In 1986 The American Banker defined E-mail as “a trademark of CompuServe,” Computerworld noted that sending a single message required a 10-minute phone call, and InfoWorld described “a pilot scheme that will allow users of one system to send messages to mailbox holders on another.” That was the year Congress enacted the Electronic Communications Privacy Act (ECPA), so it is hardly surprising that the once forward-looking law seems antiquated today.
In fact, ECPA is so out of date that it has left us vulnerable to government snooping in ways most Americans do not appreciate. A bill that was unanimously approved by the Senate Judiciary Committee in November aims to address that problem by requiring the government to obtain a warrant before reading people’s email.
Currently, ECPA requires a warrant for remotely stored messages only if they are unopened and less than six months old, a requirement based on the assumption that email would be kept on people’s personal computers except in transit. Other messages can be obtained with an administrative subpoena or a court order based on the claim that they are relevant to an investigation. By contrast, a warrant requires probable cause to believe that evidence of a crime will be discovered.
The amendments endorsed by the Senate committee, which are expected to be the starting point for ECPA reform in 2013, extend the warrant requirement to all email, adapting the statute to the era of cloud computing. The bill, introduced by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), also requires agencies to notify people whose email they seek within 10 days, although notice can be delayed for six months with a court’s permission in certain circumstances.
Unlike a bill Leahy proposed in 2011, the 2012 version does not address the requirements for obtaining geolocation data from cellphone companies. Because ECPA is unclear on that question, police often claim they can demand a record of a suspect’s whereabouts at will.