Unsurprisingly, witnesses who testified today before the Senate Judiciary Committee in favor of reforms to the Electronic Communications Privacy Act stressed that the law, passed before the down of the public Internet, is showing its age.

Privacy expectations have shifted significantly since ECPA was passed in 1986. As I wrote Monday in Slate, it makes more sense to look back to 1967, when the Supreme Court’s understanding of the Fourth Amendment stressed the need to protect “people, not places.”

Even so, the pro-reform witnesses made plenty of good points. (The witnesses and their written testimony, together with a stream of the testimony, are available here). Perhaps the best was this passage from the Center for Democracy and Technology’s Chris Calabrese:

A short (and probably incomplete) list of the communications content that I store with third parties today includes:

  • Work and personal email,
  • Text messages,
  • More than a decade of photographs,
  • All of my music,
  • My passwords to all my online accounts,
  • Social networking posts – many of which are shared with very few people,
  • My notes – both personal and work,
  • All of my personal contacts,
  • My calendar,
  • Hundreds of books, and
  • Home videos and movies.

Calabrese’s point is compelling; now that we trust service-provider third parties with so much of our lives in the form of digital data, it makes sense for Congress to update ECPA by strengthening the warrant requirements for agencies that seek our electronic communications from the likes of Microsoft and Google.

However, Calabrese’s testimony notes that a reform bill like the Lee-Leahy ECPA Amendments Act or its House counterpart – sponsored by Reps. Kevin Yoder, R-Kan., and Jared Polis, D-Colo. – “does not fix all the problems” with ECPA. In particular, it doesn’t address the metadata problem or the social-network problems (obtaining all of your contacts!), where a warrant should be required even when the state or federal agency is not seeking the content itself.

As modest as the House and Senate ECPA proposals are, they still are drawing fire from federal and state agencies that have grown used to being able to Hoover up gigabytes of user data with subpoenas, rather than search warrants. In particular, the Securities and Exchange Commission is anxious to preserve its right to capture email with only an administrative subpoena.

What makes SEC’s testimony particularly odd is that the commission’s former chief litigation counsel told reporters this week that a recent federal court ruling imposing warrant requirements for email seizures “has had no impact on [the SEC’s] ability to enforce securities laws.”

Featured Publications