Pre-Internet Laws Are Jeopardizing Today's Electronic Privacy

The misnamed Electronic Privacy Communications Act was enacted four years before the advent of the World Wide Web.

In a way, it’s even worse than a scandal over the NSA’s collection of metadata.

Today, as incredible as it might seem, it is still legal for the federal government to read your emails without the pesky hassle of asking for warrants – as long as they are six months or older. The government can do this by exploiting what has been described as a legal loophole in a terribly outdated 1980s law on electronic communication.

The misnamed Electronic Privacy Communications Act was enacted in 1986, four years before the advent of the World Wide Web. The law, the somewhat misnamed Electronic Privacy Communications Act was enacted in 1986, four years before the advent of the World Wide Web and six years before AOL started offering its own email addresses to customers. The widespread use of the Internet, thanks to browsers like Netscape and Internet Explorer, was nearly a decade away. And yet it is being applied to today’s Internet, in which even AOL is outdated.

Spying on Emails

Under the 1986 law, email that has been stored for 180 or more days is considered to be ‘abandoned’ and can be perused by federal authorities sans a warrant. But in an era of cloud computing and services like Dropbox, most Americans certainly would beg to differ that any emails stored online had been abandoned, as one Republican Congressman, Rep. Kevin Yoder of Kansas, recently pointed out to McClatchy.

Under the Fourth Amendment, law enforcement is required to have warrants for any searches and seizures. So the FBI can’t rummage through that box of personal letters, correspondence with business associates, or notices from collection agencies sitting in your attic without a warrant. But not so if any of those items happens to be contained in any email six months or older.

As one observer has well put it, the Fourth Amendment is in need of a ‘digital update.’ Yoder has sponsored a bill to do just that. Called the Email Privacy Acts, it mandates the obvious remedy: warrants are needed to snoop on any emails six months or older.

"It is hard to believe that we’re starting another year with laws that were written for how computing worked in the 1980s."“After spending two decades in the technology sector where things evolve at light speed, it is hard to believe that we’re starting another year with laws that were written for how computing worked in the 1980s,” said Rep. Suzan DelBene, a Washington state Democrat who is also a former Microsoft VP, told The Hill.

But securing the rights of Americans is only half the battle.

The email spying has gotten so out of hand that the government has asserted its right to obtain emails from foreign nationals stored overseas. In 2013, as part of a drug investigation, federal authorities sought a warrant to read the emails housed at a Microsoft facility in Dublin, Ireland. Because Microsoft has a policy of storing emails near the location of the customer, the email user in question is presumably Irish.

One wonders where investigators got the idea that they had the right to serve a warrant on a foreign national in another country’s territory. Microsoft certainly didn’t think they had the right. But when they refused to comply, the company was held in contempt, sparking a legal battle that has escalated to the Supreme Court, where a decision is pending.

Laws Need a Digital Update

Some federal lawmakers aren’t waiting for the high court to weigh in, arguing that it’s Congress’ job to update the aging law. At the end of the summer, Senators Orrin Hatch, R-Utah, and Chris Coons, D-Del., re-introduced The International Communications Privacy Act (ICPA).

The ICPA would establish clear guidelines for how federal law enforcement could access emails. First, the law requires warrants for viewing emails, even if they are stored overseas.

Backers of the law say it will restore customer confidence in the privacy of their emails and avoid violations of other nations’ sovereignty.

The law also permits law enforcement to seek emails for foreign nationals but spells out a specific process for how they can do that. As part of that process, the foreign government must be notified of the warrant and given a chance to challenge it. If so, then US courts would have to rule on the matter, weighing the foreign government’s interests against those of the United States, according to a summary of the bill’s provisions.  

The law also stipulates that only ‘qualifying foreign countries’ have that right. Countries are eligible if they respect basic human rights, allow US law enforcement access, and would otherwise not undermine US interests were they to be notified in advance. That means that Ireland should have been notified; Iran or ISIS, probably not so much.

Backers of the law say it will restore customer confidence in the privacy of their emails and cloud computing and avoid violations of other nations’ sovereignty.

“The potential global reach of government warrant authority has significant implications for multinational businesses and their customers. Failing to address this issue in a reasonable, comprehensive way will only continue to cause problems between American businesses and the US government. ICPA will aid US law enforcement while safeguarding consumer privacy, striking a much-needed balance in today’s data-driven economy,” Hatch said in a statement.

Security and Privacy

The law may also benefit national security.

Federal surveillance finds one legitimate suspect for every 10,000 emails it reviews. That’s enormously inefficient. There’s an argument to be made that limiting the scope of what law enforcement can view will actually enhance its ability to target true criminals and terrorists. As Brian McNicoll, a Hill staffer pointed out in a recent op-ed, the Orlando shooter and the Boston Marathon bombers were known to the FBI beforehand. Why didn’t the FBI stop them? They were simply too distracted by the burdens of mass surveillance to pick them out, so the theory goes.

According to one estimate cited by McNicoll, federal surveillance finds one legitimate suspect for every 10,000 emails it reviews. That’s enormously inefficient. It’s a lot easier to find a needle in a haystack if you’re working with a lot less hay – and that’s what this law will achieve.

The proposed law has potential to draw bipartisan support, uniting civil liberties advocates on the left with libertarian conservatives. Already, the bill has garnered the endorsement of a wide array of groups on the right, including Americans for Tax Reform, the R Street Institute, the National Taxpayers Union, the Competitive Enterprise Institute, and FreedomWorks, among others, according to The Hill.

As of this writing, the bill still faces opposition in Congress and the Trump administration has yet to take a position. Given Trump’s authoritarian tendencies, there is a concern that he might be predisposed to oppose it. But the fact that Trump has also touted himself as a “modern day” President for his incessant use of Twitter should stir some hope that he will be able to grasp the importance of this most basic issue of digital privacy.

Further Reading

{{relArticle.title}}

{{relArticle.author}} - {{relArticle.pub_date | date : 'MMMM dd, yyyy'}} {{relArticle.author}} - {{relArticle.pub_date | date : 'MMMM dd, yyyy'}}
{{article.Topic.Topic}} {{article.Topic.Topic}}

{{article.Title}}

{{article.BodyText}}