Senate Holds Hearings on Updated ECPA Data Privacy, Storage Rules

NEWS ANALYSIS: Proposed changes to existing law would clarify access to data stored in foreign countries and make it conform to recent court decisions on access to electronic communications.

Data Privacy Legislation 2

The Senate Judiciary Committee held hearings Sept. 16 on proposed updates to the Stored Communications Act, a relic of the mid-1980s, which is a part of the Electronic Communications Privacy Act (ECPA).

Committee members asked various stakeholders what they thought should be done to update that part of the ECPA. As is the case with most Senate hearings, the stakeholders reiterated positions they've previously announced, but this time those positions became part of the record.

The current proposals for the Stored Communications Act (or SCA as it's fondly called on the Hill) would be amended by a number of provisions, including a critical one that addresses a legal issue that has been the focus of recent court battles over federal demands for access to data stored in database servers maintained overseas.

This is the Law Enforcement Access to Data Stored Abroad (LEADS) Act. The LEADS Act would clarify the handling of electronic data stored outside the United States, which is at the core of the ongoing legal drama between Microsoft and the U.S. Justice Department.

In that case, Justice has been trying to compel Microsoft to turn over records of a European citizen that are stored in Ireland and Microsoft has declined, saying that a U.S. warrant can't be enforced outside U.S. territory.

There are other provisions being considered as well, including elimination of the 180 day difference between email that can be accessed without a warrant and email that can't.

Those provisions would also eliminate a distinction between emails that's been opened and those which have not. One notable position that seems to emerge from time to time came from Richard Littlehale of the Tennessee Bureau of Investigation, speaking for the Association of State Criminal Investigative Agencies (ASCIA).

In his testimony, Littlehale bemoaned the fact that a number of providers insisted on sticking with the letter of the law and requiring actual warrants before they'd turn over their customers email and voicemail files. Even worse, he complained that workers in the process of collecting data at his request sometimes made mistakes, and once a worker at a cell phone company accidentally deleted a voicemail message.

To prevent such a thing from ever happening again, ASCIA is apparently asking Congress to pass legislation that would outlaw mistakes and also would require that all providers store all such messages, whether email or voicemail, forever so that customers could not erase their own messages. He also espoused a plan that would mandate immediate turnover of all requested information, regardless of whether there was a warrant.

While the ASCIA position may sound extreme and while it clearly subverts the Fourth Amendment to the U.S. Constitution, this position is gaining some traction in Congress.

The same is true for the ASCIA's claims about the inadequacy of laws requiring notification of warrants and the lack of laws requiring the retention of all records, including such things as records of IP addresses that have communicated with a server.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...