'Email Privacy Act' Expected To Pass In U.S. House Next Month

Last year, House members introduced the Email Privacy Act (H.R.699) to amend the three decade-old Electronic Communications Privacy Act (ECPA) of 1986, which hasn’t kept up with today’s technologies and modern privacy realities.

The ECPA also has some serious flaws, such as not requiring a warrant from law enforcement to obtain electronic communications, as well as allowing law enforcement to obtain emails older than 180 days without any court order (as they are considered “abandoned”).

The ECPA reform has been delayed for so long that the ACLU has taken matters into its own hands and started encouraging legislators to support ECPA reforms that require a warrant for electronic communications requests in at least 16 states.

Virginia Representative Bob Goodlatte, who is the House Judiciary Committee chairman, said that the ECPA flaws and more will be fixed at the federal level as well in the new EPA legislation:

“It’s clear that the law needs to be modernized and updated to ensure it keeps pace with ever-changing technologies so that we protect Americans’ constitutional rights and provide law enforcement with the tools they need for criminal investigations in the digital age. I look forward to moving this legislation through the Committee next month and working with House leaders to bring the bill to the floor.”

The EPA bill requires the government to get a warrant from a judge before asking a communications service provider for its data, regardless of how long the data has been held by the provider or whether the data is requested from an “electronic communications service” or a “remote computing service”. This solves the two major flaws the ECPA has had for the past three decades.

Another major improvement is that the law enforcement agencies will also have to serve the owner of the data a copy of the warrant within 10 days of receiving that data. If it’s another government entity, it needs to serve the copy of the warrant within three days of receiving the data. However, the government can request delays of the notification from the judge.

Having to serve a copy of the warrant directly to the owner of the data seems to just make common sense. Even if in the 21st century we store our information on other companies’ computers, it doesn’t mean that data is not ours anymore, or that just about anyone can go look through it without us having to know about it.

The EPA still doesn’t say that only the owner of the data should be served with the warrant, but serving both the company that holds the data as well as the owner seems like a relatively reasonable compromise.

Kansas Representative Kevin Yoder, who is a co-sponsor of the bill, believes that it should pass easily through the House:

“With 308 of my colleagues – a majority of both Republicans and Democrats – and a majority of the Judiciary Committee in support of the bill, the markup should be brief and the bill should swiftly move to the House floor for passage.”

The bad news is that although a majority of Congress has supported the bill as it is, the Department of Justice and other law enforcement agencies have managed to stall the passage of the bill by demanding some rather large carve-outs, such as the ability to bypass the warrant requirement in case of “emergencies.”

The problem here is that although in theory it doesn’t sound like a bad idea, the U.S. government has already been abusing such powers for a long time. For instance, the National Security Letters, which don’t require a warrant from a judge and could previously gag a company or individuals for life, were initially meant to be used in actual “national security” situations, but the vast majority of them ended up being used in drug-related cases.

Google has also opposed this carve-out in the EPA bill, because it experienced the same situation. When the government gets such exemptions, it tends to abuse them.

"It unfortunately appears to be the case that some law enforcement officials make emergency disclosure requests because it is easier than getting legal process, with the checks that come with it, even though legal process is available in a timely manner," said Google's Richard Salgado.

Even if the emergency clause remains in the bill, it should be strictly defined for exactly what type of situations in which law enforcement can use those powers, to ensure they aren’t abused, or at least to limit the potential abuse.

The Email Privacy Act is expected to be put up for a vote on the House floor next month, and it could become one of the most significant privacy reforms in recent times, especially if the emergency carve-outs are significantly limited.

You can watch the most recent House hearing on the EPA legislation in the video below.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • tsnor
    just wow: "... such as not requiring a warrant from law enforcement to obtain electronic communications, as well as allowing law enforcement to obtain emails older than 180 days without any court order (as they are considered “abandoned”). "

    I'd rather our government just tell us they have full access then having them game the system while giving the appearance of privacy.

    Good article.
  • hellwig
    180 Days. I guess way back when, they convinced our legislators that leaving email on the server was equivalent to leaving mail in a PO Box.

    Of course, today, you rarely have to option to remove email from the server, least of all the the desire to do so. If I want to read my email on my computer, phone, tablet, etc..., it has to be in a central location, and that location is the server.

    Glad they're updating the law to reflect the technology available since the late 90's.
  • surphninja
    I'm interested to see if more carve-outs are revealed. I find it hard to believe that actual privacy protections are going to get through the house without being neutered.
  • f-14
    hard for me to understand how dumb every one has to be to not understand the original bill of rights already covers this past, present and future yet to be:
    the founding fathers didn't have the telegraph or the telephone yet the courts knew that the 4th 9th and 10th amendments already applied:
    Amendment IV

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    This amendment was created by the Founding Fathers as a response to the British practice of random searches of homes, businesses, and persons, again as an attempt to terrorize the colonists into silence and inaction as the Currency Act looted the profit of their labors for the Bank of England. The intention of the Fourth Amendment was to prevent the government from entering your home, place of business, or searching your person simply because they wanted to, or as part of a general campaign of intimidation. Evidence of actual wrong-doing, and not just disagreement with the government, had to be presented by the police to the courts, for a warrant for such invasion to be granted. Although neither the telegraph or telephone existed at the time the Fourth Amendment was ratified, under the 9th Amendment, 4th Amendment protections extend to new technologies. In the present day that includes computers and cell phones, although the government, attempting to justify the NSA spying on all Americans takes the position they do not.

    Amendment IX

    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

    This is one of the most important Amendments, yet one of the most overlooked. This Amendment makes it clear that the people have additional rights over and above those enumerated here, and that the non-inclusion in the Constitution cannot be used as an argument denying those rights. This Amendment was added by the Founding Fathers who were well aware that the future would bring changes to the world which they could neither predict nor prepare for. Among their own members was Ben Franklin, whose own discoveries and inventions made it clear the world was changing in unpredictable ways. The Ninth Amendment makes it clear that the people would need and automatically enjoy additional rights that arose as the nation grew, and that the government was not allowed to deny the people basic rights simply because new methods of communication and industry were developed. This, it can be argued that the current government's insistence that electronic mail not enjoy the same Constitutional protections as paper mail is a clear violation of the 9th Amendment.

    The Tenth Amendment is very explicit in constraining the government to their authorities as set forth in the Constitution. Unlike the Ninth Amendment, which grants presumption of additional rights to the people, the Tenth Amendment strictly limits the authority of the US Government to those powers and authorities enumerated in the Constitution. Simply put, if an authority is not in the Constitution, the government may not presume or arrogate that additional authority to itself. Again, the intention of the Founding Fathers was to design a system of governance that would hold in check the natural tendencies of those in government to expand their authority and control at the expense of the people.

    The Constitution is the original contract with America. It's purpose is not only to tell the government what it may do but to make clear what it may not do. The government created by the Founding Fathers is legal and legitimate only when it operates inside those limits imposed by We The People in that document. The Founding Fathers understood that government will not, of its own accord, constrain itself to the rules, and left it up to We The People to enforce that contract, by force if need be, granting us the right to keep and bear military arms equal to those of the standing army should it ever become necessary to do so.

    i copy and pasted from some one who said it better and clearly knew more than most of us today are capable of comprehending.

    What Really Happened
    Commentary on the Bill of Rights.
    As the United States government continues its war against the nation created in 1779, it has become all too obvious that many Americans, although they will talk about the Bill of Rights, remain unclear as to what it says and what it means. Partly that is due to endless government and corporate media spin, and partly because the language spoken in this nation has changed so much from the time of the writing of the Constitution to the present day, that many people are confused as to what was actually intended. On the occasion of the New York Times publishing an op-ed calling for the abandonment of the Constitution and the Bill of Rights, I offer some clarification.
  • Feng__
    E-mail should be considered just as precious as post. If they are going to use this 180 day thing, then there should also be a "twin" piece of legislation requiring email hosts (Hotmail, Google etc) to "allow" us to delete mail immediately... instead of just "disappearing" it. I don't want any shadow copies out there. We also need basic controls for the often-forgotten "sent mail", "drafts", "important", "starred" etc,etc. I don't care if email is 20 years old, nobody ever "abandons" it. Also, any email on remote servers.. that do not show up on the user's interface ("disappeared mail").. that should have been deleted, should be considered "STOLEN mail" and we should be able to have legal recourse, no matter the contents or value of the mail, with the person or entity in possession of it.

    Or better yet, remind Congress of the 9th amendment, and that they are in violation of it.