Updating Privacy Laws Good For Tech, Business and Diplomacy

Neil Siefring
|
Posted: Dec 09, 2015 12:01 AM
Updating Privacy Laws Good For Tech, Business and Diplomacy

Much of the news about Congress this year has centered around a lack of progress on legislative issues. But push past the headlines, and you will discover there is a bipartisan coalition in the House and Senate working on legislation to protect the electronic data of American citizens, give clear guidance to our law enforcement community on legal rules related to data in the cloud, and help bolster the American technology sector. The momentum behind this effort is about to get even stronger as a key House committee is poised to take action on this initiative.

The law on the books that addresses electronic data and communications is the Electronic Communications Privacy Act (ECPA), which dates from 1986. ECPA is simply not able to effectively address issues that could not be foreseen nearly 30 years ago, specifically the rise of the cloud. Data, including documents, spreadsheets, and emails, can now be stored far away from the owner of the data. In some cases, an individual can store their data in the cloud, and the server that hosts the data can be in another country. This isn’t generally an issue, unless, for example, American law enforcement wants to access that data from the foreign server.

Without clearer legal guidelines from Congress regulating this process, there could be significant consequences. First, there may be a chilling effect on the desire of people to store data on the cloud, since an outdated law could allow that data to be accessed by law enforcement in a matter it should not. Second, the American technology sector, which is leading the way in cloud computing, could be harmed by a lack of legal clarity, making it less competitive. Finally, the assertions of the American government about what it is entitled to access on servers overseas could continue to bring American law into conflict with the law of other nations. These consequences would be bad for privacy, technology, business, and diplomacy.

There is a way out of this morass that will also create a more organized legal and business structure for cloud data storage. Sen. Orrin Hatch (R-UT), Sen. Chris Coons (D-DE), and Sen. Dean Heller (R-NV) have joined with Rep. Tom Marino (R-PA-10) and Rep. Suzan DelBene (D-WA-1) to introduce the Law Enforcement Access to Data Stored Abroad (LEADS) Act. Introduced as S. 512 in the Senate and H.R. 1174 in the House, this legislation would address the challenges poised by a twentieth-century law being applied to a dynamic twenty-first century technology landscape.

The LEADS Act accomplishes this by requiring “law enforcement to obtain a warrant under the Electronic Communication Privacy Act (ECPA) to obtain the content of subscriber communications from an electronic communications or cloud computing service,” and it goes on to state that “an ECPA warrant does not compel production of data stored abroad, while providing an exception if the account holder whose content is sought is a ‘U.S. person.’”

The legislation would require a warrant for federal law enforcement to pursue an American’s information that is stored on a cloud server overseas. If the information being sought by the federal government isn’t associated with an American, then our government has to work with the foreign government where the server is housed to get the information. There is already a way to facilitate the process of working with foreign governments, know as mutual legal assistance treaty requests, to which the LEADS Act makes improvements.

The legislation is a realistic way to allow legal investigations to move forward, while respecting the laws of other nations, the rights of American citizens, and the need for businesses to operate in a framework of legal predictability.

Now the House is on the verge of taking action on the issues raised by the LEADS Act. Rep. Bob Goodlatte (R-VA-6), chairman of the House Judiciary Committee, in a statement last week, explained that the committee will “hold a separate hearing in the future on the issues surrounding law enforcement access to information located on servers outside the U.S. As with the broader topic of ECPA reform, that is an issue with many nuances that we need to carefully examine.”

The House sponsors of the LEADS Act, Rep. Marino and Rep. DelBene issued a statement expressing appreciation for this progress. They stated that, “Congress has failed to address questions about the extraterritorial reach of U.S. warrants that seek electronic evidence for too long. We have proposed a reasonable and simple fix within our bill. A full committee hearing is the best venue to explore these issues and potential solutions from an array of experts.”

A hearing on the issues raised by the LEADS Act will allow the American public, the House Judiciary Committee, and members of the House and Senate to further appreciate why the legislation is necessary. Congress is acting in a bipartisan, thoughtful, and deliberate way to meet the real challenges posed by evolving technology and an outdated law. This news should be making headlines.