Coalition calls for reform of electronic privacy law

The new coalition, know as Digital Due Process, is calling for what it sees as a long-overdue revamp of the Electronic Communications and Privacy Act, which was designed to protect the privacy of internet and telephone users. The legislation was passed in 1986, which the coalition calls “light years ago in Internet time.”

The ECPA was originally intended to provide a standard framework under which law enforcement could operate in the digital world without infringing on the Constitution’s privacy protections. However, as Digital Due Process noted, the ECPA was passed at a time before email, global positioning tracking, cloud computing, or social networking. The coalition said that the advancement of technology, along with the inconsistent interpretation of the ECPA by the judicial system, led to its formation, whose members are putting forth recommendations to reform the law.

According to the Digital Due Process website, the organization is not seeking to trash the EPCA entirely. However, it would like to see the law reformed to address a number of electronic privacy aspects that were not even considerations in 1986. The coalition provides “guiding principles of EPCA reform” on its site, further requesting a rework of the law to deal with “access to email and other private communications stored in the cloud, access to location information, and the use of subpoenas to obtain transactional information”.

Google, one of the flagship coalition members, said in its official blog that “technology has moved at a record pace”, adding that, in the meantime, the “EPCA has stayed the same”. The company put forth four principles that it would like to see incorporated in a modernized EPCA, including making warrants a necessary precursor to obtaining personal data stored online and location tracking through cell phones and smartphones, in addition to requirements that government and law enforcement demonstrate a clear need to monitor electronic communications and engage in bulk data requests.

Other organizations that have joined the Digital Due Process coalition, Infosecurity notes, include AOL, eBay, the ACLU, Intel, and Microsoft.

Proving the old “politics makes for strange bedfellows” cliché, Electronic Frontier Foundation senior attorney Kevin Bankston highlighted the fact that his organization is willing to work with other coalition members to reform the EPCA, even though the EFF and other members have not always been on the same page. “When it comes to privacy, EFF has had its disagreements with fellow Digital Due Process members such as Google and AT&T”, noted Bankston. “But this diverse coalition of privacy advocates and Internet companies agree on at least one thing: the current electronic privacy laws are woefully outdated and must be updated to provide clear privacy protections that reflect the always-on, location-enabled, Web 2.0 world of the 21st century."

"The recommendations of the Digital Due Process coalition are not an exclusive list of the reforms to ECPA that EFF would support, and in some cases EFF would urge even stronger protections than those urged by the group," added Bankston. "However, EFF strongly agrees with its fellow Digital Due Process members that each of the coalition's recommended changes would significantly strengthen the law and better protect privacy."

One senior DC lawmaker was quick to comment on the coalition’s call to action. Senator Patrick Leahy – a Vermont Democrat and chairman of the Senate Judiciary Committee – said that “while the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated.” The senator added that he plans to convene hearings on what can be done to update the EPCA in the near future.

What’s hot on Infosecurity Magazine?