Amending the Electronic Communications Privacy Act (ECPA) has long been under consideration in Congress, but recent testimony indicates that ECPA reform may have deeper implications for companies subject to FTC investigations.
The ECPA, passed almost 30 years ago, generally prohibits the unauthorized access to communications systems and the disclosure of the contents of wire and electronic communications by a service provider. The ECPA Amendments Act of 2015 (S.356/H.R. 283) is intended to “bring privacy protections for the digital world in line with those in the physical world.”
Since its introduction in Congress, several stakeholders have raised concerns that the current bill could hamper civil investigations by regulatory agencies, such as the FTC or SEC, since these agencies – like all others – must have a warrant to obtain emails and other electronic communications. On September 16, 2015, the Senate Judiciary Committee held a hearing entitled “Reforming the Electronic Communications Privacy Act” to provide stakeholders the opportunity to provide additional insight.
In testimony by Daniel Salsburg, FTC’s Chief Counsel in the Office of Technology, Research and Investigation, Salsburg explained that although the Commission does not currently seek the content of electronic communications from ECPA service providers, he believes that in the future, as more electronic communication moves to the cloud, the effectiveness of the FTC’s fraud prevention program may be hampered if the proposed legislation is not appropriately modified. Where the target is a fraudulent marketer, for example, obtaining the electronic communications through a civil investigative demand (“CID”) to the marketer may not be a viable option, and the FTC should be able to obtain this information through warrantless means.
Notably, Salsburg requested the ECPA be modified to:
- Allow the FTC to obtain copies of previously public commercial content that advertises or promotes a product or service directly from the service provider, without a warrant; and
- Provide a judicial mechanism that would authorize the FTC to seek a court order directing the service provider to produce the content if the FTC establishes it has sought to compel it directly from the target, but the target has failed to produce it.
So what does this mean for your business?
Depending on if, and to what extent, this language is included in the ECPA Amendments Act, the FTC (and perhaps other civil investigative agencies) may have the broad authority to obtain, via simply court order, electronic communication content from third-party service providers. It is unclear, however, whether this would be limited solely to entities that refuse to participate in a civil investigation, or could extend to a situation where the target entity has participated in a CID, but the FTC believes the entity has not provided the agency with the information it is looking for.
Notably, in a statement released the same day, FTC Commissioner Julie Brill dissented with her colleague, saying that it is “exceedingly rare that it would be useful for the FTC to seek content through ECPA,” and highlighted the inherent privacy concerns and questionable constitutionality of Salsburg’s request.
Nonetheless, with 23 co-sponsors in the Senate, and more than 300 supporters in the House, companies should continue to monitor the ECPA Amendments Act and any corresponding revisions.