In fact, ECPA is so out of date that it has left us vulnerable to government snooping in ways most Americans do not appreciate. With the Senate Judiciary Committee considering possible fixes this week, now is a good time to reflect on how technological advances and misguided legal reasoning have eroded the Fourth Amendment guarantee against unreasonable searches of our "papers and effects," which nowadays take forms the Framers could not have anticipated.
Computerworld described ECPA as a law regulating "the interception of data communications, such as electronic mail and bulk data transfers, during transmission and while stored in a computer." According to a Senate report, the legislation was supposed to strike "a fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies."
Since ordinary paper mail and telephone calls have long enjoyed Fourth Amendment protection, you might think such a law would be unnecessary. But a series of Supreme Court decisions dealing with information held by third parties, including tax, bank and phone records, had left the constitutional status of email highly uncertain.
As a 1976 decision put it, "This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." This logic suggests we have no constitutional right to privacy in the personal data we routinely exchange and store via the Internet; hence the need for a statute like ECPA.
Recommended
But the law, written during a time of dial-up connections and expensive data storage, draws distinctions that no longer make sense now that people are online all the time and commonly keep years of messages, photos, contacts, calendars and word processing files on servers located hundreds of miles away. Under ECPA, for instance, law enforcement agencies must obtain a judicial warrant based on probable cause to read unopened, remotely stored email that is up to six months old. But they can look at email that has been opened or retained more than six months (i.e., anything important) simply by claiming it is "relevant and material to an ongoing criminal investigation."
As George Washington law professor Orin Kerr observes, ECPA "offers surprisingly low privacy protections when the government seeks to compel contents other than unretrieved communications held pending transmission for 180 days or less." In fact, depending on how the statute is interpreted, information stored online through services such as Gmail and Facebook, including a great deal of sensitive material that people do not intend to share with the world, may not be protected at all.
The law is also hazy on the question of whether police need a warrant, a court order, a subpoena or simply a whim to obtain geolocation data showing everywhere you and your cellphone have been. While the Supreme Court ruled in January that police need a warrant to track a suspect by attaching a GPS device to his car, it left unresolved the constitutionality of surveillance that does not require a physical trespass, as Justice Sonia Sotomayor noted in a concurring opinion.
Sotomayor suggested "it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties." Without such a reconsideration, more and more of what you thought was your private business will become an open e-book.
Jacob Sullum is a senior editor at Reason magazine. Follow him on Twitter: @jacobsullum. To find out more about Jacob Sullum and read features by other Creators Syndicate writers and cartoonists, visit the Creators Syndicate Web page at www.creators.com.
COPYRIGHT 2012 CREATORS.COM
Join the conversation as a VIP Member