This may not be obvious but, as a short trip through some of Buzzfeed’s less serious listicles will quickly reveal, the world has changed since 1986.

Ronald Reagan is no longer president; indeed, he is no longer even alive. Suits no longer have shoulder pads that would make Herman Munster blush. Patrick Bateman of American Psycho has become Batman. The sleek design of the iPhone has replaced the hideous blocks of plastic that once hovered at the ears of Gordon Gekko, himself an artifact of a different age. Video games have changed from the primitive design of the Atari into a story-driven art form capable of just as much pathos as a major film.

Yet, if you looked at electronic privacy law alone, you might suspect that all of these things had never taken place. Why? Because the central piece of legislation that governs this area, the Electronic Communications Privacy Act, has barely been amended at all since then. Indeed, it hasn’t been touched at all since 2008, meaning that at bare minimum, the existing regime has missed the rise of tablets, as well as several generations of iPhones.

Unfortunately, legislative obsolescence breeds abuse, as many Americans discovered to their horror when information about the federal government’s pervasive wiretapping and spying programs became public last year. These abuses – which include snooping on Americans’ emails without a warrant, recording video of them through their computers’ webcams without a warrant and spying on their location using cell phone carriers – are about as clearly contrary to the spirit of privacy law as it is possible to be. Yet, because the law remains an artifact of the era when Wuzzles were popular toys, they persist unabated.

Fortunately, there are actors trying to change the law so it can serve its proper purpose – protecting Americans from undue infringements on their privacy by an often overzealous and power hungry federal government. They have fingered several areas of improvement that need to be addressed. Consider, for instance, this passage from the Center for Democracy and Technology:

In the 25 years since ECPA was enacted, new technologies have emerged, and the ways we use the Internet and communicate with one another have changed dramatically. Two developments stand out in particular: the movement of storage to “the cloud,” that is to network servers, and the development of location-based services and the growing precision of location tracking capabilities of smart phones, cell phones and other mobile devices.

If this sounds abstract, never fear. Even looking only at cloud computing, we can see an unlimited potential for abuse.

For example, consider the fact that it is possible for companies like Facebook and Google to remotely track what people type, but never actually post or save. Now picture this: Someone opens a text document in Google Docs and begins typing angry venting about some topic or another, which invariably devolves down to a frustrated expression of a desire to inflict physical violence. The person then either deletes this (having vented, and therefore having no violent urges left) or unknowingly lets the document autosave before closing the tab in which it is written. How is the government supposed to tell the difference and not immediately stick this person on a watch list?

In fact, imagine someone writes a similarly angry email while drunk, but then saves it in their drafts, fully intending never to send it. However, the government can still see it and begin monitoring the person because of the total lack of context. To make this situation worse, given the fact that leaks of information from the NSA have already been demonstrated as possible, what is to stop a rogue NSA agent from trying to damage a political opponent by leaking damaging private emails or documents stored in a cloud computing system? Answer: Nothing, because all of this can be collected with impunity. And in the event that a rogue hacker manages to hack a government database? There’s no telling what they might find.

Now, it is perhaps unsurprising that opposition to ECPA reform mostly occurs on national security or enforcement grounds. But these forms of opposition miss the point. With respect to law enforcement, because we’re dealing with a law from 1986, the tools which law enforcement and/or the government can use for lawful enforcement are either hopelessly out of date or so poorly defined as to make trying to understand them futile. For instance, as Digital Due Process points out:

ECPA sets rules for governmental access to email and stored documents that are not consistent. A single email is subject to multiple different legal standards in its lifecycle, from the moment it is being typed to the moment it is opened by the recipient to the time it is stored with the email service provider. To take another example, a document stored on a desktop computer is protected by the warrant requirement of the Fourth Amendment, but ECPA says that the same document stored with a service provider may not be subject to the warrant requirement.

The law is so confusing, in fact, that even courts have complained about its inapplicability. Because the legal system operates at a glacial pace, relative to advances in technology, amending the law through case law is impractical and constitutionally incoherent. In short, the enforcement side of the legal system benefits from a reform of the existing infrastructure as well.

With respect to national security, there are valid concerns as well. For instance, it is difficult to see why one should trust the accumulation of massive amounts of data (without regard for necessity) to the federal government’s computer systems. Cybersecurity is a live concern with respect to government computing, and the existence of this much mine-able personal data will almost certainly act as an incentive for hackers. Even if one made the highly optimistic assumption that NSA agents, or similar government workers, are always trustworthy, the same cannot be said for everyone with the technical know-how to access federal servers.

Bottom line: The current regime needs to at least acknowledge the existence of modern technology if it is to succeed. 1986 was a good year for the United States in many ways, but it is time for its electronic privacy regime to enter a much-needed planned obsolescence.

Featured Publications