Senate Judiciary Committee Unanimously Approves Warrant Requirement for Email

Yesterday the Senate Judiciary Committee unanimously approved amendments to the Electronic Communications Privacy Act (ECPA) that require the government to obtain a search warrant before looking at people's remotely stored email, regardless of whether the messages have been opened or how old they are. As I noted in my column this week, ECPA currently requires a warrant only for unopened messages up to six months old; the rest can be accessed through court orders or administrative supboenas based on the claim that they are relevant to an investigation, as opposed to the warrant standard of probable cause to believe they contain evidence of a crime. This distinction, based on the assumption that people download email to their own computers and that copies on servers are made only to facilitate transmission, is so clearly out of date that it is impossible to justify.

Still, I am surprised that no one voted against the changes, which were introduced by the committee's chairman, Patrick Leahy (D-Vt.). In particular, Charles Grassley of Iowa, the ranking Republican on the committee, had expressed concern that the warrant requirement would impose an unreasonable burden on law enforcement agencies. Grassley proposed an amendment that would have allowed warrantless access to email "for purposes of investigating a crime involving child abduction or kidnapping, child pornography, or a violent crime against a woman." It was defeated by a vote of 11 to 6. 

Another amendment, by Leahy himself, lengthened the amount of time that an agency can delay notice to someone whose email it seeks from three to six months, presumably in response to complaints from people like Grassley. Then a third amendment, by John Cornyn (R-Texas), limited that extension to law enforcement agencies. Ordinarily notice would be required within 10 days, but the court issuing the warrant could approve a delay based on concerns that notification may result in "endangering the life or physical safety of an individual," "flight from prosecution," "destruction of or tampering with evidence," "intimidation of potential witnesses," or "otherwise seriously jeopardizing an investigation or unduly delaying a trial." Notably, the six-month delay permitted for law enforcement agencies is twice as long as the delay currently allowed and much longer than the one recommended by George Washington law professor Orin Kerr in his widely cited 2004 guide to ECPA reform:

The current ninety-day delay period is simply too long. In all but very unusual cases, ninety days of delay is a period out of proportion to the legitimate law enforcement interests in delay articulated in § 2705(a)(2). It may be reasonable for law enforcement to have a thirty-day delay of notice if they are investigating a crime and the notice may tip off the suspect. The thirty-day period gives the police time to assess the evidence, pursue leads, and indict the target if necessary. But in most cases, giving the government ninety days serves no legitimate purpose, especially given that courts can grant extensions of delayed notice for additional periods if circumstances warrant. Shortening the delay period would still allow the government to delay notice for legitimate reasons but would help ensure that notice delayed does not become notice denied. 

Yet Leahy claims doubling the delay is necessary "to help with sensitive law enforcement investigations."

Unlike an ECPA reform bill that Leahy proposed last year, this one does not address the requirements for obtaining geolocation data from cellphone companies, leaving police free to claim that they can demand a record of your whereabouts at will. The legislation, which amends a bill already approved by the House, is not likely to be enacted during this session but presumably will be the starting point for ECPA reform next year.