A new bill introduced in the U.S. Senate on Tuesday by Sen. Patrick Leahy, D-Vt., calls for electronic surveillance reforms that would require law enforcement to have a probable-cause warrant before obtaining email or other online data, or tracking ongoing mobile activity, among other enhanced legal protections.
The legislation revises the 1986 Electronic Communications Privacy Act that gives law enforcement access to emails or other online data stored electronically for more than 180 days if they can show “reasonable grounds to believe” they would be useful to an investigation. The new proposal would require a court-ordered probable-cause warrant for the release of cloud-based data under most circumstances.
The bill requires law enforcement to alert suspects within three days of their data being accessed and gives service providers the opportunity to voluntarily disclose information that might be useful in the event of a cyberattack.
It’s a New Technology World
The key to the proposal is probable cause, said Gregory Nojeim, director of the Center for Democracy & Technology’s Project on Freedom, Security and Technology.
“That is the most important part — that they show probable cause. It erases arbitrary distinctions,” he told the E-Commerce Times.
In 1986, the law was not considered so invasive, since at that time emails were stored differently within servers, and cloud-based data backup and cellphones were not as common as they are today.
With the radically different technological landscape of 2011, however, the previous law has become “significantly outdated,” Leahy said.
One goal of the new bill is to get online consumers talking about their privacy rights, said Judiciary Press Secretary Erica Chabot.
“As Sen. Leahy made clear in his statement yesterday, we are hopeful that this legislation will continue to spur the discussion on ECPA reform,” she told the E-Commerce Times.
First Steps Toward Privacy Goals
The bill doesn’t tackle every online privacy threat. The use of National Security Letters — a provision under the Patriot Act that gives the FBI access to obtain personal information such as email contacts or a list of the most popular websites someone uses — is still intact.
If it should pass, the government could still obtain historical records of the location of a cellphone without a warrant, although the ability to track ongoing cell activity would require permission.
Still, the new legislation is a first step toward online privacy reform, something such groups as the Electronic Frontier Foundation, the Center for Democracy & Technology, and TechFreedom have all pushed for as an increasingly digital society learns to adapt to online security risks.
Many of those groups applauded the legislation on Tuesday, saying that while not perfect, the bill is a step in the right direction, and the time is right for its introduction.
“I think there’s going to be a lot of further discussion on this one, and it’s going to be very helpful legislation,” said Nojeim.
Future of the Bill
The bill’s chances of passing look good, said Chabot.
“We are hopeful that we will be able to secure some cosponsors,” she said.
Its supporters are working with an Obama administration that has called for more privacy for online consumers, but as of Wednesday, the White House had not reacted to the proposal.
The sweeping changes suggested by Leahy’s bill are original, according to Chabot.
“In the big umbrella that is cybersecurity and whatnot, it’s related, but I don’t think the proposals released from the administration last week contemplated the kinds of reforms included in the Leahy-authored bill,” she said.
The administration may not be 100 percent behind the legislation, said Nojeim, based on ideas the Department of Justice put forth in an April 6 hearing.
“Some of those ideas are not consistent with the Leahy bill. For example, they called on Congress to unify and clarify the legal perspective with online security, and the bill does that — but at probable-cause level. It’s not clear that’s what the justice department had in mind,” he noted. “They will certainly have something to say about the changes that are made.”
. . . Cloud Computing is a fad, dangerous and will eventually be scrapped for real "old fashioned" personal storage.