The written testimony of today’s witnesses on ECPA reform is available online at http://judiciary.house.gov/hearings/hear_100923.html.
The first panel of the day consisted of representatives of major cloud service providers and they provided a fairly uniform message to the committee: treat all e-mail equally, regardless of whether it is open, unopened, or residing in the cloud or on the individual’s PC — require a warrant. Similarly, people expect that their calendars, journals, and other files are private and should require a warrant for access. The witnesses also made the point that in its current form, it is very difficult for businesses dealing with non-U.S. clients who are expecting greater privacy controls based on their laws. By requiring a warrant/probable cause standard for access to data in the clouds, the U.S. would be more aligned with European standards, which would help promote the business model. There were repeated references to DigitalDueProcess.org, a coalition of organizations and individuals.
The second panel was a bit more diverse in its views as it also included representatives of law enforcement. Their concerns were more oriented to ensuring that data were retained to be available to law enforcement and that the standards and methods be simplified and made clearer. Although Representative Franks repeatedly suggested that a warrant standard might be an undesirable hurdle for law enforcement, the witnesses themselves did not make that forceful an argument. Certainly exigent circumstances would apply just as they do in brick-and-mortar search and seizure situations.
I hope Congress is really hearing the message: by providing uniform and better privacy protections, not only would Congress be enacting legislation that many of us believe is more consistent with the intent of the Fourth Amendment, but it will provide a brighter line for law enforcement who will know what they need to do to gain access to data. It will also prevent some of the “undesirable outcomes” referred to by Kurt F. Schmid, Executive Director, Chicago High Intensity Drug Trafficking Area:
If no action is taken to reform ECPA, other less desirable outcomes, namely awaiting a Court’s decision sometimes promulgated by officials not sufficiently steeped in relevant technological, law enforcement operational and/or privacy issues may determine how we deal with these complex issues. This type of undesirable outcome can lead to long periods of having to comply with flawed case law.
Providing a bright line that requires what kinds of requests require a warrant and what may be obtained by a subpoena without notice will only serve the country well, however, if privacy protections are raised above their current level. A bright line that says that no warrant is required may give law enforcement reason to dance with joy but it screws the public, to put it bluntly.