State legislatures had a busy week passing electronic privacy laws. Will Congress follow?
First, the Texas legislature unanimously passed HB 2268, which requires state law enforcement to obtain a search warrant before accessing emails and other forms of electronic communications content from service providers. This law is necessary because the federal Electronic Communications Privacy Act ("ECPA")—which most state electronic privacy laws are modeled after—hasn't kept up with changes in technology. First enacted in 1986, ECPA allows law enforcement to bypass the warrant requirement to obtain the contents of communications that have been in electronic storage for more than 180 days. This archaic dividing line makes no sense in an age where people store emails and other documents in their inboxes and in the cloud forever. And as the Sixth Circuit Court of Appeals ruled in 2010 in United States v. Warshak, a nonwarrant requirement violates the Fourth Amendment's prohibition against unreasonable searches.
We've repeatedly asked Congress to update ECPA to bring it in line with the 21st century and despite a number of false starts, it seems real ECPA reform could happen in 2013. Even the Department of Justice recently indicated before a congressional committee that a warrant requirement made sense. But rather than wait on the sidelines for Congress to pass ECPA reform, Texas stepped up and passed privacy protection on its own. And its not the only state to do so. EFF sponsored similar legislation in California, SB 467, that recently passed the California Senate 33-1 and is set to be heard by the Assembly's Public Safety Committee on June 11.