Will Your Old Emails Finally Get Fourth Amendment Protections?

Once again, legislation that would give American citizens better privacy protections for their emails has passed the House of Representatives, but we're going to have to see what happens in the Senate.

The Email Privacy Act aims to correct a flaw in federal Electronic Communications Privacy Act of 1986. Passed in the relatively early days of home computer use, it established a policy that private electronic communications held by third parties that were more than 180 days old could be accessed by law enforcement and government investigators without the need for a warrant. A subpoena delivered to the communication provider was enough. A law this old obviously preceded the arrival and dominance of private email communications, and tech privacy activists and tech companies have been pushing for reform. The way the system stands now can result in people having their old private communications searched and read by authorities without the citizen's knowledge.

The Email Privacy Act fixes some of these problems, though it doesn't fully resolve the controversy Under the act, officials will need to get actual warrants to access emails and online communications, which provides at least a little more judicial oversight. But the warrants are to the providers, not to the actual people who wrote and sent the communications. It will be up to companies to decide whether to pass along the news of the warrant to customers. Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, says that this is a flaw with the legislation. The original version of the bill required that government provide notice. Without that rule, the third-party provider can resist the warrant if they choose to, but the actual customer probably might not even know.

"If you don't have notice, you really can't effectively [challenge the warrant]," Singh Guliani said. The bill does permit third-party providers to let customers know about the administration of warrants, but also allows for the government to delay this information for 180 days under a handful of exceptions—if the target is a flight risk or may destroy evidence or otherwise compromise the investigation. And while some major tech and communication companies have fought back against orders to pass along data or to keep searches secret, Singh Guliani says we shouldn't have to be "reliant on the business practices of providers that can change over time to make sure people get the full protection of the Fourth Amendment."

Still, the compromise bill is better than the current rules. No representative voted against it last session of Congress, and it passed again yesterday by a voice vote. But while the bill enjoys popular bipartisan support in the House, the last attempt to get it passed hit disaster in the Senate. Senators attempted to meddle with the wording of the bill to weaken it or add other unrelated regulations. Sen. John Cornyn (R-Texas) attempted to add an amendment to expand the surveillance reach of secretive National Security Letters. Sponsoring senators ended up yanking the legislation from consideration.

The Senate sponsors last session were Mike Lee (R-Utah) and Patrick Leahy (D-Vermont). A representative from Sen. Lee's office said that he intends to co-sponsor the Senate version of the bill again this year, but it has not yet been introduced. This could be the first legislative test of whether increased privacy protections can make its way to and through a presidential administration openly hostile to limits on any sort of investigative or law enforcement authority (as we saw earlier today). President Donald Trump is hardly alone and he's not responsible for its previous problems, but it's nevertheless legislation that should not be struggling at all.

And a little bit of self-promotion: I'll be leading a panel discussion on the Fourth Amendment, tech privacy, and Congressional lawmaking in this March's South by Southwest (SXSW) conference. Singh Guliani will be one of our panelists. Check out the details here if you find yourself in Austin on March 10. Efforts like the Email Privacy Act will be part of the discussion.