Last week, Sen. Patrick Leahy (D-VT) introduced a bill to update the 25-year-old Electronic Communications Privacy Act (ECPA), by seeking enhanced privacy protections during government searches of electronic communications, cloud computing and location-based services. The ECPA Amendments Act of 2011 (S. 1011) would require a search warrant based on probable cause before service providers could disclose to federal authorities the contents of a customer’s electronic communications, whether stored or in transit – eliminating the “180-day rule.” However, the bill would require service providers to provide access to non-content communication records, such as subscriber name and address, in response to federal or state administrative or grand jury subpoenas. Federal authorities can also seek delayed notification to a service provider’s customers for investigative purposes.
The bill also implicates the mobile industry, proposing geolocation information privacy protections. If enacted, the bill would prohibit required disclsoure of contemporaneous or prospective geolocation information without a warrant or court order, with exceptions for emergency response and historical data. At a recent hearing (see Kelley Drye Adivsory), Sen. Leahy expressed his desire for broad application of ECPA to mobile providers and mobile applications. Notably, the bill would insulate electronic communication service providers from liability for providing geolocation information to federal authorities.
Communications providers need to be aware of their current and potential obligations under ECPA and the way in which they respond to requests for sensitive customer information from federal authorities. ECPA reform and the flood of recent privacy legislation (see Kelley Drye Chart) may impact mobile and Internet service providers’ responsibilities to protect customer privacy.