The Senate bill that will keep the cops from pulling a Petraeus on your Gmail account

Email protection bill - a guide

If only the FBI had waited a little longer to begin investigating former CIA director David Petraeus, the war-time general might still have a job. That’s because the Senate Judiciary Committee this week unanimously approved an online privacy protection amendment that, if passed by the full Congress, will make it illegal for law enforcement to snoop people’s emails without first obtaining a probable-cause search warrant from a judge.

But the good things about this bill don’t stop at greater protections for our emails. In fact, there’s a whole slew of things to root for in this package of legislation. Here’s a brief guide to the one bill in Washington that we can all get behind.

Two for one

The email protection measure, proposed by Sen. Patrick Leahy (D-VT), was tacked on to another bill officially titled H.R. 2471 (PDF), sometimes called the “Netflix bill.” It got that name because H.R. 2471 would amend something called the Video Privacy Protection Act (VPPA). Passed in 1988 and authored by Leahy himself, the VPPA prohibits the disclosure of video rental history without a person’s express consent.

The bill came in response to a Washington City Paper article about then-Supreme Court nominee Robert Bork that disclosed which videos he’d rented. (Bork, a controversial figure, had nothing to hide, really, but the disclosure still freaked out everyone in Congress who thought he might be next.) Due to its broad language, however, the VPPA currently prevents video streaming services like Netflix from automatically disclosing which videos we watch. This is why you can see what songs your Facebook friends are listening to on Spotify, but cannot see which movies they are watching on Netflix. Of course, Netflix wants to change this, and it looks likely that that will happen with the passage of H.R. 2471 – VPPA is simply out-of-date. If the “Netflix bill” passes, Netflix users will be able to opt-in to automatically posting the movies they watch to their Facebook Timelines. The opt-in will be valid for two years at a time.

Because of the relative popularity of H.R. 2471, Leahy decided to tack on his amendment, the Electronic Communications Privacy Act Amendments Act of 2012 (PDF), in the hopes of expedient passage.

The failings of ECPA

As its (ridiculous) name indicates, Leahy’s amendment would alter the Electronic Communications Privacy Act of 1986 (ECPA) – another bill that was written before the Internet took shape, making it woefully inadequate today.

In its present form, ECPA allows law enforcement to access any file or communication stored by a person on a third-party’s servers for more than 180 days with a simple administrative subpoena. This means law enforcement can currently compel (i.e. require by law) that Google turn over your Gmail emails, Facebook turn over your chat logs, or Dropbox turn over your stored files as part of a routine investigation – even if the police don’t have any evidence to believe that you’ve done anything illegal. The police just have to say that it has reason to believe the information would be useful in their investigation. That’s it. It’s possible that this was the mechanism through which the FBI was legally able to gain access to the various email accounts exposed in the Petraeus scandal.

When ECPA was written, the theory was that data stored on third-party servers for more than 180 days was considered “abandoned,” and therefore; there was no “expectation of privacy” from the person who owned the data. Nowadays, however, the bulk of our communications happen over third-party servers. And most of us would not consider our old emails “abandoned,” just as we wouldn’t consider files stored in our attics to be abandoned.

What Leahy’s amendment does

Simply put: The Leahy amendment eliminates the “180 day rule” for the contents of electronic communications or stored files. If it passes, a probable-cause search warrant – which can only be obtained if there is evidence of wrongdoing – will be required before any service provider (Google, Facebook, Dropbox, your Internet service provider, etc) can divulge the contents of your communications or files to any government entity.

In other words, your electronic files and communications would have the same protections as files stored in your home.

What Leahy’s amendment doesn’t do

Law enforcement will still be able to obtain some of your information with a mere subpoena. This includes things like your name, address, credit card or bank information, the date and time an email is sent, the recipient of an email, which devices you used when conducting electronic communications, and more. It also allows (PDF) federal agents to wiretap or otherwise collect information pertaining to electronic communications for counterterrorism purposes, as outlined by laws like the Patriot Act and the FISA Amendments Act.

It ain’t over till it’s over

Despite the fact that Leahy’s amendment passed the Senate Judiciary Committee with a unanimous vote, it still faces some opposition. In fact, according to CNET, the death of the “180 day rule” almost didn’t happen due to opposition from the law enforcement community, which said the change would make their jobs more difficult.

These concerns were echoed by Sen. Chuck Grassley (R-IA), a Ranking Member of the Senate Judiciary Committee, who said in a statement that he is “sympathetic” to the concerns of law enforcement, and feared the burden imposed on federal, state, and local judiciaries to process requests for warrants pertaining to email and other electronic communications. Still, Sen. Grassley says he understands the need to update ECPA, but wants to “ensure we strike the proper balance between privacy and safety” before passing the measure into law.

Image via  Lichtmeister/Shutterstock