Email Privacy Act: How will the Senate’s decision affect police?
Thursday, March 30, 2017
"The reality is regulation often lags behind innovation," said Bill Maris, founder of Google Ventures.
Maris might not have been talking about the Electronic Communications Privacy Act (ECPA) when he made this comment, but he sure nailed it on the head.
The ECPA protects the privacy of personal electronic communication with regulations, like those requiring warrants for email searches and prohibiting wiretapping. However, it lags well behind the innovation and technology of today.
The outdated regulation is putting privacy and safety at risk, and Congress has finally taken the first steps to bring the regulations into the 21st century with the Email Privacy Act.
If it becomes law, the Email Privacy Act could be beneficial to not only American citizens but also law enforcement.
"Law enforcement loves clarification," said Mitch Slaymaker, deputy executive director of the Texas Municipal Police Association. "Many times, law enforcement operates in a dynamic, ever-changing field of murky grey so when there is a clear set of rules to follow, it makes it easier."
What is the ECPA?
In 1986, the U.S. government created the ECPA to protect citizens' privacy in electronic communication — covering email, telephone conversations and electronically stored information. But that was 1986; a lot has changed since then.
The ECPA protects information stored on personal computers under the Fourth Amendment. However, information stored on computers outside of your home are not granted the same rights since there is no expectation of privacy on public devices.
When the ECPA was passed, email as we know it today did not exist. Email systems were not web-based but instead downloaded through local intranets. Thus, the ECPA made sense in 1986.
Fast-forward to modern day, and the electronic communications from 1986 seem prehistoric. And so does the ECPA.
The once-clear distinction between personal and public is gone. Now, emails are web-based; they are stored in the cloud and can be accessed from anywhere, anytime. Emails aren't the only thing in the cloud, either. Dropbox, for example, offers cloud-based storage for documents, photos and more.
How does the ECPA affect law enforcement?
While the ECPA was created to protect privacy rights, it has transitioned into a controversial regulation that endangers privacy and security.
One of the main concerns is that officers can access a suspect's email without obtaining a warrant. Only a subpoena is required for opened emails in remote storage or unopened emails stored for more than 180 days in remote storage. In fact, sometimes it can be possible to access these emails even without a subpoena.
"[The ECPA] allows law enforcement to forgo even the minimal burden of a subpoena or a court order and claim there is an emergency that necessitates the records being turned over. Although it is voluntary for the provider to act under this provision, many do in practice," according to EPIC, a public interest research center in Washington, D.C.
Another problem with the ECPA is that businesses control whether the information is released to government officials. The current law leaves a lot open to interpretation, creating a situation where the business decides whether to release the information.
Google, for example, posted a blog in 2013 detailing how the company handles government requests for user data, and the steps they take involve more of the company's own policies and procedures than government regulations.
What is the Email Privacy Act and how will it affect LEOs?
The Email Privacy Act was formed to "update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs, and for other purposes."
The bill passed unanimously in the House as H.R. 387 in February and is currently waiting for debate in the Senate. This is the third time the Email Privacy Act has been up for debate, failing the first time before leaving the subcommittee and failing the second time when senators attempted to attach unrelated amendments to the bill — even though it had passed the House unanimously.
The Email Privacy Act requires a warrant for all emails regardless of how long they have been stored or where they are stored. It will provide law enforcement clarification and specific guidelines that aren't up for interpretation.
The Email Privacy Act has its downfalls, though. First, there is no requirement to notify the person who is being searched. Second, requiring police to obtain a warrant under all circumstances could potentially put the public in danger.
"If exigent circumstances exist, time could be the enemy," Slaymaker said.
While the Email Privacy Act is debated in the Senate, officers need to uphold the current law. The ECPA doesn't require a warrant for all email searches, but it also doesn't prohibit officers from getting one. Therefore, an officer can uphold the law and protect a person's privacy by getting a warrant for email searches.
"Obtaining a warrant is always a best practice in any situation, if prudent, given the totality of the circumstances," said Slaymaker. "However, many times, exigent circumstances can exist such as someone being endangered, or the destruction of evidence." So, the warrant takes a backseat to safety.
When and how should future updates be completed?
Updating the ECPA with the Email Privacy Act has been decades in the making, but probably should have been completed years ago. The Email Privacy Act isn't a permanent solution, though. Advances in technology will cause it to become outdated, just like the ECPA.
"Even as frequent as an annual review may not be enough," Slaymaker said. "Updates are essential."
And he's right. The Email Privacy Act hasn't even made it through the Senate, and there's already another technology causing concern: artificial-intelligence personal assistants. It's a never-ending cycle of innovation, and law enforcement needs to prepare for regular updates and changes to accommodate the constantly changing world of technology and communications.
Whether or not your department supports the Email Privacy Act, it is clear that the ECPA is out of date and must be updated to protect both privacy and safety.
Since the technology being regulated was created after the ECPA itself was created, the law is open to interpretation and individual interpretations can vary. This trickles down into varying policies and procedures, and can become controversial when one department handles a situation differently than the next.
- Breaking down barriers to make career and technical pathways accessible for everyone
- 8 exercises for strengthening your business writing
- Millions of high school students set for success: Celebrating Career and Technical Education Month
- To fight crime, engage kids in quality after-school programs
- Tips for interrupting unconscious bias
- You can’t be what you can’t see
- 7 trigger control errors and how to fix them
- Study: Researchers search for better ways to nix inventory errors
- What to do when you notice your team ‘quiet quitting’
- Oklahoma City’s First Americans Museum: A celebration of native culture
- Infographic: Reselling leads to a sustainable future
- What if labor shortage is a long-term threat to the hospitality and tourism industry?
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How