Investigators would need a search warrant to get people's old emails under a bill considered Tuesday by a House panel looking to update a nearly 30-year-old federal law to reflect today's communications.
The Email Privacy Act, introduced by Rep. Kevin Yoder, R-Kansas, has broad bipartisan support and would close a loophole in the 1986 Electronic Communications Privacy Act, which passed before online storage became so convenient and inexpensive. The law gave the government access to emails older than 180 days with just a subpoena. The emails were considered abandoned at the time, when there was rarely enough storage space to hold emails longer than six months.
The government uses subpoenas to Internet service providers like Google or Yahoo obtain people's emails.
The bill taken up by the House Judiciary Committee instead would require agents to get a search warrant, which generally requires probable cause that a crime has occurred. Exceptions in the bill would allow agents to obtain emails in terrorism investigations without any changes.
Committee Chairman Bob Goodlatte, R-Va., said he hoped to provide a “fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies,” so that searches in the virtual world and physical world are treated equally.
Chris Calabrese, who is vice president for policy for the Center for Democracy & Technology, called the bill a “modest step for bringing our privacy protections into the 21st century.”
He added that the bill still provides more leeway for law enforcement than a warrant to search a physical place. For example, it allows investigators to wait up to 10 days to provide notice of the warrant to the subject, as well as a gag order in certain circumstances so that person would not be notified at all.
Google's law enforcement director, Richard Salgado, told lawmakers that provisions under the old law “do not reflect the reasonable expectations of privacy of users.”
He also noted that the Justice Department has said there is no reason under privacy law for criminal investigators to treat old emails differently than newer emails.
The Securities and Exchange Commission opposes the new measure, saying as a civilian law enforcement agency it can't obtain a criminal warrant.
The SEC's enforcement director, Andrew Ceresney, said agents can't reasonably expect the targets of their investigations to turn over emails or other messages that might implicate them in fraud schemes.
“Individuals who violate the law are often reluctant to produce to the government evidence of their own misconduct,” he said.
Under questioning, Ceresney acknowledged that his agency has not used its subpoena power to gain access to emails older than 180 days since an appeals court in 2010 ruled that the Electronic Communications Privacy Act violates the Fourth Amendment because it doesn't require law enforcement to obtain a warrant for emails.
This is the second time Congress has examined email privacy and a change to the 1986 law; a bill in 2013 received broad bipartisan support but failed to proceed beyond initial votes. Since then, disclosures by former National Security Agency contractor Edward Snowden about the scope of government snooping on Americans' communications led to increased sensitivities and efforts to limit government access.
Earlier this week, after a gag order was lifted on a founder of an Internet service provider, it was revealed that the FBI has used national security letters to demand records from ISPs, phone companies and financial institutions, without a warrant.