VOL. 36 | NO. 48 | Friday, November 30, 2012
Email privacy legislation clears Senate committee
WASHINGTON (AP) — Over objections from law enforcement officials, the Senate Judiciary Committee has approved legislation that would require police to obtain a search warrant from a judge before they can review a person's emails or other electronic communications.
The bill passed Thursday makes it slightly more difficult for the government to access the content of a consumer's emails and private files from Google, Yahoo, Facebook and other Internet providers. Under the current law, the 1986 Electronic Communications Privacy Act, a warrant is needed only for emails less than 6 months old.
The committee chairman and the bill's sponsor, Sen. Patrick Leahy, D-Vt., said digital files on a computer should have the same safeguards as paper files stored in a home. Americans "face even greater threats to their digital privacy, as we witness the explosion of new technologies and the expansion of the government's surveillance powers," Leahy said during the committee's vote.
The full Senate, which is in a lame-duck session, is not expected to vote on the legislation until it reconvenes early next year. The Republican-led House Judiciary Committee hasn't yet voted on a similar bill introduced by Democrats.
Passage of the bill comes just a few weeks after the stunning resignation of David Petraeus as the head of the CIA over an extramarital affair with his biographer, Paula Broadwell. The case focused the public's attention on how easy it is for federal agents to access people's email accounts.
Privacy advocates and civil liberties groups applauded the committee's action, saying the law is outdated in an era of cloud computing, cheaper electronic storage, social networking and wireless phones. Such advances in technology have dramatically increased the amount of stored communications in ways no one anticipated a quarter of a century ago.
"We are very happy that the committee voted that all electronic content like emails, photos and other communications held by companies like Google and Facebook should be protected with a search warrant," said Chris Calabrese, legislative counsel for the American Civil Liberties Union.
The Justice Department and other law enforcement groups had resisted changes to the law. The associate deputy attorney general, James Baker, urged the committee last year to consider the adverse impact on criminal and national security investigations if a warrant were the only means for law enforcement officials to obtain emails and other digital files.
Petraeus stepped down earlier this month after FBI agents examined messages between him and Broadwell. The FBI obtained a court order, signed by a judge, to read the contents of Broadwell's email account before she was notified she was under investigation. Investigators also used grand jury subpoenas to obtain information about other electronic communications related to threatening messages she is accused of sending to a Tampa socialite.
Sen. Charles Grassley, the committee's top Republican, complained that the bill was rushed through the committee without a rigorous debate over its impact. The bill could hamper investigations by civil agencies, such as the Securities and Exchange Commission, that are charged with protecting consumers against fraud, he said.
But setting the bar higher doesn't prevent law enforcement agencies from doing their jobs, according to current and former prosecutors, judges and attorneys who specialize in privacy issues. Federal law enforcement authorities in four Midwestern and Southern states have been working with the more demanding warrant requirement since 2010 after an appeals court ruled warrantless access to emails was unconstitutional. To get a warrant, a judge must have proof of probable cause that a crime is being committed.
"I don't see anything (in the Senate bill) that's going to seriously concern law enforcement in terms of our ability to request warrants and to get the contents of the material that we need," said Joseph Cassilly, the state's attorney in Harford County, Md., and a former president of the National District Attorneys Association. "Since you've already got to get warrants for the stuff that's less than 180 days, it's obviously not an insurmountable standard."
Nor does the legislation weaken other methods used by law enforcement for collecting electronic information. A subpoena signed by a federal prosecutor — not a judge — will continue to be sufficient for obtaining routing data from third-party Internet providers that can identify the sender of an email and the location where the message was sent.
Police also can use a judicial order to get the "to" and "from" addresses of an email, but not the contents. These orders must be issued by a judge, but the agency seeking one need only show there is reasonable suspicion of a crime — a lower legal standard than probable cause.
In a Nov. 21 letter to Leahy, 30 former federal and state prosecutors and judges said the bill would provide "a much needed judicial check on when the government can access our private digital information." Concerns that the bill would keep law enforcement from acting quickly during emergencies are unfounded, they added, because the Senate bill does not change a provision in the existing law that compels third-party providers to give the government information in situations where lives are at risk or children are being exploited or abused.
Digital Due Process, a wide-ranging coalition that includes Google, Microsoft and Twitter, as well as the American Civil Liberties Union and Grover Norquist's Americans for Tax Reform, has mounted a public relations campaign supporting the Senate bill. The coalition says updating the law will clear the "murky legal landscape" for companies and consumers alike and provide the proper safeguards for the vast amounts of information stored in server farms.
There's money at stake, too. The global market for cloud computing via the Internet is estimated to be $240 billion by 2020. But the Business Software Alliance, a coalition member that represents Apple, Intel and Microsoft, said U.S. cloud providers are at a disadvantage unless online privacy and security laws are changed. If consumers aren't sure their information is being properly protected by U.S. firms on the remote, networked computer servers that make up the cloud, they'll take their business elsewhere.