Legislation Requiring a Warrant for Email Access Stalled

Posted December 14, 2015 at 4:48pm

A bill that would require warrants for government access to emails is the most popular piece of bipartisan legislation in this Congress, drawing more than 300 co-sponsors and support from tech giants such as Google. Many had hoped it would pass without a hitch.

But the momentum appears to have stalled due largely to a House committee chairman, federal agencies and law enforcement officials who want exceptions to the requirement. These roadblocks could further delay the measure from becoming law.

The Email Privacy Act (HR 699) has support from a range of tech companies and attracted the highest number of co-sponsors of any bill this session, but opponents told lawmakers earlier this month at a packed House Judiciary hearing that obtaining a warrant could impede investigations unless there are some changes.

Although more than half of the House Judiciary members are co-sponsors of the bill, Chairman Robert W. Goodlatte, R-Va., is not one of them. He could continue to hold the bill in committee until changes are made.

In his opening statement at a hearing on the bill, he pushed for “joining with the warrant requirement recognized exceptions and procedures.”

Rep. Kevin Yoder, R-Kan., the lead sponsor of the bill along with Rep. Jared Polis, D-Colo., said the bill already provides a “proper balance,” shown by the amount of support it has received.

“There are very few issues which unify Congress more than this legislation,” Yoder said.

Ranking member John Conyers Jr., D-Mich., also urged action “without delay” on the measure.

The bill aims to update the Electronic Communications Privacy Act of 1986 for the digital age and address how and when the government can access emails. Under current law, the government can access emails without a warrant if they are stored for more than 180 days in the cloud, which refers to a network of remote servers.

The legislation would require a warrant no matter how long emails have been stored in the cloud, among several other changes. A bipartisan Senate version (S 356) has more than 20 co-sponsors.

TechNet, a group whose members include Apple, Google and Yahoo, is among those supporting the changes.

“Passing legislation to update the Electronic Communications Privacy Act would make it clear that the warrant standard of the U.S. Constitution applies to private digital information just as it applies to physical property,” Linda Moore, president and CEO of TechNet, said in a statement.

While no one has opposed treating all email the same and removing the 180-day threshold, other parts of the legislation have prevented any markup.

Investigation Worries

The Securities and Exchange Commission, for example, has raised concerns that even though it would be able to issue a subpoena to an individual, it would be required to obtain a warrant to access information directly from an Internet service provider. The SEC does not have the authority to obtain warrants because it is a civil agency.

Andrew J. Ceresney, director of the SEC’s enforcement division, told the House Judiciary Committee that the agency needs a way to obtain information directly from the Internet service providers in cases when an individual has not responded fully to a subpoena.

“Unsurprisingly, individuals who violate the law are often reluctant to produce to the government evidence of their own misconduct,” he said.

The Department of Justice has expressed similar concerns about the impact of the legislation on their efforts. In a written statement submitted to the House Judiciary Committee, DOJ officials supported the proposal to not treat emails differently based on whether they are older than 180 days, but they added that DOJ is concerned “about the effect a blanket warrant requirement would have on its civil operations.” Criminal search warrants would not be available to DOJ’s civil regulators and litigators, they said.

The SEC is asking for bill changes so the agency could use a court order to request information from an Internet service provider.

There’s been significant pushback on that request, though, from the bill’s supporters.

“Electronic communication and remote computing service providers are not, nor should they be, discovery agents for governmental entities that are conducting civil litigation,” Richard Salgado, director of law enforcement and information security at Google, wrote in a statement to the House Judiciary Committee.

He said carve-outs for civil agencies would go against the Fourth Amendment. He also argued there are other ways for the agencies to get the information they need even if the target of an investigation doesn’t comply with a subpoena.

And a businessman who was the subject of a SEC investigation wrote a letter to the House Judiciary Committee supporting Salgado’s point. Entrepreneur and Dallas Mavericks owner Mark Cuban, who was investigated by the SEC for alleged insider trading, said the SEC was the single agency that blocked similar legislation from passing last year and “is continuing to lead the charge in objecting” to the bill.

“As the target of an SEC investigation, I know that the SEC has a broad array of tools at their disposal to obtain information directly from targets. There is no evidence that these tools are insufficient,” Cuban wrote.

Yoder said concerns that have been raised by the SEC and others should be discussed in a markup, but he said he’s wary of adding exceptions to the warrant requirement for civil agencies.

“I think that would greatly undermine the purpose of the legislation and make it difficult to support,” he told reporters after the hearing.

The Senate version hasn’t showed signs of moving toward a markup, either, since a September hearing in Senate Judiciary.

Chairman Charles E. Grassley, R-Iowa, expressed support for not treating email differently based on how old it is, but he also noted a long list of concerns from DOJ, civil agencies and law enforcement groups.

He called for any changes to current law to “strike the right balance” between the privacy rights of the public and the needs of law enforcement.

There could be changes to the current law via another pair of bills, though.

Goodlatte said House Judiciary plans to hold a hearing soon on “issues surrounding law enforcement access to information located on servers outside the U.S.,” suggesting lawmakers will take up the related Microsoft-backed Law Enforcement Access to Data Stored Abroad Act (HR 1174).

That bill and its Senate version (S 512), would prohibit law enforcement agencies from compelling tech companies to turn over information on foreign customers held in servers abroad.

Microsoft is pushing those bills because it has been battling DOJ in court over whether the government can force the company to turn over emails stored in a data center in Ireland. The DOJ argues that the emails are related to a criminal case involving alleged drug trafficking. If the emails were in a U.S. data center, DOJ could access them with a warrant.

But the Microsoft-backed bills have less support among lawmakers and tech companies than the Email Privacy Act. Asked by reporters about whether the legislation might be combined in some way, Yoder said he does not want to see the Email Privacy Act “weighed down” with provisions from other email privacy bills.