Governance , Information Sharing , Next-Generation Technologies & Secure Development

House Seeks Warrants for Access to Old Emails

Privacy Bill Returns to Senate, Where It Previously Failed Over Amendments
House Seeks Warrants for Access to Old Emails
Photo: Nicolas Raymond (Flickr/CC)

The U.S. House of Representatives gave a unanimous thumbs-up on Feb. 6 to a bill that would require law enforcement agencies to obtain a probable cause warrant to obtain older email content for investigations - a move long championed by technology companies.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

The Email Privacy Act would raise the bar for obtaining emails that are more than 180 days old. Under the current law, the 1986 Electronic Communications Privacy Act, or ECPA, currently only a subpoena is required to access such communications.

The House passed the bill in a 419-0 voice vote. It previously approved the bill in April 2016 by the same tally, but the bill failed to pass the Senate.

One of the main contentions with the ECPA is that it hasn't kept up with the cloud-computing age. Beyond only needing a subpoena to access emails older than 180 days, law enforcement agencies also do not require a search warrant for emails of any age that have already been opened by recipients.

The new bill would revise ECPA to align it with a key 2010 Sixth Circuit Court of Appeals decision, U.S. v. Warshak. In that case, the court ruled that stored electronic content qualifies for the same protection under the Fourth Amendment as physical content, thus requiring law enforcement agencies to obtain a probable cause warrant if they want to access it.

Rep. Kevin Yoder, R-Kan., a sponsor of the bill, says that it modernizes federal law with respect to Americans' digital privacy.

"Many Americans take great precaution to store their emails, on services like Dropbox or in the 'cloud,' yet our federal law perversely treats that data storage as if it's abandoned by its owner, and therefore loses constitutional protection," Yoder said on the House floor shortly before the vote

Privacy Rights Groups: Cautious Praise

The Electronic Frontier Foundation, a privacy rights group, praised the House's vote and encouraged the Senate to send the bill in unmodified form to President Donald Trump.

"The House's unanimous vote on the Email Privacy Act last year and yesterday's voice vote demonstrate bipartisan agreement that the emails in your inbox should have the same privacy protections as the papers in your desk drawer," EFF says in a statement.

The bill failed in the Senate in 2016 after senators attached amendments that expanded law enforcement powers, which some critics contended undermined the bill.

One of the proposed amendments would have allowed the FBI to obtain a person's internet browsing history and email subject lines using a National Security Letter, which doesn't require a warrant, according to USA Today.

Sen. Jeff Sessions, R-Ala., who is on track to become U.S. attorney general, proposed another amendment that would have allowed the government to skip obtaining a warrant in supposed emergency situations, while obviating any potential for later reviewing whether the request had been justified, USA Today reported.

But the EFF says the new bill isn't perfect. For example, the government isn't required to notify people when the government accesses their data through a cloud provider. But the group says that "the reforms in the Email Privacy Act are a necessary step in the right direction."

Trump Card

High-tech companies are closely watching how Trump will approach government surveillance and data privacy issues. His campaign's heavy focus on deterring terrorism would suggest that he might take an even more pro-surveillance line than his predecessor.

The technology industry and civil liberties activists argued that the U.S. Justice Department under former President Barack Obama persistently sought to increase its access to electronic data and undermine defenses such as encryption.

The Email Privacy Act is supported by virtually all large U.S. technology companies, including Google, Facebook, Apple, IBM, Microsoft, Intel and Twitter.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.