For thirty years, the federal government has operated under the premise that the American people do not have a reasonable expectation of privacy in their emails. What’s worse, almost no one is aware of it.
Last year, more than 232 million Americans sent an email at least once per month. Perhaps you’re reading this article because someone emailed it to you. Or maybe the link was sent to you via one of the more than one billion text messages Americans send in a year. Maybe you accessed it via Dropbox, as one of the company’s more than 400 million registered users.
In the 21st Century, digital communication has become ubiquitous in our society. More than 207 million Americans use a smartphone. That figure makes up nearly two-thirds of the country, and you only have to look to the fact that a whopping 85 percent of Americans ages 18-29 use one to realize the number is only going to get higher over the next several years. My two-year-old daughter can basically already open a Mickey Mouse Clubhouse video on the YouTube app on my iPhone on her own.
If you’re reading this article, it’s a virtual certainty that you’re lumped into those statistics. It’s also a virtual certainty you’re unaware that government agents have unfettered access to those millions of emails and billions of text messages as long as they’ve existed for more than six months. They can access them with no warrant, no subpoena, no judicial review whatsoever. They simply have to politely ask your email or cell phone provider for them and certify in writing that they are relevant to an investigation.
Sounds unbelievable, right?
Believe it. Under the Electronic Communications Privacy Act of 1986, government agencies are free to obtain any digital communication sitting on a third-party server (like Google for example) for more than six months without first showing probable cause. No, 1986 is not a misprint. The law governing our digital privacy protections a few months before Apple releases the iPhone 7 was written two years after Steve Jobs debuted the first Macintosh computer.
In 1986, lawmakers believed well within reason that individuals and families would each have their own email server systems. Therefore, they reasoned, if an individual was leaving an email on a third-party server for more than six months, it was akin to that person leaving their paper mail in a garbage can at the end of their driveway. Thus, that individual had no reasonable expectation of privacy in regards to that email under the Fourth Amendment.
Unlike thirty years ago when the small percentage of Americans actually using email downloaded correspondence onto their own personal computer, nowadays almost no one has their own personal email server. Instead, emails are largely stored on the exact type of system ECPA governs – third-party servers. Google alone has one billion global subscribers to its Gmail service. Other widely-used providers like Yahoo and Microsoft store emails for millions of Americans on their servers.
The divergence between federal law and actual practice that’s emerged since 1986 is the prevalence of third-party storage and our understanding of how it affects our expectation of privacy in those emails.
I believe – and I would assert most Americans believe – that even though my emails are technically stored on a server that doesn’t reside inside my home, the reality is that I carry them around with me every day inside the iPhone in my pocket. I believe our smartphones essentially operate as a mobile filing cabinet with all of my emails filed away in locked drawers. If the government wants to access them, they need to show me a warrant based on probable cause just as if they were actually trying to access physical documents inside my home.
To rectify this obvious misunderstanding, Congress is voting today to pass my Email Privacy Act. With 315 additional House cosponsors, the most-widely supported bill in Congress extends the same Fourth Amendment probable-cause protections afforded our physical mail to our digital communications and storage. It would require government agencies to obtain a warrant to search your Gmail account, just as it would at your home.
Lawmakers in 1986 should be commended for attempting to codify privacy protections for a ground-breaking new technology. Unfortunately, they got it wrong. Not through their own fault, but through an unforeseen evolution of the technology and how it is utilized by our society.
Today, Congress is getting it right.
Rep. Yoder represents the third District of Kansas in the United States House of Representatives and serves on the House Appropriations Committee.