From the announcement of a new coalition to promote a new framework and revision to the Electronic Communications Privacy Act:
A broad coalition of privacy groups, think tanks, technology companies and academics today issued principles for updating the key federal law that defines the rules for government access to email and private files stored in the Internet “cloud.” The coalition cited the need to preserve traditional privacy rights in the face of technological change while also ensuring that law enforcement agents can carry out investigations and that industry has the clarity needed to innovate.
To set a consistent standard in line with the traditional rules for law enforcement access in the offline world, the group’s recommendations focus on the Electronic Communications Privacy Act (ECPA). Passed in 1986 and not significantly updated since, it establishes standards for government access to email and other electronic communications in criminal investigations.
“Technology has changed dramatically in the last 20 years, but the law has not,” said Jim Dempsey, Vice President for Public Policy at the Center for Democracy and Technology, who has led the coalition effort. “The traditional standard for the government to search your home or office and read your mail or seize your personal papers is a judicial warrant. The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs.”
The group is reaching out to government officials and anticipates extended dialogue with law enforcement agencies to develop consensus on updates to the law. “Reform will only happen if we can strike the right balance. We have begun discussing our principles with the Department of Justice and others. We look forward to the dialogue,” said Dempsey.
Coalition members include: ACLU, American Library Association, Americans for Tax Reform, AOL, Association of Research Libraries, AT&T, Center for Democracy & Technology, Citizens Against Government Waste, Competitive Enterprise Institute, Computer and Communications Industry Association, eBay, Electronic Frontier Foundation, Google, Information Technology & Innovation Foundation, Integra Telecom, Intel, Loopt, Microsoft, NetCoalition, The Progress & Freedom Foundation, and Salesforce.com. The coalition will continue to add new members.
From the new DigitalDueProcess.org web site, their principles:
Overarching goal and guiding principle: To simplify, clarify, and unify the ECPA standards, providing stronger privacy protections for communications and associated data in response to changes in technology and new services and usage patterns, while preserving the legal tools necessary for government agencies to enforce the laws, respond to emergency circumstances and protect the public.
These principles would not change, and are subject to, the current definitions, exceptions, immunities and permissions in ECPA.
- A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
- A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
- A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
- Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.