ECPA reform: Why digital due process matters

The shift to cloud computing puts Electronic Communications Privacy Act reform in the spotlight.

Yesterday, the Senate held a hearing on proposed updates to the Electronic Communications Privacy Act, the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. Today, the House held a hearing on ECPA reform and the revolution in cloud computing.

While the vagaries of online privacy and tech policy are far out in the geeky stratosphere, the matter before Congress should be earning more attention from citizens, media and technologists alike.

“Just as the electric grid paved the way for industrial economy, cloud computing paves the way for a digital economy,” testified David Shellhuse of Rackspace.

So to take it one step further: updates to the ECPA have the potential to improve the privacy protections for every connected citizen, cloud computing provider or government employee. “Advances in technology depend not just on smart engineers but on smart laws,” testified Richard Delgado of Google. Salgado highlighted Digital Due Process, in concert with a new post on ECPA reform at the Google Public Privacy blog.

After the hearing yesterday, I interviewed digital privacy and security researcher Chris Soghoian about what’s at stake. Soghoian, until recently the resident geek at the Federal Trade Commission, explained why the Digital Due Process coalition is pushing for an ECPA update for online privacy in the cloud computing age.

“From the perspective of industry and definitely the public interest groups, people shouldn’t have to consider government access as one of the issues when they embrace cloud computing,” said Soghoian. “It should be about cost, about efficiency, about green energy, about reliability, about backups, but government access shouldn’t be an issue.”

Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. “Users of cloud services must have confidence that their data will have privacy protections from government and from providers,” testified Mike Hintz of Microsoft, who said that his company “regularly hears from enterprises that moving data to the cloud affects privacy.”

Below, ACLU legislative counsel Chris Calabrese talks about email, cloud computing and what’s at stake with proposed updates to the Electronic Communications Privacy Act.

In the next video, Indiana University professor Fred Cate talks about electronic privacy protections for email under the current laws and and what updates to the Electronic Communications Privacy Act could mean. [Testimony]

Below, Princeton computer science professor Ed Felten talks about proposed updates to the Electronic Communications Privacy Act in the context of the shift to cloud computing. “In an ideal world, people would be deciding to use on the cloud based on efficiency and cost,” testified Felten. Privacy concern alter the choices of businesses and consumers. When ECPA was first written, he said, “the founder of Facebook was 2 years old.” To say much has changed in technology since 1986 would be a considerable understatement. [Testimony]

Finally, Wharton professor Kevin Werbach talks about why the Electronic Communications Privacy Act is important to reducing friction and uncertainty for cloud providers and their customers. “A drop in trust in online intermediaries will add more friction to the Internet economy,” he said. [Testimony]

tags: , , ,