Electronic Privacy Act Turns 25; No Reason to Celebrate
By John P. Mello Jr.
Technology has changed a lot since 1986, when the federal Electronic Communications Privacy Act (ECPA) became law. Cell phones no longer look like bricks. Thirteen-pound laptops, such as the IBM PC Convertible with a processor running at 4.77 MHz and 256KB of memory, aren’t considered svelte. We even have something called the World Wide Web, an unknown to cybernauts in that year.
Yet, the ECPA — which sets the rules on how and when law enforcement agencies can access your electronic information — has managed to be remarkably resistant to change since it became law 25 years ago on October 21. That’s created some bizarre anomalies in the law. For example, e-mail that you’ve opened is treated differently from e-mail in transit to you. And all e-mail more than 180 days old is fair game for government snoops.
“The outdated Electronic Communications Privacy Act is allowing the government to engage in a shopping spree in the treasure trove of information about who you are, where you go, and what you do, that is being collected by cell phone providers, search engines, social networking sites, and other websites every day,” the American Civil Liberties Union declares in a statement. “Online privacy law shouldn’t be older than the Web, and Americans shouldn’t have to choose between new technology and privacy.”
Concerns about the creaky ECPA have prompted some members of Congress to propose changes in the statute, two and a half decades and huge technological leaps after its adoption.
U.S. Senators Ron Wyden (D-Oregon) and Jason Chaffetz (R-Utah), for example, introduced legislation in June to amend the ECPA to require court-ordered warrants when law enforcement wants to obtain geographic information about you.
“GPS technology is unquestionably a great tool, not just for Americans on the go and cellular companies offering services, but for law enforcement professionals looking to track suspects and catch criminals,” Wyden says in a statement. “But all tools and tactics require rules and right now, when it comes to geolocation information, the rules aren’t clear.
Chaffetz adds: “I think it’s great that GPS and tracking technology exists. What isn’t great is the idea that this technology can be used to track somebody without their knowledge.”
Other changes in the law have been proposed by Sen. Patrick Leahy (D-Vt.). Among those proposals is a requirement that you be notified within three days of the government accessing your data. However, that notice can be delayed for 90 days in some “sensitive situations.”
One of the biggest obstacles to changing the ECPA has been opposition from law enforcement agencies. In January, for instance, James Baker, an associate deputy attorney general at the U.S. Department of Justice, told the Senate Judiciary Committee, which is chaired by Leahy, “Congress should refrain from making changes that would impair the government’s ability to obtain critical information necessary to build criminal, national security and cyber-investigations, particularly if those changes would not provide any appreciable or meaningful improvement in privacy protection.”
Meanwhile, the Electronic Frontier Foundation (EFF) and several other activist groups, along with Sen. Wyden and Sen. Mark Kirk (R-Ill), have scheduled a “Retro Tech Fair” and press conference on Tuesday to call for updating the ECPA. The Fair opens at 10 a.m. and the press conference begins at 11 a.m., all in room SVC 209 of U.S. Capitol Congressional Visitors Center in Washington, D.C.
The Fair will feature various “high tech” devices from the 1980s. The display — including what was then state-of-the-art cell phones, desktop computers, and other gadgets — will spotlight just how far technology has advanced since ECPA was originally passed, the EFF says.