| Updating the Law Governing the Privacy of Electronic Communications |
 |
 |
|
I. The Problem The Electronic Communications Privacy Act (ECPA) of 1986 established workable standards for government surveillance of email and stored communications in criminal cases. However, ECPA has been outpaced by technological developments and privacy safeguards have not yet been established for information related to new electronic services. For example, cell phone service providers now routinely store information about the location of their customers while their cell phones are turned on, but ECPA does not specify a standard for law enforcement access to location information. Moreover, the emergence of “cloud computing,” which enables storage on remote computers of business records and information such as personal calendars, photos, and address books, raises new privacy issues that require clear standards for custodians of this information who receive government requests for access to it. Currently, this information is on a weaker privacy footing than the same information when it resides in the user’s computer. A patchwork of confusing standards and conflicting judicial decisions has arisen, and it has confounded service providers and created uncertainty for law enforcement officials.
II. Proposed Solutions A. Guiding Principles Fourth Amendment standards, including probable cause, should govern law enforcement access to communications contents and to location information, which many consumers regard as the most sensitive non-content information available to the government. Surveillance statutes should be updated to account for the ways Americans communicate today. The level of the privacy afforded to communications should be made technology neutral so that information stored in a remote computer enjoys the same level of Fourth Amendment protection it would enjoy if stored on the user’s desktop computer. B. Proposed Measures ECPA should be updated to tighten and clarify the standards for government access to data that is that is communicated and stored and to take account of new communications technologies: 1. Comprehensive Fourth Amendment standards, including probable cause, should be required for law enforcement access to: a. Location information, regardless of whether it is stored or is collected in real time; b. Email stored with a communications service provider for more than 180 days – the same standard that is imposed for email stored for shorter periods of time – and all email regardless of whether it has been opened by the recipient; c. User-generated content, regardless of whether it is maintained on a desktop or on the Web; and d. Information maintained on a social networking page that is not open to the public. 2. The standard for issuing a pen register or trap and trace order, which can be used by law enforcement to access in real time, for example, a log of who a person telephones and who telephones the person, should be tightened to require at least specific and articulable facts that the information sought is relevant to a pending, full, investigation. The statute should also be clarified to ensure that under no circumstances is communications content to be collected based on such an order. 3. Consistent with current Department of Justice policy and the First Circuit’s en banc decision in U.S. v. Councilman, 418 F.3d 67 (1st Cir. 2005), ECPA should be further clarified to ensure that any real-time or prospective collection of communications content is an “intercept” requiring an intercept order, regardless of whether that content is acquired while it is in temporary electronic storage incident to transmission. 4. The statutory exclusionary rule, which now applies to the contents of illegally intercepted telephone calls, should be extended to cover the contents of illegally intercepted email and other electronic communications. III. Allies* American Association of Law Libraries American Library Association Association of Research Libraries Bill of Rights Defense Committee (BORDC) Center for Democracy & Technology Common Cause Defending Dissent Foundation Electronic Frontier Foundation (EFF) Essential Information Government Accountability Project Liberty Coalition Muslim Advocates OpenTheGovernment.org Stanford Law School - Mills International Human Rights Clinic U.S. Bill of Rights Foundation * These groups and individuals support the general principles expressed and the general policy thrust and judgments in the policy proposals described above. The allies listed do not necessarily endorse the specific language in every proposed solution, but they do agree that the proposals reflect the general principles that should govern policy in this area. Please contact the individuals and organizations listed in this section for more information. IV. Counter-Arguments and Rebuttal Agencies of the federal government engaged in electronic surveillance, such as the FBI/Department of Justice, and some state law enforcement agencies, will be hesitant to support measures to require more judicial oversight of their surveillance activities. However, DOJ representatives have often argued for the need to update surveillance laws to keep pace with technology. Law enforcement will benefit from the increased clarity in surveillance standards that an update to the law would provide. It would help agents better understand the facts that would need to be shown in order to secure a surveillance order, and it would facilitate cooperation with those orders from providers of communications services. In addition, the Department of Justice has argued that the Fourth Amendment does not cover business records, and it even argues that communications content maintained by a service provider, has no Fourth Amendment protection. This is all the more reason for Congress to step in and clarify the level of protection that will be afforded these communications. V. Recommended Documents for Further Reading: a. Center for Democracy & Technology Report on Digital Search and Seizure: http://www.cdt.org/publications/digital-search-and-seizure.pdf b. Electronic Frontier Foundation on cell phone tracking: http://www.eff.org/issues/cell-tracking c. Electronic Frontier Foundation on pen registers and trap and trace devices: http://www.eff.org/issues/pen-trap d. Electronic Privacy Information Center wiretapping page: http://epic.org/privacy/wiretap/ e. Electronic Communications Privacy Act of 2000, Digital Privacy Act of 2000 and Notice of Electronic Monitoring Act, Hearing before the House Committee on the Judiciary’s Subcommittee on the Constitution, Sept. 6, 2000. http://commdocs.house.gov/committees/judiciary/hju67343.000/hju67343_0.HTM f. f. Stephen E. Henderson, Beyond the (Current) Fourth Amendment: Protecting Third-Party g. g. Patricia L. Bellia & Susan Freiwald, Fourth Amendment Protection for Stored E-mail (Notre Dame h. h. Deirdre K. Mulligan, Reasonable Expectations In Electronic Communications: A Critical Perspective i. The Electronic Communications Privacy Act (ECPA) i. 18 U.S.C. §§ 2510-2522 – Wire and Electronic Communications Interceptions and Interception of Oral Communications ii. 18 U.S.C. §§ 2701-2712 – Stored Wire and Electronic Communications and Transactional Records Access iii. 18 U.S.C. §§ 3121-3127 – Pen Registers and Trap and Trace Devices |