Calif. governor vetoes email privacy legislation for third time
- — 15 October, 2013 20:46
For the third year in a row, California Gov. Jerry Brown has killed a bill that would have required state law enforcement authorities to obtain a warrant to search email and other electronic communications of suspects in criminal investigations.
In a veto memo ( download PDF) Saturday, Brown said he was rejecting the bill because its provisions would slow down criminal investigations and impose notice requirements that go beyond what's required under federal law.
California Senate Bill 467 had earlier won broad bipartisan support in the state legislature, passing both legislative houses with overwhelming support.
The bill, introduced by Sen. Mark Leno, would have barred Internet Service Providers and email services from handing over to the police any email or stored communications belonging to customers without a court-issued search warrant.
The federal Stored Communications Act (SCA) of 1986, cited by Brown in his veto memo, currently requires authorities to obtain search warrants only if they want to search through unopened email or communications that are less than 180 days old. The federal law does not require a warrant in the case of electronic communications stored for more than 180 days.
The vetoed California bill, on the other hand, would have required a warrant on all searches. It would have also required state law enforcement to notify email account holders that a search of their communications had taken place.
Brown's veto runs counter to trends in other states and at the federal level.
Earlier this year, for instance, Texas Gov. Rick Perry signed into law a bill that mandates a court-issued warrant for all email searches.
The statute, which is the first of its kind in the country, requires a warrant for all law enforcement access to stored electronic data, regardless of how long the data has been stored, who is storing it or how it is being stored. All applications for search warrants need probable case and have to be supported by an oath by the officer making the request.
In most cases, companies served with such warrants are required to comply with them within 10 days. In some instances, a judge can require compliance in as little as four days if police are able to prove that a delay would jeopardize an investigation, put someone's life at risk or let someone to escape prosecution.
Similarly, earlier this year, Sen. Rand Paul (R-Ky.) introduced a bill dubbed the Fourth Amendment Preservation and Protection Act of 2013 that contains many of the same provisions as in the Texas bill and the one vetoed by Brown.
Similarly, a bill introduced by three lawmakers earlier this year sought to make changes to existing federal law so as to incorporate a warrant requirement for all email searches.
Brown's rejection of SB 467 in light of such trends is disappointing, said Hanni Fakhoury, staff attorney with the Electronic Frontier Foundation, a privacy advocacy group and a bill sponsor. "I think California is bucking the trend," Fakhoury said.
Though Texas is the only state to have actually passed a warrant requirement, others are moving in that direction, he said. "There are [also] proposals in Congress to require a warrant and courts are increasingly finding an expectation of privacy in emails and other forms of electronic communications," Fakhoury said.
Brown's argument that a warrant requirement would impede investigations is also misplaced, Fakhoury said. "The government can request a delay in [notification] for 90 days, and that delay can be renewed if it would impede an investigation," he said.
"Even the federal Department of Justice has testified before Congress that they support a warrant requirement, which to me is compelling evidence a warrant requirement wouldn't impede an investigation."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about privacy in Computerworld's Privacy Topic Center.