Lawmakers consider changes to wiretapping law to protect cloud services
E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee
IDG News Service - Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.
Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.
There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.
The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however.
In addition, beyond the confusion over warrants for e-mail stored for less than 180 days, the ECPA doesn't require a warrant for e-mail stored by a vendor for longer than 180 days, even though many e-mail users expect those documents to be private, Dempsey said.
Many telecom and Internet service providers don't understand the rules about what customer communications they are required to turn over, added Albert Gidari Jr., a partner with the Perkins Coie law firm in Seattle.
"These service providers are caught in the middle every day," he said. "The best way to determine whether ECPA is out of balance is to take a look at what service providers do every day -- that is, essentially, guess."
Several members of the House Judiciary Committee's Constitution, Civil Rights, and Civil Liberties Subcommittee said they were open to a revamp of the ECPA, although subcommittee chairman Jerrold Nadler, a New York Democrat, said Wednesday's hearing would be the first of several on the subject.
A wide range of new technologies available since the ECPA was passed create challenges the law doesn't address, Nadler said. "These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from ... criminals, to intervene in our private lives," he said.
In March, a group of tech vendors and civil liberties group, calling itself the Digital Due Process Coalition, launched a campaign for ECPA reform, saying Congress needs to make clearer wiretapping and surveillance rules for electronic communication.
Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect's PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.
The coalition's launch came after the U.S. Department of Justice, in a February court hearing, asserted that it does not need a court-issued warrant to obtain cell site tracking information from mobile-phone carriers.
Representative Hank Johnson, a Georgia Democrat, called on Congress to rewrite the ECPA. "I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers," he said.
While several lawmakers appeared sympathetic to the arguments from Dempsey and Gidari, others seemed to struggle with the technologies discussed in the hearing. Representative Mel Watt, a North Carolina Democrat, said he hadn't heard of the term "cloud computing" until Wednesday.
Watt also questioned if there were "horror stories" of law enforcement abuses because of confusion over the ECPA.
A handful of recent court cases deal with problems in the ECPA, Dempsey said. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days, he added.
"Every one of us probably has five, six, maybe 10 years of e-mail stored," he said.
Back in 1986, service providers didn't store e-mail, because of the cost of storage, Dempsey said. "You read it, you downloaded it, it was deleted from the computer," he said. "Congress thought 180 days would be the absolute, conceivable outside limit, and after that, it was sort of like abandoned property."
- Chicago's CIO doesn't believe in 'good enough'
- Microsoft Office 2013 fires shot at Google's enterprise push
- Google gives Google Docs offline capabilities
- Office 365 off-limits to existing BPOS customers
- Update: Microsoft Office 365 goes live
- Wyoming cuts cable, moves to cloud with Google Apps
- Microsoft takes cloud fight to Google
- Microsoft Office 365: Guide to a slew of versions, prices
- Update: Microsoft makes big cloud move with Office 365
- Google rolls out Apps for Government
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- The Six Main Steps To Structured Analogy
- The role of structured analogy software is to automate the data extraction and processing work, provide visualization of the historical context forjudgments and... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.