The government is re-examining how laws in the physical world should translate to the digital world. Currently, this is guided by the Electronic Communications Privacy Act (ECPA) of 1986, yet major changes in technology raise questions the ECPA is unable to address.
Governing the Web and digital communications is extremely difficult, as any law will have a rippling affect. Amending the ECPA could affect not only law enforcement access to information, but also digital privacy, innovation, and cybersecurity. The Senate Committee on the Judiciary held a hearing on amending the ECPA on April 6.
“Determining how best to bring this technology law into the digital age could be one of Congress’s greatest challenges,” said Patrick Leahy, chairman of the Senate Committee on the Judiciary, in a Senate webcast.
The ECPA sets laws on protecting digital privacy and governs law enforcement access to digital communications. Having helped write the act, Leahy stated it “has become outdated by vast technological advances,” and while “we know it has to be updated, the difficult part is exactly how do we do it.”
There is currently no proposed legislation on EPCA. Leahy, however, laid down several standards that should act as its core: it should balance privacy rights, public safety, and security; while also encouraging American innovation.
When it all boils down, the world is still figuring out how laws in the physical world should translate to the digital realm. The Internet has only been around for close to 20 years, yet its rapid global adoption has outrun current laws.
Until recently, the Internet was comparable to the Wild West—lawless and ripe with outlaws, yet offering a goldmine for innovation. How to govern it, and how deep this governance should run, are under heavy debate.
Rights groups largely agree the quarter-century-old EPCA needs updating, yet have voiced concern over what revisions may entail.
"Major decisions regarding the future architecture of cloud computing are being made right now," states an open letter to Leahy from nine rights organizations and think tanks. Among them are the Washington Policy Center, FreedomWorks, and the Center for Financial Privacy and Human Rights.
They state that any changes should stay within the Fourth Amendment. “Among the chief causes of the American Revolution was widespread outrage at the use of ‘general warrants’ and ‘writs of assistance’ by British officers to conduct searches and seizures without judicial oversight,” states the letter.
“The Fourth Amendment’s protection of the ‘right of the people to be secure … against unreasonable searches and seizures’ is the crown jewel of our constitutional liberties and our greatest bulwark against tyranny,” it states.
Staying within the Fourth Amendment means that law enforcement will need to have a search warrant to access private data, as well as before it can track someone’s location by their mobile device.
When the ECPA was enacted, it largely protected these rights, yet new technology changes that. Since electronic data can be stored outside the United States, it also can lose its lawful protection. Mobile phones are also able to detect the location of users.
According to the letter, if Congress does not reform the ECPA, Web-based services may end up on servers outside the United States. “Not only would this harm U.S. competitiveness, it could also, ironically, deny U.S. law enforcement access to cloud data—even with a lawful warrant,” states the letter.
As stated by Leahy and the open letter, the current ECPA is “confusing,” and new technologies have created unintended loopholes.
Digital rights organization, the Electronic Frontier Foundation, expressed similar concerns in March 2010.
"The federal law protecting Internet and telephone users' privacy was written nearly 25 years ago, which is eons ago in 'Internet time,'" said EFF Senior Staff Attorney Kevin Bankston, in a press release.
"When it comes to privacy, EFF has had its disagreements with fellow Digital Due Process members such as Google and AT&T. But this diverse coalition of privacy advocates and Internet companies agree on at least one thing: the current electronic privacy laws are woefully outdated and must be updated to provide clear privacy protections that reflect the always-on, location-enabled, Web 2.0 world of the 21st century," Bankston said.