It is Time for Congress to Update Law Governing Email and Data Privacy

Steve Sherman
|
Posted: Feb 27, 2016 12:01 AM
It is Time for Congress to Update Law Governing Email and Data Privacy

Congress held a hearing yesterday on “International Conflicts of Law Concerning Cross Border Data Flow and Law Enforcement Requests.”  Doesn’t that sound exciting? Who names these hearings?

It should’ve been something like this…Stop Looking At My Emails! Or Forget Hillary! I want my email privacy and I want it now!

Anyway, the official hearing on privacy laws in America touched on the sensitive subject of the proper balance between privacy and security.  The take away from the hearing is that Congress needs to do their job and update the Electronic Communications Privacy Act (ECPA).

How would you like it if an email, just six months old, had no privacy protection?

Currently, that is true. The ECPA standards for search warrants for electronic communications are horribly out of date.  The rules were written in a different tech era. Things change pretty fast in the world of tech. Without updating the laws, it is easy for the government to demand and get service providers to hand over consumer data. Your 6 month or 180 day old emails are fair game and have no privacy protection. Nobody in their right mind believes that an email that is just over six months old should have no privacy protections under the law. 

Just because email was invented doesn’t mean we should get rid of the 4th Amendment, but that’s how we’re acting. This law flies in the face of the supreme law of the land, the 4th Amendment to the Constitution that provides privacy protections to ones “persons, houses, papers and effects.” “Effects” is founding father lingo for “Email”.

Congress needs to do their job. I know that’s a lot to ask, and they’re not used to it, but now is the time. Their job is to update law when needed. It is desperately needed.

When Congress fails to do its job under Article I of the Constitution, the executive branch and the judicial branch will take over that role. Does that sound like a good idea to leave it up to the Obama Administration or a Supreme Court that is evenly divided and lacking the Scalia voice?

Right now electronic communications and the storage of data is governed by the ECPA, a law that was drafted in 1986.  Many things, like the mullet hairstyle and stone-washed jeans, that were cool in 1986 are not so hip now. AOL was still ruling dial up. Cell phones were in bags.

This law is so overdue for an update it’s scary. When it was written when Mark Zuckerberg of Facebook was in diapers and floppy disks stored data.

Rep. Ted Poe (R-TX) nailed it at the hearing.  Poe argued, “ECPA is 30-years old. It would seem to me that we have known for a long time that ECPA law needed to be reformed. Thirty years is long enough for Congress to finally pick a horse and ride it and make some choices and change it.” The reforms need to move in this Congress, because cases are winding up at the Supreme Court to interpret the 30-year old law in the context of the 4th Amendment.  That would not be necessary if Congress did their job.

Poe continued, “it should be Congress’ responsibility to set the standard of law, rather than letting the courts make the determination what the expectation of privacy is for citizens or corporations or let the Justice Department interpret the law as they see it … Congress needs to make these decisions and make it that law of the land.”  Congress sets the standard for the expectation of privacy and has the power under Article I to set the standard consistent with the Constitution.

Rep. Ken Buck (R-CO) added his two cents.  Buck asked a representative of the Justice Department “why would a country or citizens of any country or anybody do business with American corporations” knowing that the U.S. government could get their data. 

This is a real problem, because it puts American companies in a competitive disadvantage to domestic companies in other nations, because citizens will opt to stay away from storing data in American companies for privacy reasons.