Senate committee approves privacy protections for cloud, email

The legislation would require law enforcement agencies to get court warrants to search stored electronic communications
  • Grant Gross (IDG News Service)
  • — 29 November, 2012 19:57

A U.S. Senate committee has voted to approve legislation that would give the public new privacy protections from government searches of email and documents stored in the cloud.

The Senate Judiciary Committee on Thursday approved changes to the Electronic Communications Privacy Act (ECPA) that would require law enforcement agencies to get court-ordered warrants to search digital files stored in the cloud for longer than 180 days. Under current law, police need only an administrative subpoena to search email and other electronic records stored outside a suspect's computer for longer than 180 days.

The ECPA amendment was attached to House Resolution 2471, a bill related to consumer consent to video service providers. The bill is unlikely to pass through the House of Representatives this year, but sponsor Senator Patrick Leahy, a Vermont Democrat and chairman of the committee, said Thursday's vote lays the foundation for a bill to pass through Congress in 2013 or 2014.

Leahy pushed for the additional protections for email and cloud services, contrary to a news report last week saying he had rewritten the amendment to allow more surveillance by government agencies. Leahy has consistently called for greater legal protections for cloud services in recent years.

Stored email should enjoy the same legal protections as email stored on a suspect's computer or paper files stored in a suspect's desk, Leahy and other supporters of the amendment argued. ECPA has allowed lesser protection for communications stored outside a suspect's computer or home, with supporters of the difference arguing that suspects have less privacy concerns about data stored with outside vendors.

"Like many Americans, I'm concerned about the growing and unwelcome intrusions into our private lives in cyberspace, intrusions we would not allow in the physical world," Leahy said during a hearing to amend the bill. U.S. residents would expect law enforcement agencies to get a search warrant "if the government wanted to come into our house and look at the files we have on paper."

A group of technology vendors and digital rights groups have pushed for changes to ECPA since early 2010. The current rules discourage people from using U.S. cloud services, said members of the Digital Due Process Coalition.

Senator Chuck Grassley, an Iowa Republican, said he was concerned the Leahy amendment would hamper law enforcement and insider stock trading investigations. Grassley offered an amendment that would have allowed law enforcement agencies to get email files with simple subpoenas in child abduction, child pornography and some other cases, but majority Democrats on the committee voted down his amendment, saying Leahy's bill already allows law enforcement quick access to electronic files in cases where victims lives are in danger.

Grassley said he hopes law enforcement concerns about the bill can be addressed in upcoming negotiations.

The committee's vote for the bill won support from BSA, a software trade group, and the Center for Democracy and Technology, a digital rights group. The American Civil Liberties Union called the vote an "important gain for privacy."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Tags: Internet-based applications and services, instant messaging, Chuck Grassley, U.S. Senate Judiciary Committee, internet, government, legislation, privacy, Patrick Leahy, American Civil Liberties Union, BSA, security, Mail, Center for Democracy and Technology

Flight MH370 includes 12 Malaysian Freescale staff, and KL-based IBM executive

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.