For decades, Americans have forfeited their privacy rights for a false sense of safety. Broad, sweeping surveillance laws––such as, but certainly not limited to Section 702 of the FISA Amendments Act––have given the federal government carte blanche in the realm of surveillance. Thankfully, a recently introduced bipartisan Senate bill would restore some vital protections to Americans’ privacy.
The ECPA Modernization Act, introduced by Sens. Mike Lee (R-UT) and Patrick Leahy (D-VT), would update the Electronic Communications Privacy Act of 1986 (ECPA) to make it more relevant to the technologically advanced world in which we live. The original bill was conceived in a time when email and cell phone use were rare, with the goal of protecting oral, wire, and electronic communications from government surveillance. The bill was an update to the 1968 Federal Wiretap Act, which, much like the ECPA now, had become useless with time.
ECPA’s privacy protections remain stuck in that era, when companies would only archive emails for 180 days. After that time frame had lapsed, a user’s emails would disappear, thus ending the government’s ability to snoop archives. Servers have since made email archives essentially eternal, giving the government a goldmine of information to spy on.
Legislators at that time could not have foreseen surveillance tools, such as facial recognition technology, Internet dragnets, and cell site simulators, all of which have been deployed to trample privacy rights. While lawmakers may have had good intentions in 1986, their bill is useless in the modern era.
It’s 10 O’Clock. Yes, Government Knows Where You Are
The ECPA does nothing to address spy agency and police use of geolocation data to track the exact whereabouts of a person. That type of tracking has been used in startling ways recently. Earlier this year, Immigration and Customs Enforcement (ICE) used a Stingray cell site simulator to track down an illegal immigrant in Detroit. That was the first time ICE deployed this tool, which was originally designed for military and terror investigations. Police in New York have used the tool thousands of times, and the Electronic Frontier Foundation (EFF) reports it is repeatedly abused in non-terror investigations across the country.
The ECPA update would require a report from the Federal Communications Commission (FCC) and the Government Accountability Office (GAO) on the use of Stingrays for law enforcement and spying. Specifics of what these reports would entail aren’t yet known, but any study on abuse and overreach is certainly a step in the right direction.
Unfortunately, the new bill still gives the government a lot of wiggle room in circumventing warrants. If law enforcement determines a situation constitutes an emergency, officials can get away with not obtaining a warrant. And if acquiring geolocation data could help prevent serious injury or death to any individual, or stymie a threat to national security, law enforcement still has broad discretion.
Surveillance Is For Proven Criminals, Not Free Citizens
Still, Lee and Leahy’s update to ECPA would curtail some of these violations by putting stricter limitations on when the government can use geolocation data to track someone. The bill would require a government agency to obtain a warrant before acquiring live or stored geolocation data from a third party such as Verizon, AT&T, or Google. As Lee put it, “[Americans] don’t believe the government should be able to always know where you are just because you are carrying a cell phone.”
Lee’s point is an important one, but one that’s lost on the public at large, either because of apathy or fear. In the wake of Edward Snowden’s 2013 NSA leaks, most Americans began to oppose government spying programs. However, that data has shifted back in favor of the snoopers, with recent polling showing 62 percent are okay with government collecting phone records from millions of Americans. Thankfully, rights–including our Fourth Amendment rights–are not decided by majority rule.
Lee and Leahy’s bill also makes some good strides toward protecting email data. The bill would get rid of an ECPA provision that allows law enforcement and spy agencies to obtain archived email data, after 180 days, without a warrant. Instead, it would require a warrant based on actual probable cause before the government ever obtains email data from a third-party server.
This is a crucial upgrade to the ECPA. Currently, the outdated law largely allows government to access a treasure trove of archived emails. Additionally, amendments made to the bill under Title II of the PATRIOT Act and Section 702 of the FISA Amendments Act have made it alarmingly easier for government agents to access data stored by third parties. Thanks to the PATRIOT Act, spy agencies can obtain intimate details, including your name, address, and phone number, all without a warrant.
Under the new bill, not only must an agency show probable cause, it must also list the time frame of the email, the persons involved, the information that is sought, and the specific circumstances of the investigation. This type of specificity ensures that day-to-day conversations and other irrelevant communications aren’t allowed to be scooped up mid-investigation. This is especially important with the increased power of servers to hold records for longer than 180 days.
While the ECPA Modernization Act is by no means a cure-all for the erosion of privacy rights in America, it certainly would move the nation in the right direction. Putting a stricter onus on government officials to prove probable cause before vacuuming up your data would be a huge step towards protecting privacy and due process rights in the digital age.