Whether you read the Wikipedia page about the Electronic Communications Privacy Act of 1986 (ECPA), or you check out the full law as outlined by the US Dept of Justice, you will find that it is a very complicated read. In the end, the Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986.
The ECPA updated the Federal Wiretap Act of 1968, which addressed interception of conversations using "hard" telephone lines, but this did not apply to interception of computer and other digital and electronic communications. According to the Department of Justince, several subsequent pieces of legislation, including The USA PATRIOT Act, clarify and update the ECPA to keep pace with the evolution of new communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.
But in the end, this is an outdated law that makes it way too easy for literally hundreds of government agencies, from the IRS to local law enforcement, to access your private email.
The team at Hedgehog has been on the forefront of working to amend ECPA for well over three years now. We feel the the safeguards we would like to see in an ammended ECPA protect our clients' right to privacy. There is currently a bill moving through Congress right now that would fix many of the issues we feel are flawed with ECPA, and while no bill is perfect, we support thsi new bill, the Email Privacy Act.
Thirty years ago, when ECPA was enacted, it was a forward-looking statute addressing the new technologies of the time, including email and computer storage. However, while technology has advanced dramatically in the decades since ECPA was enacted, the statute’s privacy standards have not been updated. The Email Privacy Act (H.R. 699), which recently passed in the House by an overwhelming 419-0 vote, would finally bring the law that sets standards for government access to private internet communications into the 21st century. This act would:
- Require, with limited exceptions, that law enforcement obtain a warrant based on probable cause before searching and seizing the contents of emails, texts, and photographs stored in the cloud.
- It would remove the antiquated rule that emails that are older than 180 days or already opened can be obtained without a warrant.
We feel that this bill strikes the appropriate balance between privacy concerns and law enforcement needs. The reforms in the bill make certain that email content is protected by the Fourth Amendment and that law enforcement access requires a probable cause warrant.
The bill does not grant civil agencies warrantless "snooping" power, and any civil agency carve-out is strongly opposed by Hedgehog and the partners we work with. These carve-outs would grant agencies like the Internal Revenue Service (IRS), Environmental Protection Agency (EPA), Securities and Exchange Commission (SEC), and many more federal, state and local agencies new authority to demand a target’s emails from service providers like Hedgehog. Any such carve-out would undermine the very purpose of the bill by giving government broad new access to private communications at a much lower standard.
To that end we will continue to push for stronger measures to protect our clients' private data while working to educate law enforcement on how the technologies we provide to our clients can be acessed within the bounds of law.