By Representatives Tom Graves, Kevin Yoder, and Jared Polis
As with so many significant privacy violations of late by government agencies -- from the NSA to the IRS -- it's become clear that technology has far outpaced law. Federal laws meant to protect our Fourth Amendment right "to be secure in [our] persons, houses, papers and effects, against unreasonable search and seizure" do not adequately cover Americans' property online.
Especially email. Under current statute, government agencies such as the IRS, DHS, SEC and many others are allowed to access emails and other private communications older than 180 days without obtaining a search warrant or demonstrating probable cause that a crime has been committed.
How is it possible that government can claim this authority, accessing our most intimate "soft" communications -- but not, say, a "hard" letter lying around our houses?
The reason is the Electronic Communications Privacy Act (ECPA). Originally intended to protect -- not violate -- the privacy of our digital communications, this act set standards for government access to private information (such as emails, private photos, documents) transmitted and stored on the internet with an online service provider.
But ECPA was passed in 1986. Twenty-seven years ago, most Americans did not have a home computer or an email account. They did not all carry cell phones. "Facebook" described only the hardbound photo books of university freshmen and "Twitter" was an adjective used to describe the chattering of birds -- such social networking sites did not even exist.
Whether they occur online or offline, our private communications should be protected. And that's why we, a bipartisan group of representatives -- Kevin Yoder (R-Kansas), Tom Graves (R-Georgia), and Jared Polis (D-Colorado) -- have come together to introduce the Email Privacy Act. We've already gained a bipartisan group of 94 co-sponsors, and are pleased to join with our colleagues in the Senate, Senators Patrick Leahy and Mike Lee, who are pushing companion legislation that would modernize the ECPA.
Simply put, this bipartisan legislation would affirm what most Americans already assume -- and have every constitutional right to believe -- that their privacy is protected from unwarranted government intrusion.
The Email Privacy Act updates legislation written in a time when server storage was limited. Back then, an email user was expected to permanently download his or her email locally from a server for reading, response, and long-term storage. So the 180 day rule made sense, because email left on a server for that long could be reasonably viewed as abandoned. But that's not the case today with people accessing and storing years and years worth of email through third-party servers.
Fundamentally, the Email Privacy Act would ensure that the Fourth Amendment protections Americans already have for mail, phone calls, and other paper/ hard documents are extended to their soft communications too. Specifically, our legislation updates ECPA by strengthening privacy protections for electronic communications stored by third party service providers such as Amazon, Dropbox, Facebook, Google, Yahoo, and countless other cloud services. If government agencies want to obtain any of these communications, they would first need to obtain a warrant from a judge -- not their self-anointed authority.
The constitution prohibits the government from accessing personal files stored in a cabinet or letters sent through the mail without a warrant. When the telephone was introduced into mainstream culture, our laws changed to protect the privacy of calls using such technology. But even though email is ubiquitous today, such electronic communications don't have the same privacy protections as the -- arguably far less used! -- mail and landline phones do.
This is a real issue and must be addressed; Congress needs to act now to update our laws through the Email Privacy Act and reign in any overreaching by government agencies. It's ironic that we have benefitted tremendously from technological innovations and advancements such as smartphones and always-connected networks but that our laws have not kept pace with the privacy realities of the 21st century.
Still, Americans deserve to have a reasonable expectation of privacy despite what the NSA, IRS, or other government agencies believe.