Almost everyone retains old e-mails, some with important and sensitive information. And yet we’d bet few people realize that if e-mails date back more than six months and are stored on a third-party server, the government doesn’t need a warrant to look at them.
“At this moment, law enforcement can access American citizens’ emails without a warrant, even though the exact same messages in paper form would require a warrant,” wrote Reps. Jared Polis, D-Colo., and Suzan DelBene, D-Wash., this month in The Hill. “Law-abiding Americans have a right to be frustrated and upset. While email has developed into one of the most common forms of communication, the laws that prevent government intrusion remain outdated for the 21st century.”
Almost everyone recognizes that the 30-year-old Electronic Communications Privacy Act (ECPA) needs updating. In fact, a bill co-sponsored by Polis that would achieve this goal has become the most popular in Congress in terms of attracting other members to sign on. And it finally may be heard on the House floor next week, after sailing out of the Judiciary Committee on a unanimous vote this month.
Although the authors of ECPA tried to be forward-thinking, no one in 1986 appreciated the extent to which e-mail — and electronic communication in general — would so thoroughly displace other forms of communication.
Meanwhile, the growth of cloud computing in recent years has only served to underline the antiquated nature of the law, putting an ever-growing amount of data into a setting vulnerable to warrantless government access.
Law enforcement agencies are by no means alone in exploiting this warrant-free loophole. Other government agencies such as the Internal Revenue Service have used it as well.
Polis argues that citizens have the same expectation of privacy with their e-mails as they do with voice messages, letters and other forms of communication, and he is surely correct. The Email Privacy Act would simply ensure the same degree of protection for e-mails that most Americans probably already assumed they enjoy under the Fourth Amendment’s bar against “unreasonable searches and seizures.”
If officials do have good reason to see someone’s e-mails, they still have an option: They can get a warrant.
The Email Privacy Act also would alleviate — although not solve — another weakness of ECPA, namely how easily government agencies are able to secure gag orders from courts even when they obtain a warrant for private data stored in the electronic cloud.
As a result, the targeted individuals may never be informed their information has been searched, as they would if agents had seized a personal computer. The privacy act would put a time limit of 180 days on this secrecy.
Last seek Microsoft sued the Justice Department over this issue, arguing the government resorts to secrecy far too often when seeking access to its customers’ information in cloud storage.
“People should not lose their rights just because they are storing their information in the cloud,” said Bradford L. Smith, Microsoft president and chief legal officer.
No, they shouldn’t. Microsoft’s lawsuit and the Email Privacy Act are important fronts in the effort to preserve traditional civil liberties in the digital age.
To send a letter to the editor about this article, submit online or check out our guidelines for how to submit by e-mail or mail.