On February 6th, the House of Representatives unanimously passed a second attempt at new bill that seeks to update existing online privacy laws and obligate law enforcement to obtain a court warrant before searching US citizens’ files that have been stored with third party service providers for more than six months.
The bipartisan bill, Email Privacy Act (H.R. 387), was put forward by Colorado Representative Jared Polis and Kansas Representative Kevin Yoder, and seeks to correct an ambiguity in the initial privacy law adopted in 1986.
Currently, a search warrant is only required to access messages sent and received within 180 days.
Messages older than that only need an administrative subpoena, which, compared to a warrant, has less judicial oversight and can be easily abused by authorities to invade user privacy.
The Email Privacy Act will update this standard and make a warrant necessary even in accessing messages created more than six months ago.
Administrative subpoenas can still be issued to obtain general information about users and their accounts, but stored files and actual content stored in those emails can only be acquired with a warrant.
The move by the House is seen as a win for the tech industry and privacy advocates who have campaigned for amending the Email Privacy Act, which had already been unanimously passed in a 2015/16 session, only for its enforcement to later be derailed by those who proposed weakening amendments.
According to the blocking parties, there should be emergency loopholes on the Privacy Act that should overlook the provision to let all stakeholders in on a search – revisions that would effectively kill the law on privacy.
One aspect of the act that stakeholders wanted to see in this update, but which was instead ignored by the House, was that the authorities must at the very least notify the files’ owners that they are being searched before undertaking the perusal.
The critics – who are expected to get vocal again soon – argued using the example of regular FBI raids in homes and offices, which are conducted with the court’s permission and with everyone affected knowing what’s going on.
They hold that law enforcement should not be able to conduct an underhanded search simply because the person being staked out can’t see their emails being searched, and wouldn’t do anything about it anyway.
In its current state, the Privacy Act allows the email provider to notify users that their files are being searched with a search warrant or subpoena, but comes with court-provided exceptions in case of certain situations.
If a court suspects flight risk for the suspect, a watertight possibility of physical harm to a third party individual, the potential for tampering, or seriously jeopardizing the course of an investigation or in any way delaying a trial, the email provider will be blocked from alerting the files’ owners of the search for at most six months.
The gag order can then be reintroduced for periods not exceeding another six months, depending on the investigation’s progress.
These gag orders have not gone down well with some tech giants, most notably Microsoft, which is suing the government for jeopardizing the privacy of its users by blocking some search warrants and subpoenas from being disclosed to the owners of the files.
It would be safe to say that some tech companies and privacy advocates are pretty content with this move by the House despite its blemishes.
They reckon the reform passed recently was a long-overdue modification needed to correct an online privacy flaw written and adopted before commercial internet became overly relevant.
Richard Salgado of Google backed in a statement the measure, commenting that it will “fix a constitutional flaw” in the Email Privacy Act.
He noted that there are questions over other facets of the reform, but that there was dire need of Fourth Amendment protection for emails and electronically stored files.
The controversy surrounding the Privacy Act intensified in 2016 when law enforcement sought judicial permission to oblige Apple to unlock an iPhone thought to belong to one of the attackers in the San Bernardino shooting.
Its continuity now lies in uncertainty, though, as the Trump administration may live to its campaign pledge of expanding surveillance to allow maintenance of a national database on members of certain communities.