A U.S. Senate committee has approved legislation that would give more privacy protection from government surveillance for data stored in the cloud.
The Senate Judiciary Committee, in a voice vote Thursday, approved the Electronic Communications Privacy Act (ECPA) Amendments Act, a bill that would amend a 27-year-old law that governs law enforcement access to electronic records. The bill would require law enforcement agencies to get a court-ordered warrant, with police showing probable cause of a crime, before getting access to suspects’ electronic records stored for longer than 180 days.
Several tech groups cheered the committee’s decision to approve the bill and send it to the full Senate for a vote, although some law enforcement groups raised concerns that the changes to ECPA could compromise investigations. The changes could hamper the U.S. Securities and Exchange Commission’s efforts to investigate financial fraud, SEC Chairwoman Mary Jo White said in a letter to the committee.
Despite some concerns about the bill, a “growing mistrust of government” is driving public opinion, said Senator Chuck Grassley, an Iowa Republican. Voters are concerned that “the government is snooping through emails and online communication at will,” he added.
Supporters of the bill, including dozens of privacy groups and tech companies, have argued for years that amendments to ECPA are needed because law enforcement needs only a subpoena to require cloud and email service providers to turn over documents older than 180 days, while a warrant is needed for documents newer than that. Law enforcement agents need warrants to see paper documents stored in a suspect’s file cabinet.
“Americans are very concerned about unwarranted intrusions into our private lives in cyberspace,” said Senator Patrick Leahy, a Vermont Democrat and main sponsor of the bill. “There’s no question that if [police] want to go into your house and go through your files and drawers, they’re going to need a search warrant. If you’ve got the same files in the cloud, you ought to have the same sense of privacy.”
The committee’s vote comes after news reports this month that the U.S. Internal Revenue Service believes it doesn’t need a warrant to read the email of people it is investigating.
At the same time the Senate committee was voting on the ECPA Amendments Act, a House of Representatives Judiciary Committee subcommittee hosted a hearing examining whether law enforcement agencies should need warrants to obtain geolocation information from smartphones and other devices.
While the Senate’s ECPA Amendments Act doesn’t deal with geolocation information, a bill called the Geolocational Privacy and Surveillance (GPS) Act, with versions introduced both in the House and the Senate, would require warrants for that information.
The American Civil Liberties Union supports the GPS Act, said Catherine Crump, a staff attorney for the group.
“Mobile phone technology provides law enforcement agents with an invasive yet inexpensive method of tracking individuals over extended periods of time and unlimited expanses of space as they traverse public and private areas,” she told the House subcommittee. “It also makes it possible for law enforcement agents to identify all individuals located in a specific area—a valuable tool, but one that by necessity reveals the location of vast numbers of innocent Americans.”
But the bill would make it more difficult for law enforcement agencies to obtain geolocation information, thus hindering investigations, said Peter Modafferi, chief of detectives, in the Rockland County, New York, District Attorneys Office. Nearly every crime now has digital evidence associated with it, he said.
“Utilizing this [geolocation] information in the early stages of an investigation often provides fundamental building blocks on which cases may rest,” Modafferi said. “Requiring probable cause in the initial stage of an investigation to gain access to geolocation information would make it significantly more difficult to solve crimes.”