Today, Congressman Jerrold Nadler (D-NY), Chair of the House Judiciary Subcommittee on the Constitution, Civil Rights and Civil Liberties, chaired a hearing on Electronic Communications Privacy Act (ECPA) Reform and the Revolution in Cloud Computing.  The hearing focused on how the growth of “cloud computing” technologies and services may require reforms to ECPA to ensure that, among other things, standards governing law enforcement access to e-mail and other electronic content is treated consistently under the law, regardless of where such content is stored.

“Today, we will explore cloud computing and continue our examination of whether ECPA still strikes the right balance among the interests and needs of law enforcement, industry and the privacy interests of the American people,” said Nadler.  “I want to acknowledge that our task will be a challenge: to find the appropriate balance between privacy and law enforcement interests; to protect the public while preserving consumer privacy and confidence; and, to support rapid technological innovation and growth yet discern standards for law enforcement access that will not become outdated with each new generation of technology.”

ECPA, originally enacted in 1986, creates statutory privacy rights for customers and subscribers of network service providers.  It was developed in order to reestablish a balance between privacy and law enforcement needs, which Congress found had been upset by the development of communications and computer technology.  The law regulates how the government can obtain access to wire, electronic and stored communications, and customer records.

This was the Subcommittee’s third ECPA reform hearing.  The first hearing generally introduced the Subcommittee to ECPA reform issues arising from the development of new technologies that did not exist when the statute was enacted.  The second hearing explored how the growth in cell phone location technology and associated mobile services may necessitate certain reforms to ECPA. 

Witnesses at the hearing were: Professor Edward W. Felten, Director, Center for Information Technology Policy, Princeton University; Richard Salgado, Senior Counsel, Google Inc.; Mike Hintze, Associated General Counsel, Microsoft Corporation; Paul Misener, Vice President for Global Public Policy, Amazon.com; David Schellhase, Executive Vice President, Salesforce.com; Perry Robinson, Associate General Counsel, Rackspace Hosting; Professor Kevin Werbach, University of Pennsylvania; Professor Fred H. Cate, Director, Center of Applied; Cybersecurity Research, Indiana University; Thomas B. Hurbanek, Senior Investigator, Computer Crime Unit, New York State Police; Kurt F. Schmid, Executive Director, Chicago High Intensity Drug Trafficking Area Program; and, Marc J. Zwillinger, Zwillinger Genetski LLP.

Below is Nadler’s opening statement, as prepared:

“Today’s hearing is the third in which this Subcommittee will consider the statutory framework Congress established in the 1986 Electronic Communication Privacy Act (ECPA) in light of the enormous technological advances in electronic communications in the 24 years since ECPA’s passage.

“At the last hearing, we learned about advancements in cellular location-based technologies and related services and how such technologies, while enriching our lives, can provide law enforcement with more precise and, to many of us, more sensitive information about where we may be located at any given time.

“Today, we will continue our examination of whether ECPA still strikes the right balance among the interests and needs of law enforcement, industry and the privacy interests of the American people by discussing the new technology commonly referred to as ‘cloud computing.’

“It is important that the law sustain the public’s confidence in the security and privacy of its communications and information.  That confidence is absolutely essential to fostering the emerging market for cloud computing services and the rapid innovation that is fundamental to that market’s health.

“This Subcommittee’s exploration of where the appropriate balance may lie with respect to the content and associated transactional information of electronic communications and data stored by certain third-party providers must begin with a lesson about cloud computing technologies and capabilities.

“When ECPA was passed back in 1986, few of us used e-mail or imagined a world where we could securely share information and edit electronic documents online with our colleagues, or where – again online – a business could input, store, process and access all data necessary for the management of its business processes, from sales to customer service.

“That world is here, and it promises tremendous efficiencies for government, private industry, and individuals.  It is an exciting technological advance, and we must ensure that the law keeps pace in a manner that protects this market, the rights of consumers, and the government’s law enforcement responsibilities.

“We are fortunate to have two distinguished panels of witnesses who bring a great deal of expertise to both the legal and technological issues before us, including witnesses who represent five major U.S. cloud computing companies.  They, along with our other experts, will educate us about what is happening ‘in the cloud’ today and discuss the type of laws and rules that the industry needs to promote the continuing innovation and growing efficiency that cloud computing affords to individuals and businesses of all types and sizes. 

“This initial educational effort is, in my view, not only warranted but essential before we undertake any effort at amending or otherwise reforming ECPA. 

“In many respects, at least for the moment, the testimony we hear and discussions we have today may raise more questions than they answer.

“Since we are to hear about technologies, both existing and perhaps yet to come, that are revolutionary – certainly by 1986 standards – I want to acknowledge that our task will be a challenge: to find the appropriate balance between privacy and law enforcement interests; to protect the public while preserving consumer privacy and confidence; and, to support rapid technological innovation and growth yet discern standards for law enforcement access that will not become outdated with each new generation of technology. 

“Just as it would not have been possible for Congress to anticipate the exciting technologies we will be discussing today, it is more than likely that, in the years to come, new technologies will present us with equally vexing legal questions.  We must learn to take advantage of these emerging technologies without ushering in a new privacy-free civilization – to ‘boldly go’ toward the creation of a new, productive balance among the interests of law enforcement, personal privacy and industry that no legislation has struck before. 

“This Subcommittee needs the assistance and input of all stakeholders – law enforcement, private industry and civil liberties groups alike – to get this balance right for at least another generation.

“I look forward to the testimony of our witnesses today, and to working with all stakeholders on this timely mission.”