Protecting our privacy in the digital age

When the IRS policy was brought to light, the agency quickly backed off, saying that henceforth it would obtain a search warrant in all cases when seeking from an Internet service provider the content of email communications stored on behalf of customers.
 
But what about other federal agencies?  Most Americans believe that our Fourth Amendment right “to be secure in [our] persons, houses, papers and effects, against unreasonable search and seizure” already applies to private communications sent or stored electronically, just as it applies to telephone calls or letters sent through the mail.
 
Unfortunately, there is a law on the books that says government officials have the authority to read our email and other electronic documents without obtaining a search warrant. That outdated legislation is the Electronic Communications Privacy Act (ECPA).  ECPA says that the government can use a mere subpoena, issued without any review by a judge, to compel service providers to disclose email older than 180 days and any document regardless of age that is stored in the Internet cloud.
 

ADVERTISEMENT
ECPA was written in 1986.  At that time, very few people had home computers. There was no such thing as a mobile phone with Internet access. The World Wide Web didn’t even exist. Few people used email in 1986, and email service providers stored email for only short periods of time.
 
Obviously, times have changed. With broadband access on our mobile phones, free unlimited email, and free or low cost storage in “the cloud,” individuals and businesses indefinitely store not only email but all manner of sensitive communications and personal information on the Internet. 
 
ECPA, however, remains largely unchanged.
 
Fortunately, efforts are underway in both houses of Congress to revise ECPA and bring it up-to-date with the realities of the 21st century. In the Senate, the original author of ECPA, Sen. Patrick Leahy (Vt.), a Democrat, has teamed up with Mike Lee (Utah), a conservative Republican, to put forth an ECPA reform bill.  In the House of Representatives, several bipartisan bills have been introduced.  A broad coalition of liberal and conservative organizations, technology companies, and privacy advocates is supporting these efforts. 
 
The principle behind ECPA reform is simple: if any government agency wants access to a person’s emails or other private material stored online, it should demonstrate to a judge that there is probable cause to believe the person is committing a crime and the judge should issue a search warrant.
 
The ECPA reform bills preserve existing exceptions in the law that will permit the government to act without a warrant in situations that threaten immediate harm.  They do not affect laws requiring reporting of suspected child pornography or the laws that govern national security and investigations of international terrorism.
 
Technology changes. Our rights do not. Americans are entitled to protection against government intrusion whether we keep our private letters and documents in a desk drawer or in a virtual file cabinet online.
 
The recent revelations about the IRS exceeding its own rules to harass people because of their political affiliation is a genuine scandal. But the even bigger scandal might be the outdated laws that allow officials of not only the IRS but any agency to read our email without a warrant.
 
The IRS officials who were making decisions on political grounds need to be held accountable. But we should look beyond the IRS and consider the broader question of government overreach.  One concrete way to prevent future abuses at any agency is to update ECPA to make it clear that all government officials must respect the Constitution in this digital age.

Harris is president and CEO of the Center for Democracy & Technology (CDT) and Norquist is president of Americans for Tax Reform (ATR).