Time for the ECPA to Get an ’80s-Style Remake | Commentary

Posted January 28, 2015 at 12:38pm

The 1980s were a decade to remember. Advancements in the ’80s became the foundation for many of the technologies that have become a part of our daily lives — wireless phones, video game consoles and, of course, the foundations of the Internet. And just like our favorite ’80s TV shows are remade into new movies (such as “Transformers” and “The A-Team”) let’s add a 28-year-old online privacy law deserving of a remake too: the Electronic Communications Privacy Act.

The ECPA, which was passed in 1986, set standards to restrict government access to private communications. But in the nearly 30 years since, this law has shown it has loopholes that expose some private data of American citizens.

When the ECPA was conceived, IBM introduced the first laptop (at 22 pounds, with just 256K of RAM), there was no Facebook and the first Web browser was still four years away. Moreover, the idea of storing your email on servers for six months was unheard of, since we downloaded our email regularly. Essentially, lawmakers created a law that fit the 1980s, but was not a fit for today.

Due to some of the ECPA’s anachronistic aspects, courts have issued inconsistent interpretations, creating uncertainty for service providers, law enforcement agencies and for millions of Americans who use the Internet in their personal and professional lives.

The most obvious sign that the ECPA is from a bygone era? According to some courts, it allows governments to get your email correspondence without a warrant if that email is more than 180 days old. Does this match with your expectations of privacy from government access?

As we celebrate Data Privacy Day this week, let’s try bringing the ECPA back to the future. Sens. Mike Lee, R-Utah, and Patrick J. Leahy, D-Vt., understand the need for ECPA modernization and are expected to soon introduce the ECPA Amendments Act.

Their bill would make it clear the government must obtain a warrant — except in emergencies or under other existing exceptions — in order to access emails, text or private communications stored by a service provider on the behalf of its users. In other words, whether stored on your home computer or in the cloud, your data will be given the privacy protections we all expect.

Further, the bill would provide certainty for American businesses developing innovative new services and competing in a global marketplace. It would implement a core principle supported by Digital Due Process, a broad coalition of companies, privacy groups, think tanks, academics and other groups.

Reforming the ECPA and enhancing privacy has been a priority of industry, privacy advocates, and lawmakers such as Leahy and Lee. As technology has evolved and online communications replace phone calls, there is nothing more private than our email communications, documenting everything in both our personal and professional lives.

Unfortunately, current law makes your email correspondence more than just your business. It can also be the government’s business without so much as a showing of just cause. There is extraordinary consensus for ECPA reform — now.

While we do not yet have the flying cars predicted in “Back to the Future,” we have a robust online ecosystem that deserves an ECPA based on today’s privacy expectations, not those of an era of Flock of Seagulls and scrunchies.

Steve DelBianco is the executive director of NetChoice. Want More Stories Like This? Subscribe to our Thought Leaders Newsletter.