It's about time! A new bill introduced to the U.S. Senate would update digital privacy laws and finally require the government to get a probable-cause warrant before snagging email and other private communications stored in the cloud. Mostly . . .
The Electronic Communication Privacy Act of 1986 was enacted 25 years ago, long before email, documents, and photos were stored in the cloud - back when a cloud was something in the sky that sometimes poured rain - before people had mobile phones that tracked them, way back when connecting to the Internet via dial-up modem was a slick trick. It probably never would have crossed any of our minds that the government would be able to snatch our email communications, read our IMs, or that we would carry around portable location tracking devices such as our phones.
Sen. Patrick Leahy, chairman of the Judiciary committee, was the lead author of the Electronic Communications Privacy Act Amendments Act of 2011 [PDF]. Commonsense changes to the ECPA would improve privacy protections, require a warrant based on probable cause (in most cases), and would provide "new privacy protections for American's location information that is collected, used or stored by service providers, smartphones and other mobile technologies."
Leahy said, "Since the Electronic Communications Privacy Act was first enacted in 1986, ECPA has been one of our nation's premiere privacy laws. But, today, this law is significantly outdated and out-paced by rapid changes in technology and the changing mission of our law enforcement agencies after September 11. Updating this law to reflect the realities of our time is essential to ensuring that our federal privacy laws keep pace with new technologies and the new threats to our security."
While this is good news for American's privacy and civil liberties, the bill still has plenty of problems. Leahy also called for improved "law enforcement tools." For example, the government can still get hold of past cell phone geolocation data without needing a warrant. It also, as the EFF noted, "expands the government's authority to use National Security Letters to obtain rich transactional data about who you communicate with online and when, without probable cause or court oversight."
Without needing prior court approval, the FBI uses National Security Letters for bigtime domestic spying, to get hold of websites a person visits, to get hold of a list of email addresses with which a person has corresponded, and basically uses the NSL provision to, as the ACLU reported, "compile vast dossiers about innocent people." The FBI can also "gag" a person and thereby forbid them to tell anyone about the NSL.
In regards to enhancing cybersecurity, the bill includes a provision that would allow "service providers to voluntarily disclose content to the government that is pertinent to addressing a cyber-attack involving their computer network. "
The ACLU reported, "Honestly we'd like to see the law go further. The ACLU thinks major reform should include a warrant for your past location - not just current tracking, reporting requirements on how police use these legal tools, and a suppression remedy (where the court would bar police from using any of these records if they violate the law when they collect them)."
All in all, however, the ECPA updates are a good deal, a great start, and could inspire a little happy dance. The EFF, the ACLU, and many other privacy advocate groups will be fighting for American's digital privacy rights and civil liberties as this bill moves forward.
Like this? Here's more posts:
- State Police can suck data out of cell phones in under two minutes
- TinKode Hacked NASA's Goddard Space Flight Center
- Michigan State Police reply to ACLU about cell phone data extraction devices
- Thanks to ID thieves, your child may have more debt than you
- Julian Assange: Facebook is a "spy machine" for US Intelligence
- FBI: Surveillance "going dark" or obsessed with porn and doing a poor job?
- Ridiculous DHS list: You might be a domestic terrorist if...
- Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens
- Patching Windows is a major time sink for IT departments
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited