Updating the Electronic Communications Privacy Act
Would it surprise you to learn that the federal law governing law enforcement’s ability to obtain emails from your email provider was adopted in 1986 and has remained relatively untouched since then? In 1986, people used phones with cords attached to them and a company called Microsoft had just gone public. In 1986, the first laptop, weighing a trim 12 pounds, was introduced by IBM. This was three years before internet service was first made available to consumers, almost 10 years before text messaging became available, and decades before we could sign up for Facebook or Gmail accounts. Yet, 1986 is the year Congress passed the Electronic Communications Privacy Act (ECPA), the law that largely governs how and when the government can gain access to our electronic communications.
Recognizing that technology has well outpaced the original provisions of the ECPA, Congress is now moving to amend the law to more accurately reflect how people use computers, phones and other electronic devices and storage services. In this posting, I’ll talk about about the history behind the original ECPA, specifically those provisions that control how the government can access stored electronic communications and other documents, and the changes being proposed by Congress.
History of the ECPA and Warrantless Searches
The ECPA, like the amendments Congress proposes today, was actually a reaction to the rapidly changing technology of the time. Use of computers and electronic communications, including email, were on the rise and the laws of the time were inadequate to address how and when the government could properly access these new types of communication. The wiretapping laws in existence addressed transitory telephone calls and did not extend to voiceless communications or communications that could be stored electronically. So Congress acted to put some privacy protections in place for communications in the new computer age.
The ECPA contains three major parts. In the first part, Congress dealt with computer communications while in transit by essentially extending wiretap laws to them. In another part of the law, Congress addressed the use of a particular type of technology used to record the numbers called from a telephone. The final part of the law, and the one that is largely the focus of the proposed changes by Congress today, is known as the Stored Communications Act. It generally prohibits disclosure of electronic communications stored by third parties, but also provides exceptions for government access.
In order to understand those exceptions under which the government can compel third party providers to disclose electronic communications, you have to understand how email was used at the time. Unlike today, in 1986 email was still in its infancy and, because of the expense involved, it was rare for third party providers to store these communications. Because electronic communications were not typically stored by third parties for great lengths of time, the law placed different restrictions on the government depending on the age of the communication it sought to access. Under the ECPA, the government is required to obtain a warrant in order to compel a third party service provider to disclose electronic communications if the communication has been stored for 180 days or less. Congress considered massages that had been stored longer than 180 days to be abandoned and therefore, the government could gain access to older communications with a simple subpoena. Similarly, other types of remotely stored data could also be obtained through a simple subpoena, regardless of the age of the data.
What is the Difference Between a Subpoena and a Warrant?
Subpoenas and warrants are both tools that the government can use to compel someone to disclose information relevant to an investigation. Fundamentally, less is required of the government to issue a subpoena than to obtain a warrant. Most federal agencies have some form of administrative subpoena power, under which they can seek information relevant to an investigation without needing to go through a judge or grand jury. In order for the government to obtain a warrant, however, it must make a request to a court and demonstrate it has probable cause to believe that the information sought is related to a crime.
What Has Changed Since the ECPA was enacted?
The ease with which the government can issue subpoenas and lack of judicial oversight has created more concern among privacy advocates as our use of technology has changed.
Since the ECPA was enacted in 1986, the use of email and other forms of electronic communication, like texts and private messages on social media, has become commonplace. The cost of storage has dramatically decreased, and web-based email services like gmail are in wide use. Likewise, people use cloud storage services for everything from photos to music to documents. The amount and type of data stored by third parties like Google and Facebook is well beyond what the drafters of the ECPA envisioned.
While Congress has allowed the ECPA to grow stale in the face of decades of technological change, courts and state governments have begun to act. Separate federal appeals courts have extended Constitutional protections to stored emails and text messages, limiting the government’s ability to subpoena records under the ECPA in those jurisdictions. Recently, the State of California enacted its own electronic communications privacy law, known as the CalECPA, which requires state government agencies to obtain a warrant in order to access electronic communications.held by service providers.
Proposed Changes to the ECPA
With courts and states chipping away at the law, Congress is now itself close to making some updates through amendments to the ECPA. Both the House of Representatives and the Senate are considering bills to amend those portions of the ECPA dealing with government access to stored electronic data. The bills are very similar and would generally require the government to:
- Obtain a warrant based on probable cause before requiring a third party service provider to turn over electronic communications, and
- Notify the customer whose communications it obtained.
The bills do allow for some limited exceptions, including a carve out for subpoena power used by the government to access employee communications on an employer-run communications system. For the most part, though, the bills would remedy the out-of-date notion that e-mails stored over 180 days by a service provider are somehow deserving of less protection than those stored for a shorter period of time. If the amendments are passed, the law would treat all electronic communications the same, regardless of how long they’d been held and by what kind of service provider. Both bills appears to have broad support across both parties, and the House bill is set to be discussed in committee next month. Whether that support and momentum is enough to get a bill passed in a presidential election year remains to be seen. There is hope, though, that the law that generally controls how the government can access our electronic communications will be brought more in line with our current technology.
If you have been charged with a federal crime and are looking for a tough defense lawyer, please contact the Law Offices of Hope Lefeber for a free initial consultation. I have over 30 years of experience defending clients from across the New York City area and am ready to fight for you too.