On December 1, 2015, the House Judiciary Committee (Committee) held a hearing to discuss the Email Privacy Act (H.R. 699), a bill that would reform the way in which law enforcement agents can collect electronic communications and associated data from third-party electronic service providers during an investigation, currently governed by the Electronic Communications Privacy Act of 1986 (ECPA). Law enforcement agents, technology industry representatives, and privacy and civil liberties advocates discussed the need to modernize ECPA to accommodate technological advancements made in the 30 years since the law was enacted.
ECPA currently requires law enforcement agents to obtain a warrant for electronic information sought in the course of an investigation, but applies only to emails in transit or stored on a server for less than 180 days. The government is able to gain access to electronic information older than 180 days through a subpoena, which can be easier to obtain than a warrant. ECPA was passed before indefinite cloud storage of email was a common practice, which has led to a significant volume of electronic communications older than 180 days becoming available to law enforcement by means of a subpoena. It also distinguishes between messages stored in “electronic communication services” and “remote computing services,” distinctions which were relevant in 1986 but lack application to modern communications networks.
In response to these issues, Representative Kevin Yoder (R-KS) introduced the Email Privacy Act, which would eliminate ECPA’s different treatment of electronic communications stored for fewer than, or more than, 180 days, and ECPA’s distinction between an “electronic communication service” and a “remote computing service.” Regardless of the age or the type of service provider, the government would be required to obtain a warrant from a court before requiring providers to disclose the content of a communication. The bill also would amend existing law to prohibit a cloud services or email provider from knowingly divulging to a government entity the contents of any stored electronic communication without a warrant, and would revise provisions of ECPA under which the government may require a provider to disclose the contents of such communications. Other provisions of Rep. Yoder’s bill would address procedural and notice requirements for the government upon obtaining a warrant, as well as other related measures.
During the hearing, witnesses expressed unanimous support for a digital information search warrant requirement but could not agree on the specifics of how to move forward. Representatives from civil and criminal law enforcement agencies expressed concern that the Email Privacy Act would limit their ability to investigate unlawful activity. Some advocates noted that in trying to keep pace with advances in technology, judicial interpretation of a technologically outdated law has harmed small businesses and created uncertainty around new technologies that rely on the use and storage of electronic information. Rep. Jerry Nadler (D-NY) asked how the bill would impact American businesses. An industry representative explained that the bill would help address the global misperception that the U.S. government has overly broad access to data held by U.S. companies.
The Email Privacy Act has 308 cosponsors. Committee Chairman Bob Goodlatte (R-VA) did not indicate whether he would recommend the bill for markup.