Time for the Email Privacy Act to be Signed Into Law

Ross Marchand

January 18, 2017

On January 9, 2017, Reps. Kevin Yoder (R-Kansas) and Jared Polis (D-Colo.) reintroduced The Email Privacy Act.  This legislation would upgrade America’s digital privacy laws by establishing protections against warrantless searches of private emails.  This legislation is needed because the Fourth Amendment’s protection of property against “unlawful searches and seizures” is constantly under siege from home intrusions to warrantless wiretapping. Lawmakers feared that similar abuses would arise in the digital domain, and passed the Electronic Communications Privacy Act (ECPA) in 1986 to safeguard emails from wonton searches. The law, however, was written at a time when “clouds” referred only to liquid droplets and not storage for information. 

The advent of large, third-party storage mediums by corporations such as Apple and Google has enabled an exodus of billions of emails, pictures, and documents to cloud systems in the digital space. And unlike content stored on email accounts, items indefinitely stored by third-party providers may be obtained by the federal government without a warrant.    Agents looking to get their hands on digital material must obtain an “administrative subpoena,” a process considerably easier than getting a warrant. As long as federal agents have a hunch that an email or electronic document hosted on the cloud may be connected to an ongoing investigation, they can lawfully require the hosting corporation to hand over the digital content.

The egregiousness of these lax legal standards has spurred a bipartisan group of lawmakers to attempt reform of ECPA over the past few years.  The Email Privacy Act would close the loopholes in our current system, and require the government to obtain a warrant for emails regardless of where they are. 

Last year, the House passed the legislation by a unanimous majority (419-0).  The Senate, however, stalled progress and failed to take up the legislation.  Administrative agencies such as the Securities and Exchange Commission are largely responsible for this lack of progress. Civil agencies currently do not have the power to obtain warrants, and claim that a new warrant standard would kneecap their ability to bring criminals to justice. The SEC and Federal Trade Commission (FTC) have repeatedly lobbied for exemption from a reformed ECPA, invoking nightmare scenarios to make their case. In reality, however, agencies rarely use the administrative subpoenas they’re so afraid of losing. In 2015 testimony before Congress, the SEC’s Andrew Ceresney and the FTC’s Daniel Salsburg admitted that neither agency used these subpoenas to obtain emails in five years. The proposed “civil agency” exemption to the ECPA is in fact a power-grab that would allow agencies to obtain digital material via a warrant regardless of the content’s age.

As Sen. Michael Lee (R-Utah) has pointed out, allowing agencies to issue subpoenas regardless of how old the content is can result in a “race to the bottom” for legal standards. In this scenario, law enforcement arms such as the FBI can bypass having to get a warrant for digital property by simply going through bodies such as the FTC and SEC. This weakening of the rule of law would result in an erosion of probable cause, and render Americans’ communications vulnerable to collection by the federal government. 

The mass collection of private information has been used time and time again by bureaucrats with malicious intent. The bulk storage of Americans’ communication opened the door to harassment of civil rights activists back in the 1960s and enables virtual peeping Toms in the present day. Even if bureaucrats play nice, our data is still vulnerable to hackers phishing for blackmail and/or financial information. The government has a demonstrably terrible record on cybersecurity, scoring below virtually every private industry in a 2016 study by SecurityScorecard. The massive data breach at the IRS resulting in 700,000 leaked Social Security numbers should be reason enough to distrust the government handling emails. Congress can prevent another fiasco by ensuring that our personal information is well-protected from the whims of bureaucrats. While law-and-order and privacy are often seen as substitutes, legislators can safeguard both by reforming ECPA. 

Last year the House passed legislation reforming ECPA and should do so again this year.  The Senate should pass it and allow the President to sign legislation that would give all Americans the peace of mind that personal information will be safeguarded.