Finally, We Might Be on the Verge of Email Privacy Reform
The House of Representatives unanimously passed The Email Privacy Act on Wednesday, a bill that would require law enforcement to obtain a search warrant before asking technology companies turn over your emails.
As of today, a warrant is not required to access emails stored online for more than 180 days, which applies to the vast majority of people’s emails—it’s common to keep correspondence stored in webmail for years. (We all do it.) That means law enforcement are required to satisfy a lower standard of legal reasoning to read your webmail than if you printed your email and stored it in a desk drawer.
The law that governs email privacy in the United States hasn’t been updated since 1986, but thanks to the efforts of a coalition of advocates and technology companies, like Google, Microsoft, and Etsy, that have been working together since 2010, the thirty year old email privacy statute may finally get an update.
The unanimous passage by a Republican-controlled House bodes well for the bill’s chances in the Senate, say cautiously optimistic experts. In fact, a bi-partisan team has introduced a Senate version that already has over 25 co-sponsers, with Senators Mike Lee (R-Utah) and Patrick Leahey (D-Vermont) carrying the torch. While this is the third year in a row versions of an updated email privacy bill have been introduced in both the House and the Senate, this is the first time a House version passed with zero opposition.
“It is long past time to reassure the American people that their online communications are protected from warrantless searches,” Senators Lee and Leahy said in a joint statement. And the House vote shows that the Email Privacy Act “is that rare bill that garners support from the full range of the political spectrum, and that can become law even in an election year,” they continue.
Warrants for the Cloud
Under the current law, police need a subpoena to access communications that are stored online, which only requires law enforcement to provide reasonable suspicion, a much lower standard than the probable cause that must be shown in order to obtain a search warrant.
“The fact is that today a lot of your content is not stored just by you anymore. A lot of your content is stored by other companies that provide you with email service; it’s stored in their cloud,” said Neema Singh Guliani, legislative counsel with the ACLU, one of the groups that is working to pass the bill.
The new bill (an earlier version for which, full discloser, the author once helped co-write an endorsement as an advocate with the EFF) would require a warrant for law enforcement to access content stored in the cloud, “that includes emails, text messages, documents, photos, spreadsheets, or a Facebook message you sent to somebody,” Guliani explained. If you backup your phone to the cloud, with the law that’s currently in effect, “instead of going to you and saying ‘Hey, I want your phone and give me everything that’s on it — cops go to Apple and say ‘I want what’s in the could; give me everything that’s in the cloud,” says Guliani.
Ready For the Senate
The Email Privacy Act would change that, but only if it’s passed in the Senate, too, where its first stop will be the Senate Judiciary Committee, currently headed by by Republican Chairman Chuck Grassley. His office didn’t respond to WIRED’s request for comment, but 2016 won’t be the first time Senator Grassley has looked at email privacy reform while sitting in the Judiciary Committee.
The committee held a hearing last year about the current state of email privacy law, noting at the time that the 1986 statute that is still in place today “hardly makes sense” and in 2013 Grassley agreed to move a proposed update to the email privacy law out of committee, although it never made it to the Senate floor for a vote.
“What remains to be seen is whether not just Grassley, but leadership in the Senate makes this a priority,” Gulliani clarified. With such an overwhelming majority in the House, Gulliani adds that, “in a way this bill almost low hanging fruit.”
And in a deadlocked Senate, where previous attempts this year to enact surveillance legislation were widely mocked as “technically illiterate,” passing the Senate version of the Email Privacy Act could provide a rare moment for Congress to prove its ability to do something constructive together that has the broad support of industry and public advocates alike.
“Certainly the House’s vote is a powerful statement,” said Chirs Calabrese, Vice President of the Center for Democracy and Technology. “You don’t get any more clear declaration that the House thinks that something is important and deserves immediate action than a 419-0 vote.”
The version of the Email Privacy Act that passed in the House, however, wasn’t without concessions. For one, the bill does not require people be notified if the government approaches an email provider with a warrant, a provision that was stripped from the original version of the bill, which in that iteration had amassed a super majority of 314 co-sponsors.
“We had been gradually pushing for co-sponsors in the House for two Congresses,” noted Calabrese. But even the agencies who had opposed the email privacy update and “felt like this was a power that would be taken away from them were forced to testify in multiple hearings last year that they hadn’t used outdated email privacy authority in five years,” Calabrese continued.
If The Email Privacy Act doesn’t pass the Senate this session, it’ll be back to the drawing board for the companies and civil society organizations who worked to propel the unanimous passage in the House. They’ll have to reintroduce the bill again in both Congressional bodies.
Still, advocates feel hopeful about the unanimous vote, which is one of the strongest signals that Congress is serious about privacy reform since the Snowden revelations of 2013.
“Even when you want to name a Post Office you tend to at least get a couple of people in Congress who don’t like it,” reflected Guliani.
See the original post: