Congressional action aims to improve email privacy

April 3, 2013

A new bi-partisan movement is taking place in the U.S. Congress to help fix an archaic email security rule that allowed government officials to read personal messages provided they had been opened or stored for more than 180 days. Known as the Electronic Communications Privacy Act of 1986, the rule is very out of date, and according to The Next Web, Rep. Jim Sensenbrenner said it was likely unconstitutional.

"A probable cause standard should apply to the government's ability to compel a communications provider to disclose a customer's email message – no matter how old the message is," Rep. John Conyers, the Judiciary Committee's ranking member, said according to The Hill.

The newly proposed bill would reform the ECPA from only requiring a subpoena to require a warrant before email and other digital communication could be viewed. Also containing a provision to protect against consumer geolocation data, the Online Communications and Geolocation Protection Act would improve data privacy for mobile users.

The Next Web reported warrants are sometimes viewed as something of a "flac safeguard," as they were somewhat easy to obtain. However, they are much harder to procure than a subpoena, so it is a step in the right direction. Alex Wilhelm wrote on the website that he finds the momentum of this bill to be somewhat surprising.

"The Computer Fraud and Abuse Act (CFAA) is equally dated, and moves to amend its more broken provisions had some in the House of Representatives worried about lowering any bar punishing digital crime," he said. "However, in this case, the blatancy of how poor the ECPA is in its current form appears to be driving consensus. It's worth nothing that in the last Congress, a measure to reform email privacy did make progress in the Senate. If the House can ride this new wave to passage, the President could sign something into law in 2013."

Greg Nojeim, a senior counsel for privacy advocacy group Center for Democracy & Technology, told The Hill that he was encouraged by the movement at the hearing, saying that the committee reflects the growing view that there needs to be stronger restrictions on government access to private email communication. The news source said when ECPA was passed a quarter century ago, they did not anticipate how big email would become and figured older messages would be considered abandoned. A change is likely long overdue for the betterment of email security.

Got Postini? Why a Cloud Application Provider’s Security May Not Be Good Enough.