digitaldueprocess.org Open in urlscan Pro
2606:4700:10::6816:4d45  Public Scan

Form analysis
1 forms found in the DOM

GET https://digitaldueprocess.org/

<form role="search" method="get" class="search-form" action="https://digitaldueprocess.org/">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search …" value="" name="s">
  </label>
  <input type="submit" class="search-submit" value="Search">
</form>

Text Content

DIGITAL DUE PROCESS

Modernizing Surveillance Laws For The Internet Age

 * Our Principles
 * Who We Are
 * Resources


ABOUT THE ISSUE

   
   
 * Home

ECPA Reform: Why Now?

The Electronic Communications Privacy Act (ECPA) was a forward-looking statute
when enacted in 1986. It specified standards for law enforcement access to
electronic communications and associated data, affording important privacy
protections to subscribers of emerging wireless and Internet technologies.
Technology has advanced dramatically since 1986, and ECPA has been outpaced. The
statute has not undergone a significant revision since it was enacted in 1986 –
eons ago in Internet time.

As a result, ECPA is a patchwork of confusing standards that have been
interpreted inconsistently by the courts, creating uncertainty for both service
providers and law enforcement agencies. ECPA can no longer be applied in a clear
and consistent way, and, consequently, the vast amount of personal information
generated by today’s digital communication services may no longer be adequately
protected. At the same time, ECPA must be flexible enough to allow law
enforcement agencies and services providers to work effectively together to
combat increasingly sophisticated cyber-criminals or sexual predators.

The time for an update to ECPA is now. Privacy advocates, trade associations,
think tanks, legal scholars, start-ups, and major Internet and communications
companies have developed consensus around the notion of a core set of principles
intended to simplify, clarify, and unify the ECPA standards; provide clearer
privacy protections for subscribers taking into account changes in technology
and usage patterns; and preserve the legal tools necessary for government
agencies to enforce the laws and protect the public.

Changes in Technology Have Outpaced the Law

Justice Brandeis famously called privacy “the most comprehensive of rights, and
the right most valued by a free people.” Of course, privacy must be balanced
against other societal interests. Electronic communications and associated data
can provide key evidence in the investigation of many crimes, and the assistance
of service providers is often necessary to access such evidence. With respect to
communications privacy and law enforcement investigations, the courts and
Congress have sought to develop rules for government surveillance that balance
three interests: the individual’s constitutional right to privacy, the
government’s need for tools to conduct investigations, and the interest of
service providers in clarity and customer trust.

Since enactment of ECPA, there have been fundamental changes in communications
technology and the way people use it, including –

 * Email: Most Americans have embraced email in their professional and personal
   lives and use it daily for confidential communications of a personal or
   business nature. Because of the importance of email and unlimited storage
   capabilities available today, most people save their email indefinitely, just
   as they previously saved letters and other correspondence. The difference, of
   course, is that it is easier to save, search and retrieve digital
   communications. Many of us now have many years worth of stored email.
   Moreover, for many people, much of that email is stored on the computers of
   service providers.

 * Mobile location: Cell phones and mobile Internet devices constantly generate
   location data that supports both the underlying service and a growing range
   of location-based services of great convenience and value. This location data
   can be intercepted in realtime, and is often stored in easily accessible logs
   files. Location data can reveal a person’s movements, from which inferences
   can be drawn about activities and associations. Location data is augmented by
   very precise GPS data in many devices.

 * Cloud computing: Increasingly, businesses and individuals are storing data
   “in the cloud,” with potentially huge benefits in terms of cost, security,
   flexibility and the ability to share and collaborate.

 * Social networking: One of the most striking developments of the past few
   years has been the remarkable growth of social networking. Hundreds of
   millions of people now use social media services to share information with
   friends and as an alternative platform for private communications.

In the face of these developments, ECPA does not provide protection suited to
the way technology is used today:

 * Conflicting standards and illogical distinctions:ECPA sets rules for
   governmental access to email and stored documents that are not consistent. A
   single email is subject to multiple different legal standards in its
   lifecycle, from the moment it is being typed to the moment it is opened by
   the recipient to the time it is stored with the email service provider. To
   take another example, a document stored on a desktop computer is protected by
   the warrant requirement of the Fourth Amendment, but ECPA says that the same
   document stored with a service provider may not be subject to the warrant
   requirement.

 * Unclear standards: ECPA does not clearly state the standard for governmental
   access to location information.

 * Judicial criticism: The courts have repeatedly criticized ECPA for being
   confusing and difficult to apply. The Ninth Circuit in 2002 said that
   Internet surveillance was “a confusing and uncertain area of the law.” In the
   past 5 years, no fewer than 30 federal opinions have been published on
   government access to cell phone location information, reaching a variety of
   conclusions.

 * Constitutional uncertainty: The courts have been slow to address the
   application of the Fourth Amendment to new services and information. So far,
   among the regular federal appellate courts, only the Sixth Circuit has held
   that the Constitution protects stored email (Warshak), while the Ninth
   Circuit has held that there is a Constitutional privacy right in stored text
   messages (Quon). The Supreme Court has ruled that prolonged tracking with a
   GPS device is a search under the Fourth Amendment, but it has not yet ruled
   on use of cell tower data for tracking over time.

This murky legal landscape does not serve the government, customers or service
providers well. Customers are, at best, confused about the security of their
data in response to an access request from law enforcement. Companies are
uncertain of their responsibilities and unable to assure their customers that
subscriber data will be uniformly protected. The current state of the law does
not well serve law enforcement interests either, as resources are wasted on
litigation over applicable standards, and prosecutions are in jeopardy should
the courts ultimately rule on the Constitutional questions.

The solution is a clear set of rules for law enforcement access that will
safeguard end-user privacy, provide clarity for service providers, and enable
law enforcement officials to conduct effective and efficient investigations.

Guiding Principles for ECPA Reform

The overarching goal of our ECPA reform principles is to balance the law
enforcement interests of the government, the privacy interests of users, and the
interests of communications service providers in certainty, efficiency and
public confidence.

We are guided by the following concepts:

 * Technology and Platform Neutrality: A particular kind of information (for
   example, the content of private communications) should receive the same level
   of protection regardless of the technology, platform or business model used
   to create, communicate or store it.

 * Assurance of Law Enforcement Access: The reform principles would preserve all
   of the building blocks of criminal investigations – subpoenas, court orders,
   pen register orders, trap and trace orders, and warrants – as well as the
   sliding scale that allows the government to escalate its investigative
   efforts.

 * Equality Between Transit and Storage: Generally, a particular category of
   information should be afforded the same level of protection whether it is in
   transit or in storage.

 * Consistency: The content of communications should be protected by a court
   order based on probable cause, regardless of how old the communication is and
   whether it has been “opened” or not.

 * Simplicity and Clarity: All stakeholders – service providers, users and
   government investigators – deserve clear and simple rules.

 * Recognition of All Existing Exceptions: Over the years, a variety of
   exceptions have been written into the ECPA, such as provisions allowing
   disclosures to the government without court orders in emergency cases. These
   principles should leave all those exceptions in place.

Rather than attempt a full rewrite of ECPA, which might have unintended
consequences, our recommendations focus on just a handful of the most important
issues – those that are arising daily under the current law: access to email and
other private communications stored in the cloud, access to location
information, and the use of subpoenas to obtain transactional data.

Our principles do not seek to answer all questions or concerns about ECPA.
Though members of the coalition may differ on the specifics, and some individual
members would support additional changes, we all agree that these principles
provide a framework for opening a public dialogue on the issue.

Specific Background on ECPA Reform Principles

1. The government should obtain a search warrant based on probable cause before
it can compel a service provider to disclose a user’s private communications or
documents stored online.

 * This principle applies the safeguards that the law has traditionally provided
   for the privacy of our phone calls or the physical files we store in our
   homes to private communications, documents and other private user content
   stored in or transmitted through the Internet “cloud”– private emails,
   instant messages, text messages, word processing documents and spreadsheets,
   photos, Internet search queries and private posts made over social networks.

 * This change was first proposed in bi-partisan legislation introduced in 1998
   by Senators John Ashcroft and Patrick Leahy. It is consistent with appeals
   court decisions holding that emails and SMS text messages stored by
   communications providers are protected by the Fourth Amendment, and is also
   consistent with the leading legal scholarship on the issue.

2. The government should obtain a search warrant based on probable cause before
it can track, prospectively or retrospectively, the location of a cell phone or
other mobile communications device.

 * This principle addresses the treatment of the growing quantity and quality of
   data based on the location of cell phones, laptops and other mobile devices,
   which is currently the subject of conflicting court decisions; it proposes
   the conclusion reached by a majority of the courts that a search warrant is
   required for real-time cell phone tracking, and would apply the same standard
   to access to stored location data.

 * A warrant for mobile location information was first proposed in 1998 as part
   of the bipartisan Ashcroft-Leahy bill. It was approved 20 to 1 by the House
   Judiciary Committee in 2000.

3. Before obtaining transactional data in real time about when and with whom an
individual communicates using email, instant messaging, text messaging, the
telephone or any other communications technology, the government should
demonstrate to a court that such data is relevant to an authorized criminal
investigation.

 * In 2001, the law governing “pen registers and trap & trace
   devices”—technologies used to obtain transactional data in real time about
   when and with whom individuals communicate over the phone—was expanded to
   also allow monitoring of communications made over the Internet. In
   particular, the data at issue includes information on who individuals email
   with, who individuals IM with, who individuals send text messages to, and the
   Internet Protocol addresses of the Internet sites individuals visit.

 * This principle would update the law to reflect modern technology by
   establishing judicial review of surveillance requests for this data based on
   a factual showing of reasonable grounds to believe that the information
   sought is relevant to a crime being investigated.

4. Before obtaining transactional data about multiple unidentified users of
communications or other online services when trying to track down a suspect, the
government should first demonstrate to a court that the data is needed for its
criminal investigation.

 * This principle addresses the circumstance when the government uses subpoenas
   to get information in bulk about broad categories of telephone or Internet
   users, rather than seeking the records of specific individuals that are
   relevant to an investigation. For example, there have been reported cases of
   bulk requests for information about everyone that visited a particular web
   site on a particular day, or everyone that used the Internet to sell products
   in a particular jurisdiction.

 * Because such bulk requests for information on classes of unidentified
   individuals implicate unique privacy interests, this principle applies a
   standard requiring a showing to the court that the bulk data is relevant to
   an investigation.

Search for:
 * Our Principles
 * Who We Are
 * Resources

RECENT POSTS

 * Senate Judiciary Panel Votes to Require Warrants for Police Email Searches
 * Senate Judiciary Committee approves electronic privacy bill
 * Updating an E-Mail Law From the Last Century
 * Law Requiring Warrants for E-Mail Wins Senate Committee Approval

WordPress Theme | Total by Hash Themes