For more than four years we have been telling you that law enforcement can get to any electronic communications you have stored for more than 180 days in the cloud (and that ‘cloud’ is just a fancy word for “somebody else’s computer”). This is because the Electronics Communication Privacy Act (ECPA) only requires a subpoena in order for a governmental agency to get at those communications records that you have stored on that third-party server – they do not need a warrant.
As we explained four years ago, “What this means, as the ECPA (a law which is nearly 25 years old) stands, is that any electronic communication that you have stored in the cloud for more than 180 days can be demanded without a warrant. And you can be sure that the definition of “electronic communication” that a governmental agency would apply would be elastic enough to include anything in electronic form.”
Enter the Email Privacy Act, which is intended to amend the ECPA so that law enforcement will be required to obtain a warrant before they can poke through your electronic communications (i.e. email). Of course, they still don’t have to disclose the warrant to you until ten days after they receive your communications (three days if you’re a fellow governmental entity), however many storage and data providers now pledge to notify you as soon as they receive such a request (for a list of those known to do that, and more, see the EFF’s ‘Who Has Your Back’ list).
A Sample of who Does and Doesn’t ‘Have Your Back’
Yesterday the U.S. House of Representatives passed the bill unanimously, which means that if the bill clears the Senate, it could be on the President’s desk to sign while he’s still the President.
Says the bill summary:
“The purpose of H.R. 699 is to update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs. In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to protect both the privacy of an individual’s electronic communications and provide the government with a means for accessing these communications and related records. Although passed at the infancy of the Internet, the Stored Communications Act (SCA), a chapter of ECPA, has been interpreted over the years to cover the content of emails, private Facebook messages, YouTube videos, and so-called “metadata,” or non-content information, associated with Internet transactions. Congress originally modeled the new law on the Right to Financial Privacy Act in order “to protect privacy interests in personal and proprietary information, while protecting the Government’s legitimate law enforcement needs.” The Senate Report also stressed that the legislation was intended to strike a “fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies.”
So, if you care about this at all – and if you’re on the Internet, which you clearly are right now – you should, contact your Senator’s office and tell them you want them to vote to pass the Email Privacy Act.