ECPA reform: Why digital due process matters

The shift to cloud computing puts Electronic Communications Privacy Act reform in the spotlight.

Yesterday, the Senate held a hearing on proposed updates to the Electronic Communications Privacy Act, the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. Today, the House held a hearing on ECPA reform and the revolution in cloud computing.

While the vagaries of online privacy and tech policy are far out in the geeky stratosphere, the matter before Congress should be earning more attention from citizens, media and technologists alike.

“Just as the electric grid paved the way for industrial economy, cloud computing paves the way for a digital economy,” testified David Shellhuse of Rackspace.

So to take it one step further: updates to the ECPA have the potential to improve the privacy protections for every connected citizen, cloud computing provider or government employee. “Advances in technology depend not just on smart engineers but on smart laws,” testified Richard Delgado of Google. Salgado highlighted Digital Due Process, in concert with a new post on ECPA reform at the Google Public Privacy blog.

After the hearing yesterday, I interviewed digital privacy and security researcher Chris Soghoian about what’s at stake. Soghoian, until recently the resident geek at the Federal Trade Commission, explained why the Digital Due Process coalition is pushing for an ECPA update for online privacy in the cloud computing age.

“From the perspective of industry and definitely the public interest groups, people shouldn’t have to consider government access as one of the issues when they embrace cloud computing,” said Soghoian. “It should be about cost, about efficiency, about green energy, about reliability, about backups, but government access shouldn’t be an issue.”

Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. “Users of cloud services must have confidence that their data will have privacy protections from government and from providers,” testified Mike Hintz of Microsoft, who said that his company “regularly hears from enterprises that moving data to the cloud affects privacy.”

Below, ACLU legislative counsel Chris Calabrese talks about email, cloud computing and what’s at stake with proposed updates to the Electronic Communications Privacy Act.

In the next video, Indiana University professor Fred Cate talks about electronic privacy protections for email under the current laws and and what updates to the Electronic Communications Privacy Act could mean. [Testimony]

Below, Princeton computer science professor Ed Felten talks about proposed updates to the Electronic Communications Privacy Act in the context of the shift to cloud computing. “In an ideal world, people would be deciding to use on the cloud based on efficiency and cost,” testified Felten. Privacy concern alter the choices of businesses and consumers. When ECPA was first written, he said, “the founder of Facebook was 2 years old.” To say much has changed in technology since 1986 would be a considerable understatement. [Testimony]

Finally, Wharton professor Kevin Werbach talks about why the Electronic Communications Privacy Act is important to reducing friction and uncertainty for cloud providers and their customers. “A drop in trust in online intermediaries will add more friction to the Internet economy,” he said. [Testimony]

tags: , , ,
  • You can read the ACLU’s principles for ECPA reform and all of the ACLU’s submitted testimony for the multiple House hearings and Senate hearing at:

    More importantly you can watch a fun video about outdated electronic privacy law with a “totally awesome” 80s soundtrack and great images of what technology looked like in the 80s when ECPA was written.

  • I agree, but unless the U.S.A revisit the Patriot Act, and the National Security letters too, the above can only be pretend change.

    For an idea about just how damaging this is see the talk by Nicholas Merrill, where he describes his 7 year battle against one such a letter. During that time he was completely gagged, unable to tell anyone about his involvement in the case, unable to go to congress and let them know about the dangers of these laws (which then simply voted to re-establish the Patriot Act recently). Those Letters by themselves are the biggest spying tool, we could call it leaking tool, of the US government on its citizens. I don’t see how changing any other law without clearly getting rid of the Patriot Act can restore any confidence.

    But it’s good to see that the debate is evolving.