ECPA

The Supreme Court today unanimously upheld a 1987 decision that recognized the workplace privacy rights of government employees in its decision on the case of City of Ontario, California v. Quon. 

The case involved the use of text pagers issued to officers by the city police department.  When one officer consistently went over the allotted limit on messages, his supervisors obtained stored text messages from the service provider and found that many were personal, not work-related.  The officer claimed that the search violated the Fourth Amendment.  The Supreme Court held that the police department's actions were reasonable, and thus did not violate the constitutional rights of the police officer.

However, what is significant about the Supreme Court's opinion is what did not happen.  Faced with an opportunity to curtail workplace privacy (or electronic privacy generally), the Court noted, applying a 1987 precedent, that government employees generally retain their Fourth Amendment privacy rights, and it assumed that government employees may have a reasonable expectation of privacy even in communications they send during work hours on employer-issued devices.  

CDT's Jim Dempsey today told a House congressional subcommittee that it's time to reform the Electronic Communications Privacy Act.  Although the act was a far-reaching statute when it was passed in 1986, advances in technology have outpaced the reach of the law.

Dempsey told the congressional panel:  "ECPA today is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for many service providers and law enforcement agencies alike.  Moreover, it provides inadequate protection for huge amounts of personal information."

Dempsey's testimony also outlined the three year effort by members of the Digital Due Process Coalition to craft a set of core principles for updating ECPA. 

The amazing technological advances that have taken place since ECPA became law "should not come at the price of privacy," Dempsey said. 

Last week the U.S. government dropped its demand that a federal magistrate force Yahoo! to fork over the contents of a user’s email account without a warrant. Although the government’s withdrawal is a victory for privacy in this case, it denies the court an opportunity to issue an opinion that could clarify this increasingly important, yet muddled, area of the law. The DOJ’s move highlights the need for Congressional action to protect privacy through a consistent set of rules

In its motion to compel, the Department of Justice (DOJ) claimed it did not need a probable cause warrant to obtain the emails because the Yahoo! accountholder had already read them. Instead, the DOJ argued, it needed only to show “specific and articulable facts” that the information was relevant to its investigation – known as a 2703(d) order. Courts disagree on whether the weaker 2703(d) standard is indeed sufficient in these circumstances.

Today, a CDT-led coalition issued recommendations to strengthen the Electronic Communications Privacy Act (ECPA), a key federal privacy law. The proposals address the rules for government access to some of Americans’ most sensitive data, including communications and documents stored in the Internet “cloud” and location information generated by mobile devices. Our goal is to preserve traditional privacy rights, ensure law enforcement has the capability to conduct investigations, and give industry a clear legal footing upon which it can innovate and better compete in the global marketplace.

The group – called Digital Due Process (DDP) – is remarkably diverse, drawing from major companies, individual subject matter experts and think tanks and advocacy groups across the political spectrum. In addition to CDT, the group’s membership includes Google and Microsoft, as well as ACLU, EFF and The Progress & Freedom Foundation.  The broad nature of the coalition reflects widespread consensus among the business and privacy communities that the laws on government access to electronic data need to be updated in light of modern technology.

For a detailed explanation of the principles put forth by the coalition for updating ECPA, please see the DDP website.

Two case studies for ECPA reform

CRS Report of the Month
# 98-326

The Congressional Research Service (CRS) has a new report entitled Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping.  It is a great primer for those interested in the issue.  You can get this and many other CRS reports via Open CRS, a service run by CDT to help distribute the non-confidential CRS products.

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch-and the reason you might not have read their work-is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can't request something they don't know exists. The CRS Reports currently rank first on CDT's Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing "CRS Report of the Week" posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress. Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping Report Number: 98-327 Date: September 02, 2008 Wiretapping and electronic eavesdropping laws are important knowledge for anyone concerned about privacy. This CRS Report offers a brief introduction to what the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA) actually mean. The report covers what is prohibited, the procedure for court ordered wiretapping (and how FISA is different), and the Protect America Act. The section on the history on the evolution of wiretapping is particularly interesting as it shows the piecemeal development of wiretap law.