Digital Due Process Coalition letter on civil investigations
We write to express our concerns about a proposal that would grant federal regulatory agencies authority to require web-based email service providers, cloud service providers and other Internet companies to disclose the contents of sensitive and proprietary communications or documents that they store on behalf of their customers.
American consumers and businesses large and small are increasingly taking advantage of the efficiencies offered by web-based email servers and cloud-based storage and computing. Cloud computing enables consumers and businesses to access their data anywhere and with many computing devices, facilitating collaboration and flexibility and providing cost-effective solutions. American companies have been innovators in this field. Removing uncertainty about the level of legal protection afforded such information will encourage consumers and companies, including those outside the United States, to utilize these services.
S. 607, the Leahy-Lee Electronic Communications Privacy Act Amendments Act of 2013, which the Judiciary Committee approved in April, would make it clear that government agents must obtain a warrant (with appropriate emergency exceptions) if they want third party service providers to disclose content stored on behalf of their customers. The undersigned support S. 607.
Many providers, concerned about the rights of their customers, are already requiring a warrant from law enforcement officials who seek access to content. These providers point to U.S. v. Warshak, a 2010 case in which the Sixth Circuit determined that the Fourth Amendment protects email content stored by third parties. Moreover, the U.S. Department of Justice has stated that it follows the warrant-for-content rule.
However, several regulatory agencies are resisting this reform. Specifically, the Securities and Exchange Commission (SEC) has asked for an exception to the warrant requirement, allowing regulators to demand the content of customer documents and communications from third party providers. That would work a sea change in the way that civil regulatory agencies conduct their investigations. The sweeping change sought by the SEC would extend to all civil investigations conducted by the IRS, EPA, FCC, FEC, CFPB, and the whole panoply of regulatory agencies. It would reverse current law and practice, under which these and other government agencies cannot gain access to more recent communications content from a third party service provider without a warrant.
We believe that it is best to preserve the traditional system. In the traditional system, a regulatory agency serves a subpoena on the target of its investigation requiring that the target turn over documents that respond to the subpoena. Under this approach, the target, or the target’s lawyers, comb through all of the target’s documents regardless of whether they are in a file cabinet, on an internal network, or stored with a third party. The agencies have multiple tools to ensure that targets disclose all relevant but not privileged documents. This process ensures full production, but protects against disclosure of the personal or proprietary records that don’t meet the relevance test.
The SEC proposal would turn that process on its head. If a civil regulatory agency could serve process on the target’s communications service provider, the provider would be forced to turn over all of the information in the target’s account, even if irrelevant to the subject of the investigation or legally privileged, since the service provider would be in no position to make a judgment about what was privileged or relevant. Personal privacy would suffer, and the potential for government abuse would expand dramatically, because an individual or company whose records were sought would have no opportunity to object. This would turn civil proceedings into fishing expeditions at a huge cost to individual privacy and the confidentiality of proprietary data.
Accordingly, we urge you to reject any proposal to give civil regulatory agencies a carve out from the strong warrant protection of S. 607.
Sincerely,
Adobe
Americans for Tax Reform
Arvixe
Association of Research Libraries
Automattic (WordPress.com)
Autonet Mobile
BSA | The Software Alliance
Center for Democracy & Technology
Center for Financial Privacy and Human Rights
Codero
Competitive Enterprise Institute
Computer and Communications Industry Association
The Constitution Project
Council for Citizens Against Government Waste
cPanel
Data Foundry
Demand Progress
Digital Liberty
Discovery Institute
Distributed Computing Industry Association
Dropbox
DuckDuckGo
eBay
Electronic Frontier Foundation
Endurance International Group
Evernote
Facebook
Firehost
FreedomWorks
Foursquare
Gandhi
Golden Frog
Google
Green Olive Tree
Hedgehog Hosting
Hewlett Packard
Information Technology Industry Council
Intel
Intuit
The Internet Association
Internet Infrastructure Coalition
Jumpline
Less Government
LinkedIn
Microsoft
Misk
National Association of Criminal Defense Lawyers
Oracle
Personal
R Street Institute
Rackspace
Reddit
Reed Elsevier Inc.
SAP
ServInt
A Small Orange
Software and information Industry Association
Sonic.net
SpiderOak
TechAmerica
Tech Freedom
TechNet
Tumblr
Twitter
UK2 Group
U.S. Chamber of Commerce
Yahoo!
