Yesterday, Congress introduced the Email Privacy Act (H.R. 387), which would update protections in the Electronic Communications Act (ECPA) to take account of citizens’ evolving use of technology and better align the law with consumers’ reasonable expectations of privacy in the contents of their email communications. Offered by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO), this bi-partisan bill simplifies the law and codifies practices currently employed by law enforcement agencies and companies; in most circumstances, the bill requires the government to obtain a warrant government in order to access to email content. The bill would reduce confusion for police, companies, and users, while bringing statutory protections for electronic communications into the modern era.
ECPA, originally passed in 1986, created standards for government access to the content of communications sent over telecommunications systems – it is the primary federal law governing law enforcement access to Internet traffic. Although ECPA was forward-thinking for its time, the developments of technology and communications in the 30 years since have greatly surpassed its scope and the effectiveness of its policy direction.
The Email Privacy Act makes several important updates. Under ECPA, the content of communications (including email) could be obtained without a warrant after 180 days. This provision may had been reasonable when online storage was expensive, email use was limited, and few American engaged in sensitive communications online. However, in light of the current use and storage of email communications as a typical and standard means of individual and organizational correspondence, there is no reason to reduce protections for those communications after six months. This update recognizes the central role of email messages in modern society, and ensures that individuals and organizations can maintain their communications in reasonable confidence – requiring law enforcement to obtain a warrant based on probable cause for access. The “probable cause” standard for requesting or accessing the content of such communications is consistent with other protections from arbitrary search; eliminating this “180-day rule” is an excellent and necessary improvement to existing law.
Likewise, previous Department of Justice interpretation of ECPA established a standard that “opening” an email removed it from warrant protection, even within the 180-day period. This is interpretation does not align with users’ current expectations given the common use of email for communication by and between individuals and organizations. The contents of email, like the contents of traditional hard-copy official correspondence, should always enjoy 4th Amendment protections. The Email Privacy Act appropriately reflects that standard, requiring the government to demonstrate probable cause before accessing emails – even when those messages have been opened by the recipient.
While the bill doesn’t include every improvement or reform that many advocates would like to see, it includes key and important requirements that make big steps forward in the protections the contents of electronic communications. Nothing in the bill affects existing requirements under the Wiretap Act, FISA, or any other current law. FPF joins numerous other privacy and advocacy organizations to urge immediate passage of the bill as introduced.