recommended reading

Why Is the Wildly Popular Email Privacy Act Still Stuck in Congress?

Tammy54/Shutterstock.com

It’s among the most pop­u­lar bills in Con­gress, but it’s still stuck in com­mit­tee.

More than 300 House mem­bers—a ma­jor­ity of the body—have signed on as co­spon­sors to the Email Pri­vacy Act, which would re­quire po­lice to ob­tain a war­rant be­fore ac­cess­ing emails, Face­book mes­sages, and oth­er private on­line con­tent. It has vo­cal sup­port from con­ser­vat­ives such as Reps. Kev­in Yo­der and Ted Poe, as well as lib­er­als such as Reps. Jared Pol­is and Sheila Jack­son Lee. Get­ting it passed is one of the top policy pri­or­it­ies for In­ter­net gi­ants such as Google and Ya­hoo, and it’s even en­dorsed by an­ti­tax cru­sader Grover Nor­quist.

But after more than three years of de­bate, the bill still hasn’t made it to the House floor for a vote. And on Tues­day, a hear­ing of the House Ju­di­ciary Com­mit­tee made it clear why: The pan­el’s chair­man, Rep. Bob Good­latte, isn’t back­ing the bill yet, and his com­mit­tee perch gives him enough power to keep it from go­ing through.

Good­latte said Tues­day he sup­ports the “core” of the Email Pri­vacy Act, but he also de­man­ded changes to en­sure the bill doesn’t hamper law en­force­ment. A Good­latte aide said the hear­ing “high­lighted some is­sues that need to be ad­dressed” and de­clined to say when the bill might ad­vance to a vote in the com­mit­tee.

Good­latte’s res­ist­ance is prov­ing to be a ma­jor stum­bling block, even though the bill already has more co­spon­sors than it would need votes to pass.

Un­der the Elec­tron­ic Com­mu­nic­a­tions Pri­vacy Act, the gov­ern­ment can seize emails that have been opened or that are more than 180 days old without ju­di­cial ap­prov­al. When law­makers passed ECPA in 1986, they as­sumed that if a per­son hadn’t down­loaded and de­leted an email with­in six months, it could be con­sidered aban­doned and wouldn’t re­quire strict pri­vacy pro­tec­tions. While one fed­er­al ap­peals court ruled in 2010 that the Con­sti­tu­tion re­quires po­lice to ob­tain a war­rant to ac­cess emails, oth­er courts have con­cluded that people lose pri­vacy pro­tec­tions when they share in­form­a­tion with third parties such as email pro­viders.

“When cur­rent law af­fords more pro­tec­tions for a let­ter in a fil­ing cab­in­et than an email on a serv­er, it’s clear our policies are out­dated,” Rep. Su­z­an Del­Bene, a Wash­ing­ton Demo­crat and co­spon­sor of the bill, said at Tues­day’s hear­ing.

“We are not well-served by a law whose ap­plic­a­tion is un­pre­dict­able, and that the courts have had great dif­fi­culty in­ter­pret­ing,” said Rep. John Con­yers, the top Demo­crat on the com­mit­tee. “Be­cause of the rap­id pace of tech­no­lo­gic­al change, this situ­ation will only get worse if we do not act.”

But Good­latte ar­gued that Con­gress should pro­tect the “le­git­im­ate needs of law en­force­ment” by amend­ing the Email Pri­vacy Act to in­clude war­rant ex­emp­tions for emer­gen­cies and oth­er cir­cum­stances. “One of the goals of this le­gis­la­tion is to treat searches in the vir­tu­al world and the phys­ic­al world equally, so it makes sense that the ex­cep­tions to the war­rant re­quire­ment and the pro­ced­ures gov­ern­ing ser­vice of war­rants should also be har­mon­ized,” he ar­gued.

The Ju­di­ciary Com­mit­tee chair­man also warned that there are “ser­i­ous pub­lic safety” con­cerns with a pro­vi­sion that would re­quire po­lice to serve the crim­in­al sus­pect with the war­rant in­stead of just the sus­pect’s email pro­vider. And he ar­gued that the bill could un­der­mine in­vest­ig­a­tions by Con­gress and civil agen­cies, which don’t have ac­cess to crim­in­al war­rants.

That con­cern was echoed by An­drew Ceres­ney, the head of en­force­ment at the Se­cur­it­ies and Ex­change Com­mis­sion. The Email Pri­vacy Act, Ceres­ney test­i­fied, “poses sig­ni­fic­ant risks to the Amer­ic­an pub­lic by im­ped­ing the abil­ity of the SEC and oth­er civil law en­force­ment agen­cies to in­vest­ig­ate and un­cov­er fin­an­cial fraud and oth­er un­law­ful con­duct.”

But Ceres­ney ac­know­ledged that the SEC hasn’t tried to sub­poena email pro­viders since the ap­peals court gran­ted con­sti­tu­tion­al pro­tec­tions to re­motely stored con­tent in 2010. The bill’s sup­port­ers also ar­gued that civil agen­cies such as the SEC should just con­tin­ue for­cing the tar­gets of their in­vest­ig­a­tions to turn over re­cords in­stead of go­ing to email pro­viders like Google.

Point­ing to the con­tro­versy over the In­tern­al Rev­en­ue Ser­vice tar­get­ing con­ser­vat­ive or­gan­iz­a­tions, Chris Ca­labrese, the vice pres­id­ent of policy for the Cen­ter for Demo­cracy and Tech­no­logy, a pri­vacy ad­vo­cacy group, urged Con­gress not to al­low civil agen­cies to use the bill as “a tool to gain new powers.”

The bill, which would not af­fect for­eign in­tel­li­gence op­er­a­tions, had been largely over­shad­owed by the leaks by Ed­ward Snowden and the de­bate over Na­tion­al Se­cur­ity Agency sur­veil­lance.

Sens. Patrick Leahy and Mike Lee in­tro­duced coun­ter­part le­gis­la­tion to the Email Pri­vacy Act in the Sen­ate. The Sen­ate Ju­di­ciary Com­mit­tee held a hear­ing in Septem­ber, but like Good­latte, Chair­man Chuck Grass­ley wor­ried the le­gis­la­tion could hamper law en­force­ment in­vest­ig­a­tions. The Sen­ate has not sched­uled a com­mit­tee vote on the bill. 

(Image via /Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov