The government needs a search warrant to bust into your house, search your files, and pull out any incriminating documents. It needs the same warrant for files stored on your computer. So why doesn't the same standard apply when the same information is stored in online servers operated by third parties like Google or Microsoft?
The answer is 1986's Electronic Communications Privacy Act, drafted in a different era. Many of its distinctions no longer make sense today, such as the one between "private" and "third party" records. The government has found numerous ways to access material stored in remote servers—notably e-mail—without the traditional warrant and judicial oversight required in the past. And new sources of data, such as cell phone location records, weren't even envisioned by the earlier law.
To drag the law into the modern era, a coalition of strange bedfellows has formed: EFF, the ACLU, Microsoft, Google, AT&T, the Progress & Freedom Foundation, the Center for Democracy and Technology, and others. They kicked off a new campaign today called Digital Due Process, which asks for several major changes to existing law. For instance:
- All "private content" held by a service provider should be protected by the same standard as material on your laptop: a warrant must be obtained. Currently, the rules are murky and confusing; the government can go after server e-mail older than 180 days, for instance, with only a subpoena (no judge needed), while more recent e-mail needs a warrant.
- Warrants must be sought to access location information. Currently, says the CDT, GPS data is protected by warrant, but other data (such as that from cell phones) is not. Courts have been "all over the ballpark" on this issue.
- For "transactional" data (i.e., data that might include e-mail headers but not message content), the coalition says that a judge should be involved, though a warrant may not be needed.
- Subpoenas should only be used where government has a particular person whose data they seek; they shouldn't be used for bulk requests on many subscribers at once without a court order.
The group has plenty of heavy hitters on board and appears to be well-funded, with a slick website and snazzy animated video (embedded below).
The civil liberties groups want the rules clarified and tightened, of course, but so do the businesses; cloud computing providers like Google and ISPs like AT&T each want a predictable, unambiguous set of rules to govern these issues. The cloud providers also know that their own business is at stake here if people come to feel like they can't trust the protections offered to online content.
As for when the changes might get made, that's hard to say. These questions have been percolating for more than a decade without action, and Digital Due Process isn't expecting any legislative action this year.
reader comments
14