Tech groups renew push for cloud, email privacy protections

They want Congress to give greater protections from police searches to documents stored in the cloud for more than 180 days

This may finally be the year that the U.S. Congress gives email and other documents stored in the cloud for several months the same privacy protections from police searches as newer files or paper records stored in a file cabinet, say backers of electronic privacy reform.

A coalition of tech companies, digital rights advocates and other groups on Wednesday renewed their call for Congress to change a 29-year-old electronic privacy law called the Electronic Communications Privacy Act [ECPA].

Members of the Digital Fourth coalition have been pushing since 2010 for Congress to change ECPA by requiring law enforcement agencies to get a judge-approved warrant before getting access to a suspect's digital files stored with a third party for more than 180 days.

Law enforcement agencies need a warrant to get their hands on paper files stored in a suspect's home or office and electronic files stored for less than 180 days. But under ECPA, police agencies need only a subpoena, not reviewed by a judge, to demand files stored in the cloud for longer than 180 days.

For privacy protections guaranteed by the U.S. Constitution's Fourth Amendment, "there shouldn't be difference between your digital file cabinet and a file cabinet in your home," Katie McAuliffe, manager of federal affairs for conservative group Americans for Tax Reform, said Wednesday. "The problem is the government wants to get to your personal documents without your knowledge."

While bills introduced in Congress during the last five years failed to pass, members of the ECPA reform coalition said they're optimistic about legislation passing soon. Momentum for changing ECPA has been building in Congress, Chris Calabrese, senior director for policy at the Center for Democracy and Technology, said during a briefing for the media and for congressional staff.

A Senate bill, the Electronic Communications Privacy Act Amendments Act, has 17 co-sponsors since it was introduced in early February, and a House of Representatives bill introduced at the same time, the Email Privacy Act, has 249 co-sponsors.

With more than half of the House co-sponsoring the bill, that "sounds like an easy path to me," McAuliffe said.

ECPA reform bills in past sessions of Congress have run into some opposition from the U.S. Securities and Exchange Commission, which conducts investigations using subpoenas but has no warrant-seeking authority. The SEC's concerns are minor, given that the agency generally seeks documents direct from the subjects of its investigations, countered David Lieber, senior privacy policy counsel for Google.

Other U.S. agencies, including the Department of Justice and FBI, have voiced support for the proposed changes to ECPA in recent years, and the proposed changes have broad support in the tech industry and across political lines, coalition members said.

After a year and a half of revelations about surveillance programs at the U.S. National Security Agency, ECPA reform is a step Congress could take to show voters, and other countries, that it is concerned about electronic privacy, Lieber added.

"This is low-hanging fruit on the surveillance tree," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Digital FourthAmericans for Tax ReformKatie McAuliffeU.S. Congresslegislationcloud computinginternetprivacyU.S. Securities and Exchange CommissionDavid LieberGooglesecurityMailCenter for Democracy and TechnologygovernmentChris CalabreseU.S. Department of JusticeInternet-based applications and services

More about Department of JusticeFBIGoogleHouse of RepresentativesIDGMcAuliffeNational Security AgencyNewsSECSecurities and Exchange CommissionTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place