No Cops in the Cloud Without a Warrant

What do Google, Microsoft, AT&T, Intel, Americans for Tax Reform, ACLU, the American Library Association, the Competitive Enterprise Institute and the Electronic Frontier Foundation have in common?

They actually all agree that the law covering government access to today's sophisticated electronic communications is in desperate need of an update.

That law, the Electronic Communications Privacy Act (ECPA), was adopted when the Internet was in its infancy. The law was prescient for its time, setting out the rules for government access to electronic data. But technology has evolved rapidly since that time.

And there is a widespread view among major companies and trade associations, advocacy groups and think tanks from across the political spectrum that this critical privacy law needs to be updated in light of modern technology.

The diverse interests came together last week to propose principles to guide revision of the law and launch the Digital Due Process coalition (DPP).

The Law Has Not Kept Pace With Technology

When ECPA was adopted in 1986, the Web didn't exist, commercial access to e-mail was limited and only a select few Americans had mobile phones (large brick-shaped devices). No one knew how these new mediums would develop but the rules about government access to the information that would flow over them were murky, at best.

VIDEO: Google is in talks with China about ending censorship on internet searches.

Existing law only protected voice communications carried over a wire. Many believed that cellular phone calls and e-mail enjoyed no constitutional protection.

Congress enacted ECPA to fill that void and extend protection to wireless and Internet communications so that these new technologies would be trusted by consumers and therefore able to grow.

What followed was the great technology boom. Today, approximately three out of every four Americans are Internet users.

There are 277 million cell phones in use in the United States. Cloud computing is all the rage, and exciting new location-based technologies are becoming ubiquitous.

But the rules governing how, when and under what circumstances law enforcement can get access to the information generated by these services is frozen in a 1986 vision of technology.

So DDP is proposing a set of principles for law enforcement access that will safeguard end-user privacy, provide clarity for service providers and enable law-enforcement officials to conduct effective and efficient investigations. The recommendations focus on a handful of the most important issues that are arising daily under the current law.

Cloud Computing: Leveling the Privacy Playing Field

A document stored on a desk top computer is protected by the warrant requirement of the Fourth Amendment, but ECPA says that the same document stored with a service provider (in the "cloud") is accessible to the government with a subpoena (issued by prosecutors without a judge's approval).

It says the same thing about e-mail more than six months old. In other words, the mere fact that more and more people store their sensitive e-mail, documents, calendars and financial information in the Internet cloud instead of on their own computers means that more and more people enjoy less privacy than they used to.

Privacy protections should be technology neutral but today they are unnecessarily technology-specific.

  • 1
  • |
  • 2
  • |
  • 3
  • |
  • 4
Join the Discussion
blog comments powered by Disqus
You Might Also Like...