Today the Senate Judiciary Committee debates major changes to federal agencies’ and law enforcement’s ability to access the content of digital communications by updating the Electronic Communications Privacy Act (ECPA) to require warrants for the first time for cloud data over 180 days old. Somewhat ironically, the ECPA changes are tied to legislation lobbied for by Netflix that would reduce the privacy of video viewing habits by requiring only one-time consent to share viewing history.
The update to the ECPA is a long time coming: The law dates back to 1986, long before the dawn of many of the platforms it applies to, including Facebook, Twitter, Gmail, and smartphones. Under ECPA, agents can snoop around in remotely stored data that is more than 180 days old by merely asking service providers for the information or getting an administrative subpoena — no warrant needed, meaning no need to prove probable cause. Cyrus Farivar at Ars Technica explained the historical context when the update first appeared on the horizon earlier this fall:
When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered “abandoned” after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days.
Privacy advocates have long considered the law to be inadequate for current technology and practices, such as the increasing consumer use of smartphones — a position supported by the 1.3 million requests for user information in the last five years that wireless carriers reported responding to, as warrants for wiretap surveillance dropped 14 percent.
Last week Senate Judiciary Chair Patrick Leahy (D-VT), the author of the original ECPA and the proposed amendment to require warrants, denied reports his update had been altered to continue allowing more than 22 federal agencies access to cloud data without a warrant.