A bill has been reintroduced in the U.S. House of Representatives that would require that law enforcement agencies get a warrant before they poke around users’ emails and other communications in the cloud that are older than 180 days.
The Email Privacy Act, reintroduced on Monday, aims to fix a loophole in the Electronic Communications Privacy Act that allows the government to search without warrant email and other electronic communications older than 180 days, stored on servers of third-party service providers such as Google and Yahoo.
“Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox,” digital rights organization, Electronic Frontier Foundation said in a blog post Monday.
The bill was passed by the House of Representatives last year but stalled in the Senate. Representative Kevin Yoder, a Republican from Kansas and Jared Polis, a Democrat from Colorado, said they are reintroducing the legislation because the Senate failed to act on it before the 114th Congress came to a close.
If the legislation becomes law, government agencies will have to obtain a warrant based on a showing of probable cause to compel service providers to disclose emails and other electronic communications of Americans, regardless of the age of the mails or the means of storage. In the original version of the legislation, government also has to notify the person whose account is disclosed, along with a copy of the search warrant and other information, within a stipulated period.
Privacy groups and tech companies backed the legislation when it was first introduced. But it failed to clear the Senate as it was bogged down with amendments such as the requirement of mandatory compliance by service providers without court oversight when law enforcement claimed an emergency as an exception for asking for user data. John Cornyn, a Republican senator from Texas, proposed an amendment that would expand the information that the FBI can obtain with a National Security Letter without prior judicial oversight.
“Government access to communications without oversight of warrants is a dangerous path for any country that supports democratic values,” said Ed Black, CEO and President of the Computer & Communications Industry Association, in a statement Monday.
“Rules on how the government can access electronic communications in criminal investigations have simply not kept up with advances in modern technology. Indeed, US law still treats data stored in the cloud differently than data stored on a local computer,” said Information Technology and Innovation Foundation vice president Daniel Castro in a statement.
Opposition to the bill came previously from a number of agencies including the Securities and Exchange Commission, which apparently uses administrative subpoenas on service providers to work around the handicap that people investigated often do not keep copies of incriminating mail after sending it or decline to share their content with the SEC.