For about 31 years now, our electronic data — such as our email messages — has been protected by the Electronic Communications Privacy Act (ECPA). That’s just about forever in technology, and the ECPA was thus enacted long before the internet became such a widespread phenomenon.
Since 2011, privacy-minded individuals and organizations like the Electronic Frontier Foundation, along with a number of technology companies, have been calling for the ECPA to be revised to bring it in line with modern privacy considerations. Now, the United States House of Representatives has passed a new Email Privacy Act that could address some concerns with the aging ECPA, as PCWorld reports.
The Email Privacy Act is primarily concerned with revising how law enforcement agencies can gain access to users’ electronic records, and seeks to protect data no matter how long it’s existed. Its mission is to address the ECPA provision that affords more protection to newer data, requiring judges to issues warrants for accessing data on paper or electronically that was stored within the previous 180 days.
Beyond 180 days, according to the ECPA, law enforcement agencies armed with mere subpoenas can get access to cloud- or third-party-hosted data that’s older than 180 days. The Email Privacy Act would amend that to require judge-issued warrants for this older data as well.
The Email Privacy Act will now need to make its way through the Senate before heading to the president for his signature, something that a similar billed passed unanimously by the U.S. House of Representatives in April 2016 failed to do. The new law has 109 cosponsors in the House, making it a popular bill in that chamber of Congress, while critics fear that the law will make it more difficult for law enforcement to investigate crimes and terrorism.
Should the bill become law, organizations like the Consumer Technology Association will be thrilled. As Gary Shapiro, that organization’s president and CEO, put it, “(The ECPA was) written before Congress could imagine U.S. citizens sharing and storing personal information on third-party servers, (and) is woefully out of date.” Clearly, he’s correct, as only 10 million email accounts exists when the ECPA became the law of the land — far less than the billions of users passing information around the internet today.
