Electronic Privacy Law May Soon Be Updated

The next time you pick up your smartphone to check your Facebook messages, boot up your netbook to check the latest news, or even use your tablet to upload pictures of your latest adventure, think about how communication has changed since 1986.

Just over 35 years ago, Congress enacted the Electronic Communications Privacy Act (ECPA); a law geared to update the Federal Wiretap Act of 1968 so that electronic communications are protected as they are made, while they are in transit, and when they are stored on computers. It also prevented the government from retrieving (or inspecting) privately held electronic files without a search warrant. However, files held on servers 180 days or longer could be inspected without a showing of probable cause. Essentially, such information was considered abandoned.

Communication in the 80's was very different compared to how we share information today. For example, email was virtually non-existent and few people stored information on servers. Today, there are hundreds of millions of email accounts, and an untold number of gigabytes are stored electronically. Most importantly, information is stored for longer periods of time; providing law enforcement with a treasure trove of information that can be inspected without a warrant.

Privacy advocates have long called for changes to the ECPA, mainly because information stored for longer than six months is hardly considered abandoned by today's standards. Since email has become such a fundamental method of communication, people save their emails indefinitely much like how they save hard copies of reports, letters and other correspondence. While law enforcement would normally need a search warrant to inspect this information, they do not need to establish probable cause to access electronic forms of the same materials.

As such, information stored in cloud-based storage accounts (e.g. Dropbox, Facebook, Google) may be freely accessed. Authorities need only state that the information is "relevant" to an investigation.

According to Wired Magazine, the number of times the government has accessed such information is not clear. A Transparency Report produced by Google in June 2012 revealed that the U.S. Government targeted more than 12,000 accounts in the last six months. However, those numbers do not include requests under the Patriot Act, anti-terrorism orders, or warrantless searches of older information otherwise protected by the ECPA.

Additionally, courts are increasingly conflicted about how the ECPA may be applied. For example, a document stored on a laptop computer (or a USB drive) may be protected by the Fourth Amendment, but the same document stored with an Internet service provider may not be subject to the same protections. But what happens when the document is transferred from one private computer to another through such a provider? Does the document lose its protection because of the mode of travel?

Congress may soon address these issues. Congressmen Jerrold Nadler (D-New York) and John Conyers Jr. (D-Michigan) are working on a bill that would create sweeping changes to how ECPA would apply to electronic communications; especially data stored on "cloud" based systems. In speaking to Wired, Representative Nadler explained that the new law "will ensure that ECPA strikes the right balance between the interests and needs of law enforcement and the privacy interests of the American people."

In the meantime, people who hold emails, pictures and other information indefinitely on servers or cloud-based storage systems should be wary of privacy limits.