Bill to require warrant for email searches gains ground in House

So far, 218 members have co-sponsored the measure

A far-reaching bill that would require the government to obtain a warrant to search through people's emails and other online communications now has majority support in the U.S. House of Representatives.

The Email Privacy Act, introduced by Reps. Jared Polis (D-Colo) and Kevin Yoder (R-Kans.), now has 218 co-sponsors -- the number needed for the bill to pass if it is brought up for a vote in the House.

The bill (H.R. 1852) seeks to update the privacy protections for electronic communications stored by Internet Service Providers (ISPs) and other third parties.

Critics have long argued that the law governing such data, the Electronic Communications Privacy Act (ECPA) of 1986, is woefully inadequate and outdated. They have noted that the ECPA allows law enforcement authorities and government officials to access emails and other online communications stored by third parties without a warrant.

The concerns about such access have been fueled in recent months by Edward Snowden's leaks about the National Security Agency's domestic surveillance activities. Many privacy rights advocacy groups have been vigorously pushing for changes to the ECPA.

Cloud providers and other technology vendors have been pushing for changes to how the government can ask for customer data amid signs that the Snowden revelations have scared some overseas customers away.

The proposed Email Privacy Act would amend ECPA to prohibit a third-party service provider from divulging a customer's communication records to law enforcement officials without a warrant obtained under the Federal Rules of Criminal Procedure or state warrant procedures.

The Computer & Communications Industry Association, a group that has been pushing for changes to email privacy laws, was quick to laud the support for the bill in the House.

"This bill would finally offer email, social messaging and other cloud-stored data the same protection as files stored inside someone's home," CCIA president Ed Black said in a statement via email. "If the government agency wants to obtain cloud-stored data, it would need to go before a judge and get a warrant for that search."

The Digital 4th coalition, a group representing several rights advocacy groups, on Wednesday called for House leaders to bring the Email Privacy Act to a vote now that it has majority support. "The House needs to act now," the coalition said in a statement.

The ECPA was passed even before the Web was invented and does not offer any measure of protection against government snooping, the coalition noted. "Under the Electronic Communications Privacy Act, Americans' emails, photos, documents and other online communications lack the Fourth Amendment protections guaranteed by our Constitution."

Christopher Calabrese, legislative counsel with the American Civil Liberties Union, said the majority support is a significant step forward for the proposed law. "What this means is that if the bill were to be brought to the floor tomorrow, it would pass," he said.

The bill offers online communications the same protections that exist currently against warrantless searches of paper mail records or of a house, he said.

"It is a relatively straightforward bill, but it is pretty surprising that it has taken this level of effort" to get this far, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Gov't Legislation/RegulationNational Security AgencysecurityregulationU.S. House of Representativesgovernmentprivacy

More about House of RepresentativesNational Security AgencyTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place