Nadler, Conyers Propose Critical Reforms to Cloud Computing Privacy Laws

Aug 2, 2012 Issues: Civil Liberties

WASHINGTON, D.C. – Today, Congressman Jerrold Nadler (D-NY), the Ranking Member of the House Judiciary Subcommittee on the Constitution, and Congressman John Conyers, Jr. (D-MI), the Ranking Member of the House Judiciary Committee, introduced the Electronic Communications Privacy Act Modernization Act of 2012 in order to bring the Electronic Communications Privacy Act (ECPA) up to date with advances in technology and clarify issues of electronic privacy.

Nadler held multiple hearings on ECPA during his tenure as Chairman of the Subcommittee and has extensively explored the facets of the law that need updating.  As recently as July 25, at a Judiciary Subcommittee on Intellectual Property, Competition, and the Internet hearing on Cloud Computing issues, Nadler questioned a panel of technology and privacy experts, who all agreed that there should be a single due process standard for government access to materials stored in the cloud, on laptops, and on other devices, requiring search warrants based on probable cause.

“ECPA was passed in 1986, well before we commonly used the Internet for e-mail, much less for ‘cloud computing’ and remote storage,” said Nadler.  “Communications technology is evolving at an exponential rate and, as such, requires corresponding updates to our privacy laws.  This new legislation will ensure that ECPA strikes the right balance between the interests and needs of law enforcement and the privacy interests of the American people.”

“Rapidly advancing technology has made it necessary to update the Electronic Communications Privacy Act,” said Conyers.  “This bill will both protect the privacy of the information transmitted by digital communications and provide clear standards to guide law enforcement and the courts.”

ECPA, originally enacted in 1986, was intended to reestablish a balance between privacy and law enforcement needs, which Congress found had been upset by the development of communications and computer technology.  The law regulates how the government can obtain access to wire, electronic, and stored communications and customer records.  But, in recent years, new technologies – including cloud computing, social networking, and location-based services – have rendered many of the law’s provisions outdated, vague, or inapplicable to emerging innovations.  Such legal disarray can put government investigations, private industry and consumers at risk in a variety of ways.

Current law is inconsistent and unclear regarding the standards for government access to the content of communications, and a single email is potentially subject to multiple different legal standards.  Clarifying the laws will help industry stakeholders, who currently struggle to apply the existing, outdated categories of information to their products and services, and it will provide a clear standard for law enforcement.

The bill would amend the law to require the government to obtain a probable cause search warrant anytime it compels the contents of wire or electronic communications.  It would also:

•    Provide a uniform standard and set notice rules when the government accesses the contents of communications;
•    Amend the law to provide the same statutory suppression remedies for electronic communications as are currently provided for wire and oral communication surveillance.  Currently, an aggrieved person can suppress wire or oral surveillance, but not electronic.
•    Add new – and, in some instances, modify existing – reporting requirements to ensure that Congress has sufficient information for effective oversight and possible future reforms.

This legislation adopts the position of the Digital Due Process Coalition, which includes industry leaders Amazon, Apple, AT&T, eBay, Facebook, and Google.

###