Bipartisan legislation, introduced in both Houses of Congress, seeks to modernize the wholly inadequate and outdated Electronic Communications Privacy Act (ECPA). The rules regulating government surveillance and information gathering are obsolete and in dire need of reform. Americans believe—rightly—their privacy rights are not properly protected from government infringement.
Enacted in 1986, the ECPA is the major federal statute that regulates electronic surveillance and data gathering, and it does not sufficiently address the challenges presented by modern day computing. The ECPA was designed to protect the privacy of electronic communications, and in the mid-1980s, many of the issues of today’s interconnected world could not have been anticipated.
The Law Enforcement Access to Data Stored Abroad (LEADS) Act amends the ECPA by bringing into the Twenty-first Century the rules determining how U.S. authorities can gain access to electronic data. On the international level, LEADS mandates that U.S. agencies cannot use search-warrants to compel the disclosure of an individual’s content stored outside the United States unless the account holder is an American citizen (or U.S. person). It clarifies how U.S. authorities can access data held overseas by settling questions of jurisdiction and transparency. What’s more, the reform legislation will make stronger the international process of MLATs (Mutual Legal Assistance Treaties) through which governments obtain evidence in criminal investigations. Simply, LEADS will thwart government overreach into personal data stored on U.S.-corporation servers abroad.
On the national level, the LEADS Act would make documents and material stored in the cloud subject to the same search-warrant requirements as a user’s personal property. LEADS is a significant step toward protecting due process and privacy rights by extending Fourth Amendment protections to data stored by commercial services (or cloud storage).
The need for reform is clearly validated in Microsoft v. United States. The Department of Justice (DOJ) swayed a federal court to issue a warrant forcing Microsoft to turn over data it had stored in Ireland. With cloud computing, data can readily be stored in foreign countries. Microsoft maintains that for the federal government to obtain data in a foreign country, it must go through the MLAT process between that country and the United States.
The Microsoft case demonstrates that the current legal regime cannot keep pace with changing technology. Real reform to both the ECPA and the MLAT process is needed now. European governments are threatening to ban American-cloud service providers over alarm that their citizens’ data is not properly safeguarded by companies within reach of U.S. law enforcement. Such a scenario would stifle economic growth and be a devastating blow to the American innovation sector.
Twentieth Century law should not be governing Twenty-first Century technology. The two-part aim of LEADS is simple and reasonable: 1) LEADS will make certain that data stored in the cloud must receive the same legal protections as data stored in our homes (Fourth Amendment protection from unreasonable searches and seizures). 2) LEADS will update and strengthen the Mutual Legal Assistance Treaty process.
The LEADS Act is good for our allies; good for business; good for security; and good for privacy.