Digital Privacy Reform: Bipartisan Legislation Introduced in the House
By Mary-Elizabeth Hadley
Loyal blog readers may recall that we promised to keep you advised of the progress of efforts to revise federal laws addressing digital privacy. Well, we have an update.
Representative Zoe Lofgren (D-CA) introduced
This bipartisan legislation seeks to extend Fourth Amendment privacy protections to individuals’ digital communications and location data.
The Act requires the government to obtain a search warrant to access wire or electronic communications content, regardless of its age and regardless of whether the content is in transit or stored in a “cloud.” In contrast, the ECPA currently requires the government to obtain a warrant to obtain unopened emails that are fewer than 180 days old but allows law enforcement to obtain other stored electronic communications through a grand jury subpoena or court order.
Also noteworthy is the Act’s notice provision which requires the government to serve the user or holder of an account with a copy of its warrant within three days of acquiring the content. Current law compels law enforcement to provide prior notification only when they use a subpoena or court order to access wire or electronic communications held in a remote computing service. See 18 U.S.C. § 2703(b). Unlike under the Act’s broader notice provision, the government currently has no obligation to provide notice if it obtains access through a warrant. See id. Under both current law, see 18 U.S.C. § 2705, and the Act, notice can be delayed if it may result in danger to the safety of an individual, flight from prosecution, intimidation of potential witnesses, or other serious jeopardy to an investigation or undue delay to a trial.
The Act preserves existing exceptions to the warrant requirement for emergency situations, foreign intelligence surveillance, national security, individual consent, public information and emergency assistance.
Geolocation Data Protected
Geolocation information, as defined in Section 3 of H.R. 983, is “any information that is not the content of a communication, concerning the location of a wireless communication device or tracking device . . . that, in whole or in part, is generated by or derived from the operation of that device and that could be used to determine or infer information regarding the present, prospective, or historical location of the individual.”
The Act requires federal law enforcement to obtain a warrant to intercept or to force service providers to disclose geolocation data pertaining to an individual. Like the warrant provision, the prohibition on government interception of geolocation information is subject to exceptions for emergency situations, foreign intelligence surveillance, national security, individual consent, public information and emergency assistance.
In addition, the Act prohibits the use of unlawfully obtained geolocation information as evidence and provides for administrative discipline and a civil cause of action if geolocation information is unlawfully intercepted or disclosed.
The Act – which already has drawn praise from privacy advocates – is an important first step towards the goal of ECPA reform. The exceptions it carves out to its new requirements may alleviate law enforcement’s most serious concerns. Rep. Poe’s co-sponsorship also should be helpful in moving the legislation forward. Although not particularly well-known for involvement in these issues, Poe is chairman of the House Subcommittee on Terrorism, Nonproliferation, and Trade.
In light of House Judiciary Committee Chairman Bob Goodlatte’s (R-VA) expressed commitment to modernize protections for electronic communications and the Act’s bipartisan sponsorship, the Act may have better prospects of passage than prior reform legislation.
Of course, in this Congress, passage of any significant legislation will be a challenge. We will be watching.
Caveat Vendor is Paul Hastings’ Consumer Issues blog. We welcome your feedback. Please contact our blog editor with any thoughts or suggestions.