It’s been more than a year since the Snowden revelations, and government agencies continue to demand access to broad swaths of personal information online. We’ve yet to see serious privacy reforms from Congress. This is troubling because one of the biggest threats to privacy is the absence of modern laws that reflect the way that people today use the Internet.
Policymakers need to correct the course. More people every day are digitizing their lives and moving their lives online to the cloud. Experts are predicting a new variant of Moore’s Law -- that total data online will double every two years for the foreseeable future. And an estimated 90 percent of the existing data online has been created just since 2011.
On the positive side, policymakers have a real opportunity as early as this week to begin this much-needed reform by passing the USA Freedom Act and Email Privacy Act.
The USA Freedom Act ends the U.S. government’s bulk collection of metadata. It also appoints a person to represent users’ interests at the secret FISA court and permits companies to provide them with more transparency about how many government data requests we receive.
The Email Privacy Act ensures that the documents you store online have the same protections as the physical stuff stored in your home. It requires government agencies to obtain a judicial warrant supported by probable cause before they invade your digital space.
These bills are rooted in the Fourth Amendment’s guarantee that people should be free from unreasonable government searches. Until recently, that amendment has stood the test of time. By 1967, telephones had become a household device, and the government had begun wiretapping personal conversations. The Supreme Court clarified privacy rights by declaring in Katz v. United States that regardless of the medium, a “search” occurs when a person’s “reasonable expectation of privacy” is violated. And, in 1986, Congress enacted the Electronic Communications Privacy Act to extend wiretap restrictions to electronic data and address storage of electronic communications.
But it has been almost 30 years since then. The speed of innovation has rapidly accelerated and our institutions are not keeping pace with what most people view as their own reasonable expectations of privacy. Today, we move entire libraries of information in seconds, and share our most private photos with loved ones over great distances, but our rights are guarded by laws written in a time when multi-million dollar supercomputers would fill your garage and had less processing power than today’s iPad.
At the time, we could not have imagined government agencies demanding real-time access to your letters, photos, and documents with no judicial review. Or imagined law enforcement using supercomputing infrastructures that capture massive volumes of ‘metadata’ -- who you called, at what time, your online associations.
Congress needs to act now to ensure that our expectations of privacy in today's digital society are reflected in the law. While companies like Dropbox will continue to vigorously protect users’ privacy — including resisting overly broad requests in courts, fighting back when the government tries to keep requests secret, and publishing a Transparency Report — we can only do so much on our own.
It is time for Congress to provide modern safeguards for the American people. And if our government can make it clear that agencies may get access only in narrow and legitimate cases, we will also have set a global example consistent with our nation’s values, which will serve us for decades to come.
Homsany is general counsel at Dropbox.