September 27, 2010
Updating the ECPA (Electronic Communications Privacy Act)
The constitutional protection of "privacy" in the internet age is a subject of ongoing debate. As the NYT reports, Congress is considering "sweeping new regulations for the Internet," to include email, "Facebook" and "Skype" messaging.
Such revisions will, of course, be subject to challenge under the First and Fourth Amendments. Jim Dempsey, of the Center for Democracy and Technology, testified before the Judiciary Committee and stressed the Fourth Amendment aspects of privacy, as well as highlighting the disarray of the current state of the law.
Dempsey's appendix to his written testimony, discussing the current state of the law regarding protection for an email, demonstrates the doctrinal disorder:
ECPA, as interpreted by the Justice Department and the courts, provides a patchwork quilt of standards for governmental access to email. Under ECPA today, the status of a single email changes dramatically depending on where it is stored, how old it is, and even the district within which the government issues or serves its process.
Standards for access to the content of an email:
• Draft email stored on desktop computer – As an email is being drafted on a personʼs computer, that email is fully protected by the Fourth Amendment: the government must obtain a search warrant from a judge in order to seize the computer and the email.
• Draft email stored on gMail – However, if the person drafting the email uses a “cloud” service such as Googleʼs gMail, and stores a copy of the draft email with Google, intending to finish it and send it later, ECPA says that Google can be compelled to disclose the email with a mere subpoena. 18 U.S.C. 2703(b).
• Content of email in transit – After the person writing the email hits “send,” the email is again protected by the full warrant standard as it passes over the Internet. Most scholars and practitioners assume that the Fourth Amendment applies, but in any case the Wiretap Act requires a warrant to intercept an email in transit.
• Content of email in storage with service provider 180 days or less – Once the email reaches the inbox of the intended recipient, it falls out of the Wiretap Act and into the portion of ECPA known as the Stored Communications Act, 18 U.S.C. 2703(a). At least so long as the email is unopened, the service provider can be forced to disclose it to the government only with a warrant.
• Content of opened email in storage with service provider 180 days or less – The Justice Department argues that an email, once opened by the intended recipient, immediately loses the warrant protection and can be obtained from the service provider with a mere subpoena. (Under the same theory, the sender of an email immediately loses the warrant protection for all sent email stored with the senderʼs service provider.) The Ninth Circuit has rejected this argument. The question remains unsettled in the rest of the country. The Justice Department recently sought opened email in Colorado without a warrant; when the service provider resisted, the government withdrew its request, which means in effect that outside of the Ninth Circuit there may be one standard for service providers who comply with subpoenas and one for service providers who insist on a warrant.
• Content of email in storage with service provider more than 180 days – ECPA specifies that all email after 180 days loses the warrant protection and is available with a mere subpoena, issued without judicial approval.
Dempsey, written testimony at 15.
ConLawProfs looking for a provocative class discussion or exercise could attempt to elucidate the constitutional theory underpinnings of the current state of email protection, or make arguments regarding the government's attempts to include "Facebook" or "Skype," or the application to the military's "Don't Ask, Don't Tell" policy as construed by a judge who considered the military's use of private emails in her conclusion that the policy is unconstitutional.
TrackBack URL for this entry:
Listed below are links to weblogs that reference Updating the ECPA (Electronic Communications Privacy Act):