6339), sponsored by Rep. Jerrold Nadler (D-NY) and Rep. John Conyers Jr. (D-MI), aims to bring legislation originally enacted as the Electronic Communications Privacy Act (ECPA) in 1986 up to date with technology and clarifying issues of electronic privacy. The bill was introduced on August 2, 2012.

Companies and other institutions have struggled to apply outdated, confusing categories of information to evolving technology products and services.  For example, because the existing ECPA standard is inconsistent a single e-mail is potentially subject to multiple legal standards.  A clear standard for law enforcement would be welcomed by cloud vendors and service providers working to overcome confusion surrounding the privacy of e-mail, mobile devices, cloud-based solutions, social networking, and other digital collaborations.

This legislation adopts the position of the Digital Due Process coalition (DDP), of which EDUCAUSE is a member along with industry leaders including IBM, Amazon, Google, Apple and AT&T.  For more than a year now, this coalition has explored how ECPA can apply to new services and technologies.  The group has developed a core set of principles intended to simplify, clarify, and unify ECPA standards.  The goal is to have legislation with clearer privacy protections for users based on technological changes and new usage patterns, while preserving legal tools necessary to enforce the laws and protect the public.  (See EDUCAUSE blog writing in support of a Senate ECPA amendment.)

ECPA was passed well before the Internet was utilized for e-mail, cloud computing, and remote storage, said Nadler in a statement. “Communications technology is evolving at an exponential rate and, as such, requires corresponding updates to our privacy laws,” he said. “This new legislation will ensure that ECPA strikes the right balance between the interests and needs of law enforcement and the privacy interests of the American people.”

Some of the bill’s provisions include:

• Provide a uniform standard and set notice rules when the government accesses the contents of communications.

• Amend the law to provide the same statutory suppression remedies for electronic communications as are currently provided for wire and oral communication surveillance.

• Add new – and, in some instances, modify existing – reporting requirements to ensure that Congress has sufficient information for effective oversight and possible future reforms.

Updating ECPA is important to our campus communities as cloud storage becomes the norm.  Email is stored more frequently on cloud servers indefinitely and under the current law the authorities can access it without warrants if it is older than six months.  The same also applies to content stored in the cloud, including files saved in Dropbox, communications in Facebook, and Google’s cloud-storage accounts.

While there is broad support for this legislation among ISPs and technology companies, it is unknown at this time whether the bill will even receive a hearing before Congress adjourns for the year.

EDUCAUSE will continue to monitor and report on this issue.



This content have been flagged for review. Our moderators will review this content as soon as possible.