An updated Electronic Communications Privacy Act, or ECPA, was a good idea proposed at the wrong time. The amendment would have protected our privacy in online communications, but its proposal at the end of the last Congress ensured its demise. With a new Congress comes a new chance to pass it, and some lawmakers are taking that chance.
The Hill reports that House Judiciary Committee Chairman Bob Goodlatte has laid out his priorities for 2013, and the ECPA amendment is near the top. He said that Committee will "look at modernizing the decades-old Electronic Communications Privacy Act to reflect our current digital economy."
The amendment's original sponsor in the Senate, Patrick Leahy, is also reportedly on board with trying to pass the bill again. He and Goodlatte will presumably work together to get something passed this time around.
Do you think the ECPA can pass the House and Senate this year? Should it be a priority? Let us know in the comments.
So, why is an updated ECPA important again? The original bill was drafted and passed into law in 1986. It's intent was to protect electronic communications from government surveillance, but it was written with the technology of the late 80s in mind. Email and other electronic communications have evolved and greatly expanded since then. Some lawmakers and privacy proponents think the bill needs a rewrite to address changes in how we communicate online.
The current ECPA requires law enforcement to simply obtain a subpoena before going through your email. Beyond that, the only limitation is that they can go through emails that have been opened, or those that are more than 180 days old. It's kind of ridiculous to think that this was acceptable in the late 80s when there were maybe only a few thousand email messages being sent among a handful of people, but it's unacceptable when there are billions of email messages being sent out everyday.
That's why many lawmakers feel that the ECPA needs to be updated, and Goodlatte isn't the only one in the House working on a solution. California Rep. Zoe Lofgren has been working on her own version of the bill called ECPA 2.0 Act of 2012, but it was killed with the last Congress. Lofgren will probably reintroduce the bill in this year's Congress, however, and Goodlatte would be wise to back it. It features a number of protections that any person who communicates over the Internet would appreciate:
wireless communication device.
data about when and with whom an individual communicates using digital services (such as
email or mobile phone calls), the government should demonstrate to a court that such data is
relevant to a criminal investigation.
disclose transactional data about multiple unidentified users of digital services (such as a bulk
request for the names and addresses of everyone that visited a particular website during a
specified time frame). The government may compel this information through a warrant or court order, but subpoenas should specify the individuals about whom the government seeks information.
Lofgren's proposed legislation is probably the best version of ECPA we're going to see. It outright bans the ability of law enforcement to obtain emails through subpoenas, and it holds said law enforcement accountable for its actions. Other proposed updates to the ECPA may require a warrant when obtaining emails, but the accountability rules on law enforcement aren't as strong.
Unfortunately, we probably won't see a new ECPA as long as law enforcement is opposed to it. The bill piggybacked on the VPPA last year and almost made its way to the President's desk before being killed by the Senate. Why? Senate Republicans were concerned that the bill would "hamper police investigations."
Should Lofgren's ECPA be adopted by the House? Or should a more law enforcement friendly version prevail? Let us know in the comments.
A law enforcement friendly version of ECPA won't have an easy ride through Congress though. There's a lot of conflicting interests involved in passing bills like this with privacy proponents and law enforcement standing on opposite sides of the aisle yelling their demands at lawmakers. In the end, however, it may not even matter if the ECPA is amended or not.
Kim Dotcom, founder of Megaupload and Mega, recently announced that he would introduce an encrypted email service that would be immune to snooping by law enforcement. If true, an updated ECPA may not matter anymore.
If the Mega email client goes mainstream, we may even see others start offering similar services. Could law enforcement still access email? Sure, but only email services under U.S. jurisdiction. If that were the case, users may start moving their email accounts to offshore email clients that promise privacy.
That being said, there's still a need for an updated ECPA. There should be an expectation of Congress to keep up with developments in technology and legislate accordingly. How can we expect Congress to act on something far more important, like cybersecurity, when it can't even comprehend something as simple as email?
Should Congress focus its efforts on an updated ECPA this year? Would services like Mega email pick up the slack if Congress failed to act? Let us know in the comments.