U.S. Senate to consider long overdue reforms on electronic privacy

The silver lining in the role of cloud-based email in the CIA Director's resignation is a renewed focus on digital privacy.

In 2010, electronic privacy needed digital due process. In 2012, it’s worth defending your vanishing rights online.

This week, there’s an important issue before Washington that affects everyone who sends email, stores files in Dropbox or sends private messages on social media. In January, O’Reilly Media went dark in opposition to anti-piracy bills. Personally, I believe our right to digital due process for government to access private electronic are just as important.

Why? Here’s the context for my interest. The silver lining in the way former CIA Director David Petraeus’ affair was discovered may be its effect on the national debate around email and electronic privacy, and our rights in a surveillance state. The courts and Congress have failed to fully address the constitutionality of warrantless wiretapping of cellphones and the location of “persons of interest.” Phones themselves, however, are a red herring. What’s at stake is the Fourth Amendment in the 21st century, with respect to the personal user data that telecommunications and technology firms hold that government is requesting without digital due process.

On Thursday, the Senate Judiciary Committee will consider an update to the Electronic Communications Privacy Act (ECPA), the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. (It’s the small item on the bottom of this meeting page.)

UPDATE: Senator Leahy’s manager’s amendment to ECPA passed but Politico’s Tony Romm reports that the full Congress is unlikely to pass ECPA reform in this session.

If you somehow missed the uproar online last week, the tech policy world went a bit nutty when CNET’s Declan McCullagh broke a story about Senator Patrick Leahy (D-VT) rewriting the text of his ECPA amendment.

By the end of the day, Senator Leahy said he would not support that proposal, but what the draft reflected is pressure from law enforcement and federal regulatory agencies to not only keep warrantless access open but to enshrine it in law.

Today, Senator Leahy’s office posted a manager’s amendment and summary of changes for the committee’s consideration.

“The manager’s amendment is vastly improved, as compared to the controversial one last week,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology and the director of its Project on Freedom, Security & Technology, in a phone interview.

“We support the manager’s amendment, and will support the bill,” he said. “It will establish a clear, consistent standard for law enforcement access to content. It will require a warrant going forward. This is a huge improvement over current law and will bring ECPA into the modern age.”

In a post on the amendment at CDT.org, Nojeim reiterated CDT’s support. “It will protect consumer privacy, remove the uncertainty law enforcement currently faces, and foster the growth of U.S. cloud computing companies, which will be able to promise their clients that the information they store in cloud will be as secure against government access as information stored locally,” he wrote.

Verify, then trust

This week, the senators on the Judiciary Committee are likely to continue be under some pressure to suggest changes to this amendment that would weaken the protections in it. The manager’s amendment already contains some concessions to law enforcement, with respect to extending the time periods after which the federal government must notify an individual that government has obtained electronic communications, or that a service provider must wait to inform that individual that those records have been obtained.

There’s also clarity that the search warrant requirement in this amendment does not apply to federal anti-terrorism laws, specifically the Foreign Intelligence Surveillance Act (FISA).

“We believe that they’ve kept the central protection in the manager’s amendment, that law enforcement must obtain a warrant to read private communications or digital content, such as documents stored in the cloud,” said Chris Calabrese, legislative counsel for the ACLU, in a phone interview. “That’s a huge privacy win, and we’re glad to see that that’s stayed in.”

Senator Leahy’s statement, however, does leave room for debate:

“I welcome the upcoming Senate Judiciary Committee debate on updating the Electronic Communications Privacy Act (ECPA) to better protect Americans’ digital privacy rights. Today, this critical privacy law is significantly outdated and out-paced by rapid changes in technology and the changing mission of our law enforcement agencies.

“When I led the effort to write the ECPA more than 25 years ago, no one could have imagined that emails would be stored electronically for years or envisioned the many new threats to privacy in cyberspace. That is why I am working to update this law to reflect the realities of our time and to better protect privacy in the digital age. I join the many privacy advocates, technology leaders, legal scholars and other stakeholders who support reforming ECPA to improve privacy rights in cyberspace. I hope that all members of the Committee will join me in supporting the effort in Congress to update this law to protect Americans’ privacy.”

The other side of the issue is represented by a diverse coalition of digital rights advocates that spans traditional ideological labels. Notably, Americans for Tax Reform and the American Civil Liberties Union (ACLU) agreed that electronic privacy deserves a bipartisan upgrade.

The coalition is urging people to go to VanishingRights.com to tell their senators to support warrants for personal electronic communication.

I think they’re on the right side of history.

tags: , , ,
  • http://www.facebook.com/rcharbon Ray Charbonneau

    The idea that you can have true online privacy is as big a fallacy as the idea that you can have successful DRM. Both concepts are contradicted by the inherent nature of the technology.

    Solution? The Shockwave Rider, perhaps. (I’ll assume you don’t need linkage.)

    • digiphile

      Ray,

      What’s on the table here is not “true online privacy” but extending existing legal protections, like the checks and balances of judicial oversight, into the technological context of this millennium. While I enjoyed “The Shockwave Rider” and Toffler’s works and believe that science fiction can be helpful in thinking through the policy debates of the present and future, the matter before the Senate isn’t fictional, and is well worth considering on its own merits.

  • Concerned Citizen

    Seems the only time privacy is considered is when a member of the political elite is embarrassed. Video privacy laws were only created after the Clarence Thomas Supreme Court nomination process.

    • digiphile

      Dear Concerned Citizen,

      There have been ongoing debates about digital privacy in DC since well before 2009, when I moved here. Just look back into the history of the EFF, ACLU, EPIC and the Center for Democracy and Technology or my coverage over the last four years. It’s certainly true that national headlines about a high profile individual put more focus on the issue — but I think that’s a good thing, and made that clear in that subheading.