On Monday, the US House of Representatives – normally a body that can't agree on anything – voted unanimously to pass the Email Privacy Act (HR 387).
The new legislation amends the 1986 Electronic Communications Privacy Act (ECPA), which states that Americans' emails that are unread or stored for more than 180 days can be requested and read by US law enforcement without a warrant. The new legislation insists the Feds go to a judge and get one before having a snoop around email inboxes. (Non-Americans are, of course, fair game to US intelligence.)
When the ECPA was enacted 31 years ago, emails were almost exclusively stored locally and not for very long, since hard drive sizes were in megabytes, not gigabytes, and commercial cloud service provision of email was a distant prospect for most. So legislators have been trying to update this antiquated legislation – against the wishes of law enforcement.
The trouble is, the House's amendments are meaningless until the US Senate and President Trump give the legislation the green light.
"As technology has far outpaced the Electronic Communications Privacy Act of 1986, the Email Privacy Act modernizes this decades-old law to establish a uniform warrant requirement to acquire stored electronic communications in criminal investigations," said House Judiciary Committee Chairman Bob Goodlatte (R-VA).
"These updates to the law will better safeguard Americans' constitutional rights while also protecting law enforcement's ability to fight crime. As the House again has overwhelmingly approved this bill, it's time for the Senate to take up this bipartisan legislation and send it to the President's desk to become law."
That's a long and uncertain road, as we saw last year when the House also voted unanimously on similar legislation. It then moved to the Senate and seemed likely to pass easily, until Senator John Cornyn (R-TX) attached a rider to the bill a few days before the vote. The rider allowed the FBI to get anyone's internet history and metadata without a warrant using a National Security Letter.
It was a classic spoiler tactic, and one that was called out by Senator Mike Lee (R-UT) as a blatant attempt to derail the legislation. The spoiler worked, and the bill was voted down by the Senate. Now all eyes are on this latest act to see if the same thing happens again.
"Senators need to be vigilant about fending off these kinds of amendments when the Email Privacy Act is considered in the Senate this time around," said the EFF.
"The House's unanimous vote on the Email Privacy Act last year and yesterday's voice vote demonstrate bipartisan agreement that the emails in your inbox should have the same privacy protections as the papers in your desk drawer. We urge the Senate to swiftly pass the HR 387 to protect online content with a probable cause warrant."
A spokesman for Senator Ron Wyden (D-OR), who has fought against the FBI's overreaching surveillance powers, told The Register: "Senator Wyden strongly supports the bill to require a warrant to search Americans’ emails, including those older than six months. This is commonsense legislation that shouldn’t be bogged down with poison pill riders, like the browser spying amendment that Republican leaders insisted on last year."
Tech companies such as Google have also thrown their weight behind the bill, although they have other tussles to fight as well. All eyes are now on Senator Cornyn to see if he's readying another poison pill to shoot down an amendment to a bill enacted five years before the World Wide Web even existed. ®