With Privacy Legislation, Congress Can Safeguard the Digital Domain
June 6, 2017
This article appeared in Inside Sources on May 17, 2017
Seemingly overnight, sending an email has become fraught with peril. Every day, we hear reports about phishing scams and malevolent viruses designed by cybercriminals and belligerent governments alike. But, unknown to many surfers of the digital domain, our own government has exploited loopholes and ambiguities in current law to snag important user information without obtaining permission in a court of law.
In contrast to clear-cut Fourth Amendment prohibitions on physical property services, the law has little to say about privacy rights in the virtual space. And, vagueness in legal restraints leaves the door open for large, open-ended government investigations that squander hard-earned taxpayer money.
Lawmakers tried preemptively to limit this government overreach by passing the Electronic Communications Privacy Act in 1986, which required bureaucrats to obtain warrants to view most digital communications. The law, however, was written at a time when “clouds” referred only to liquid droplets and not storage for information.
The advent of large, third-party storage mediums by corporations such as Apple and Google has enabled an exodus of billions of emails, pictures and documents to cloud systems in the digital space. And unlike content stored on email accounts, items indefinitely stored by third-party providers may be obtained by the federal government without a warrant. This problem is particularly acute in the international space, where the Department of Justice claims the right to collect any data hosted on U.S.-owned overseas servers.
Legal ambiguity started to develop in 2013, when the Justice Department successfully forced Microsoft to relinquish content hosted in Ireland. Email communications, stored at a Microsoft server in Dublin, were deemed by Justice to be necessary in pursuing charges against a non-American drug trafficker. While the New York District Court agreed with the feds that reaching against national lines negated any need for a warrant, the 2nd Circuit Court of Appeals begged to differ. The court sided with Microsoft, disallowing Justice from any further warrantless misadventures unless the Electronic Communications Privacy Act is altered. The department now operates in a legal void, in which court decisions have superseded legislative mandate in determining conduct. Lawmakers must decide whether to provide Justice with blanket powers to seize communications held abroad, or enshrine limitations found by the court system. This ambiguity is bad for taxpayers and all Americans.
But enabling the federal government to collect wantonly such a wide swath of information on foreign servers opens the door to unintended consequences. Back in the 1960s, the bulk storage of communications opened the door to the intimidation and harassment of civil rights activists. The National Security Agency’s wide net, operating in a legal gray zone, has also enabled virtual Peeping Tomsin the present day.
Allowing the government a carte blanche to sweep foreign communications also sets the stage for future confrontations with allied nations, whose citizens will inevitably be thrown into our surveillance net. Commercial and diplomatic relations with the European Union and China have already been harmed by revelations of the NSA’s spying program, and the inferred sovereignty violations.
Overt displays of the same hubristic behavior will likely have the same effect, causing further headaches for American diplomats and corporate officers looking abroad.
Fortunately, there is a way forward that can provide certainty for law enforcement while safeguarding digital privacy. The International Communications Privacy Act (ICPA), introduced in the previous Congress by Sens. Orrin Hatch, R-Utah, Dean Heller, R-Nevada, and Chris Coons, D-Delaware, would require a warrant for the collection of any data stored on a third-party server, regardless of the location of said server and the length of time the data has been stored. U.S. government bodies will also be required to obtain permission from international governments before seizing information in their jurisdictions, safeguarding the reputation of American businesses and diplomats.
Striking an optimal balance between safety and privacy requires legislation that can make sense of changing technologies, and provide straightforward rules to police conduct on the digital domain.
By passing the ICPA, Congress can demonstrate that this delicate compromise is possible in an ever-changing world. By passing the ICPA, Congress can also enable the Justice Department to bring criminals to justice, while guaranteeing that Americans’ personal information will be safeguarded.