The U.S. Congress needs to rewrite a law governing law enforcement access to mobile-phone data, e-mail messages and other electronic communications to reflect changes in technology, including a growing reliance on cloud computing, several senators said Wednesday.
Several Democratic members of the U.S. Senate Judiciary Committee called for changes to the Electronic Communications Privacy Act (ECPA), even though two representatives of President Barack Obama's administration wouldn't commit to supporting major changes to the 25-year-old law during a committee hearing.
Democratic members of the committee argued the law is outdated. Under ECPA, law enforcement agencies don't need court-ordered warrants to gain access to suspects' Web-based e-mail messages, information stored in cloud-computing environments and mobile-phone location information, even though police would need warrants to gain access to e-mail or documents stored on a suspect's computer.
In addition, several recent court rulings have given law enforcement agencies conflicting guidance about when they need warrants, with proof of reasonable cause to believe a crime has been committed, and when they can use subpoenas and other legal tactics with lower burdens of proof, senators said.
"It is a truly unclear and unresolved legal landscape," said Senator Christopher Coons, a Delaware Democrat. "We have here a statute that has truly been exceeded by developments in technology over the last decade or more."
It's time to fix ECPA, added Senator Patrick Leahy, a Vermont Democrat and committee chairman. Leahy began calling for changes in the law last year after a coalition of civil liberties groups and tech companies, called the Digital Due Process Coalition, raised concerns about ECPA.
Law enforcement agencies and privacy advocates would be better served with an updated law that clears up confusion, Leahy said. ECPA is "outdated from both a national security point of view and from a privacy point of view," he added.
Leahy urged representatives of the U.S. Department of Justice and the U.S. Department of Commerce to bring the committee concrete proposals about how to change ECPA. "Inertia sometimes gets the greatest bipartisan support on [Capitol] Hill," he said. "I'd like to see us move forward."
But representatives of the two agencies didn't offer proposals. The Department of Commerce is open to discussing changes to ECPA, said Cameron Kerry, general counsel there.
ECPA currently works fairly well for law enforcement agencies, added James Baker, associate deputy attorney general. Baker offered suggestions where the committee could look into changing the law, mostly by clarifying when law enforcement has access to digital communications.
But requiring warrants to gain access to most digital content, as the Digital Due Process Coalition has advocated, would hurt law enforcement investigations, he said.
Digital data from suspects is "critical" to investigations, Baker said. "If we were to raise the standard with respect to some electronic communications ... it's going to have an impact on law enforcement investigations," he said. "It would be more difficult."
Senator Chuck Grassley, an Iowa Republican, asked if requiring a higher evidentiary standard of law enforcement agencies to collect digital data would slow down investigations and have "real-life consequences, particularly where human life is involved."
"Absolutely, senator," Baker answered. "Whatever we do in this area, we need to get the balance right."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.