Senate committee limits government electronic surveillance

The committee votes to require search warrants for electronic records stored for more than 180 days

A U.S. Senate committee has approved legislation that would give more privacy protection from government surveillance for data stored in the cloud.

The Senate Judiciary Committee, in a voice vote Thursday, approved the Electronic Communications Privacy Act (ECPA) Amendments Act, a bill that would amend a 27-year-old law that governs law enforcement access to electronic records. The bill would require law enforcement agencies to get a court-ordered warrant, with police showing probable cause of a crime, before getting access to suspects' electronic records stored for longer than 180 days.

Several tech groups cheered the committee's decision to approve the bill and send it to the full Senate for a vote, although some law enforcement groups raised concerns that the changes to ECPA could compromise investigations. The changes could hamper the U.S. Securities and Exchange Commission's efforts to investigate financial fraud, SEC Chairwoman Mary Jo White said in a letter to the committee.

Despite some concerns about the bill, a "growing mistrust of government" is driving public opinion, said Senator Chuck Grassley, an Iowa Republican. Voters are concerned that "the government is snooping through emails and online communication at will," he added.

Supporters of the bill, including dozens of privacy groups and tech companies, have argued for years that amendments to ECPA are needed because law enforcement needs only a subpoena to require cloud and email service providers to turn over documents older than 180 days, while a warrant is needed for documents newer than that. Law enforcement agents need warrants to see paper documents stored in a suspect's file cabinet.

"Americans are very concerned about unwarranted intrusions into our private lives in cyberspace," said Senator Patrick Leahy, a Vermont Democrat and main sponsor of the bill. "There's no question that if [police] want to go into your house and go through your files and drawers, they're going to need a search warrant. If you've got the same files in the cloud, you ought to have the same sense of privacy."

The committee's vote comes after news reports this month that the U.S. Internal Revenue Service believes it doesn't need a warrant to read the email of people it is investigating.

At the same time the Senate committee was voting on the ECPA Amendments Act, a House of Representatives Judiciary Committee subcommittee hosted a hearing examining whether law enforcement agencies should need warrants to obtain geolocation information from smartphones and other devices.

While the Senate's ECPA Amendments Act doesn't deal with geolocation information, a bill called the Geolocational Privacy and Surveillance (GPS) Act, with versions introduced both in the House and the Senate, would require warrants for that information.

The American Civil Liberties Union supports the GPS Act, said Catherine Crump, a staff attorney for the group.

"Mobile phone technology provides law enforcement agents with an invasive yet inexpensive method of tracking individuals over extended periods of time and unlimited expanses of space as they traverse public and private areas," she told the House subcommittee. "It also makes it possible for law enforcement agents to identify all individuals located in a specific area -- a valuable tool, but one that by necessity reveals the location of vast numbers of innocent Americans."

But the bill would make it more difficult for law enforcement agencies to obtain geolocation information, thus hindering investigations, said Peter Modafferi, chief of detectives, in the Rockland County, New York, District Attorneys Office. Nearly every crime now has digital evidence associated with it, he said.

"Utilizing this [geolocation] information in the early stages of an investigation often provides fundamental building blocks on which cases may rest," Modafferi said. "Requiring probable cause in the initial stage of an investigation to gain access to geolocation information would make it significantly more difficult to solve crimes."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Peter ModafferiChuck GrassleyU.S. House of Representatives Judiciary CommitteeU.S. Senate Judiciary CommitteelegislationPatrick LeahyprivacyCatherine CrumpRockland County District Attorneys OfficeU.S. Securities and Exchange CommissionMary Jo WhiteAmerican Civil Liberties UnionsecurityU.S. Internal Revenue Servicegovernment

More about IDGInternal Revenue ServiceSECSecurities and Exchange Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts