Our electronic privacy laws are badly out of date. That’s probably not a total surprise to many folks – we know how fast technology evolves and how slowly laws can change. But it’s unacceptable from both a privacy and innovation perspective that a private email in our computer’s inbox doesn’t have the same legal protection as a letter that sits in our desk drawer. When emails, social media accounts and other cloud-based information are subject to warrantless search and seizure, it is bad for consumers and bad for business.
Silicon Valley technology companies are receiving tens of thousands of demands from the government for user information every year, many of them without a warrant. This is because our state and federal electronic privacy laws have not been meaningfully updated since the 1980s, before the Web even existed. The government is taking advantage of loopholes in outdated laws, like the federal Electronic Communications Privacy Act (ECPA), to demand private emails and other information from social networks or cloud providers with a mere subpoena – an order not even approved by a judge.
It’s clear that electronic privacy law is urgently in need of an update. Civil liberties organizations like the American Civil Liberties Union and major technology companies and industry groups have come together to push for change.
California can do its part by requiring state law enforcement to obtain a warrant to access online communications. Senate Bill 467 – a bill to do just that – has already been passed overwhelmingly by the Legislature and is sitting on Gov. Jerry Brown’s desk. We urge him to sign it into law.
It would also pave the way for California’s congressional delegation to help lead efforts on the federal level and clearly extend privacy protections to the modern digital world. Many in Congress, both Democrats and Republicans, already realize that it is time for reform. The original author of ECPA, U.S. Sen. Pat Leahy, a Democrat from Vermont, understands that “privacy laws written in an analog era are no longer suited for privacy threats we face in a digital world,” and has joined with Sen. Mike Lee, a Republican from Utah, to introduce an update. We are pleased that several bipartisan bills have also been introduced in the House.
Updating the law is not only necessary for safeguarding privacy, but clear and easy rules that make sense for today’s technology also help companies avoid problems and build trust with consumers, both domestically and internationally. And even the Department of Justice has admitted that the law’s outdated distinctions no longer make sense. So what’s the holdup to updating ECPA? You may be surprised to learn that it is civil agencies like the Securities and Exchange Commission and the Internal Revenue Service that are gumming up the works. These agencies already have a great deal of investigative power, and now they want to be able to bypass the targets of investigations and covertly demand information from companies about individuals. Giving them these added uncheckable and invisible powers is folly in light of the history of overreach by administrative agencies.
All of us in California must ensure that Congress acts soon to modernize the Electronic Communications Privacy Act, to support innovation and emerging technologies and to protect our long-established freedoms.