Last week, Senator Leahy proposed detailed language to update the Electronic Communications Privacy Act (ECPA), the primary law governing privacy rights for stored email. ECPA is woefully outdated—it was passed in 1986 before cloud computing and archived email even existed—so this is great news. The language will be discussed by the Judiciary committee this week and then hopefully advance to the whole Senate for consideration.
Right now, ECPA doesn't always require a probable cause warrant to force service providers to turn over the contents of users' private emails, instant messages, and social networking messages. The government can compel the handover of email stored at a "remote computing service" with a so-called "D order" without showing probable cause. Nor does the government need a warrant if an email message is older than 180 days. This low threshold to electronic messages is in stark contrast to the fourth amendment protections for physical letters. Most troubling, the Justice Department has maintained that opened, read mail left in your mailbox (e.g., Gmail) falls completely outside of the privacy protections of the Stored Communications Act.