Tech industry pushes Congress for tighter privacy protections
A Reagan-era law that allows the government to read email and cloud-stored data more than 6 months old without a search warrant is under attack from technology companies, trade associations and lobbying groups.
The New York Times
WASHINGTON — A Reagan-era law that allows the government to read email and cloud-stored data more than 6 months old without a search warrant is under attack from technology companies, trade associations and lobbying groups, which are pressing Congress to tighten privacy protections. Federal investigators have used the law to view content hosted by third-party providers for civil and criminal lawsuits, in some cases without giving notice to the individual being investigated.
Nearly 30 years after Congress passed the law, the Electronic Communications Privacy Act, cloud-computing companies are scrambling to reassure their customers, and some clients are taking their business to other countries.
Ben Young, the general counsel for Peer 1, a web-hosting company in Vancouver, B.C., said his customers were keeping their business out of the U.S. because the country “has a serious branding problem.”
“We’ve enjoyed a competitive advantage in Canada,” he said, “because the public perception in the business community is that American law enforcement has more access to data than in other parts of the world.”
Places like Germany, Switzerland and Iceland are trading on a reputation of stronger protections for companies, but such safeguards are not universally tighter than those in the U.S. “Some countries are stricter on privacy, and some of them are not,” said Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, an advocacy group.
Privacy has been an increasing concern since Edward Snowden’s revelations last summer about bulk data collection by the National Security Agency, but an overhaul of the Electronic Communications Privacy Act has failed to break into the national conversation. “Because it’s not sexy,” said Katie McAuliffe, the executive director for digital liberty at Americans for Tax Reform.
The United States’ image problem has caused “real, tangible harm” for businesses, said Christian Dawson, the chief operating officer at ServInt, a Web-hosting company in Reston, Va. “It’s very easy for providers outside the country to say, ‘Hey, move your business offshore into an area that cares more about your privacy.’ They don’t have better laws necessarily; they have a better marketing department.”
Silicon Valley giants like Facebook, Twitter and Google say they will no longer hand over their customers’ data without a search warrant.
But smaller companies may be outmuscled by law-enforcement officials, said Ron Yokubaitis, the co-CEO of Data Foundry, a Texas data-center company.
“Mostly, they are going to comply because they don’t know their rights or can’t spend the money to resist,” he said.
A coalition of technology companies, trade associations and lobbying groups, called Digital Due Process, is pushing Congress to bolster privacy rules. Bipartisan bills in the House and the Senate have brought together a hodgepodge of supporters, including liberals and tea-party favorites.
Sen. Mike Lee, R-Utah, a co-sponsor of the Senate bill, said he was shocked to find the 1986 law was on the books. “Almost every American thinks that it is frightening that we have a law that suggests that the government has the right to read your email after only 180 days,” Lee said.
The bill would require a search warrant for access to electronic communications, with exceptions for some emergency situations. It would also require the government to notify individuals within 10 days that their information was being investigated. However, it does not address rules for location data, like GPS information from a cellphone.
The Senate Judiciary Committee approved the bill a year ago, but it has since stalled. One reason is resistance from federal investigating agencies that use subpoenas to gain access to electronic communications in civil cases, particularly the Securities and Exchange Commission.
The U.S. Court of Appeals for the 6th Circuit, in Cincinnati, ruled in 2010 that part of the Electronic Communications Privacy Act was unconstitutional.
Since the decision, most major technology companies have required a search warrant for customers’ content.
Rep. Kevin Yoder, R-Kan., and a co-sponsor of the House bill, said that provisions of the Electronic Communications Privacy Act were “frankly much worse” than the NSA’s domestic surveillance program.
While the NSA program involves the collection of phone-calling information known as metadata, the privacy act allows law-enforcement officials to actually read emails, “and in many cases Americans don’t know it’s happening to them,” Yoder said.