Lawmakers consider changes to wiretapping law to protect cloud services
E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee
IDG News Service - Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.
Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.
There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.
The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however.
In addition, beyond the confusion over warrants for e-mail stored for less than 180 days, the ECPA doesn't require a warrant for e-mail stored by a vendor for longer than 180 days, even though many e-mail users expect those documents to be private, Dempsey said.
Many telecom and Internet service providers don't understand the rules about what customer communications they are required to turn over, added Albert Gidari Jr., a partner with the Perkins Coie law firm in Seattle.
"These service providers are caught in the middle every day," he said. "The best way to determine whether ECPA is out of balance is to take a look at what service providers do every day -- that is, essentially, guess."
Several members of the House Judiciary Committee's Constitution, Civil Rights, and Civil Liberties Subcommittee said they were open to a revamp of the ECPA, although subcommittee chairman Jerrold Nadler, a New York Democrat, said Wednesday's hearing would be the first of several on the subject.
A wide range of new technologies available since the ECPA was passed create challenges the law doesn't address, Nadler said. "These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from ... criminals, to intervene in our private lives," he said.
In March, a group of tech vendors and civil liberties group, calling itself the Digital Due Process Coalition, launched a campaign for ECPA reform, saying Congress needs to make clearer wiretapping and surveillance rules for electronic communication.
Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect's PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.
The coalition's launch came after the U.S. Department of Justice, in a February court hearing, asserted that it does not need a court-issued warrant to obtain cell site tracking information from mobile-phone carriers.
Representative Hank Johnson, a Georgia Democrat, called on Congress to rewrite the ECPA. "I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers," he said.
While several lawmakers appeared sympathetic to the arguments from Dempsey and Gidari, others seemed to struggle with the technologies discussed in the hearing. Representative Mel Watt, a North Carolina Democrat, said he hadn't heard of the term "cloud computing" until Wednesday.
Watt also questioned if there were "horror stories" of law enforcement abuses because of confusion over the ECPA.
A handful of recent court cases deal with problems in the ECPA, Dempsey said. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days, he added.
"Every one of us probably has five, six, maybe 10 years of e-mail stored," he said.
Back in 1986, service providers didn't store e-mail, because of the cost of storage, Dempsey said. "You read it, you downloaded it, it was deleted from the computer," he said. "Congress thought 180 days would be the absolute, conceivable outside limit, and after that, it was sort of like abandoned property."
- Chicago's CIO doesn't believe in 'good enough'
- Microsoft Office 2013 fires shot at Google's enterprise push
- Google gives Google Docs offline capabilities
- Office 365 off-limits to existing BPOS customers
- Update: Microsoft Office 365 goes live
- Wyoming cuts cable, moves to cloud with Google Apps
- Microsoft takes cloud fight to Google
- Microsoft Office 365: Guide to a slew of versions, prices
- Update: Microsoft makes big cloud move with Office 365
- Google rolls out Apps for Government
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Enable secure remote access to 3D data without sacrificing visual perfomance
- Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- The Truth About Virtual Computing for CAD
- If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Virtually Delivered High Performance 3D Graphics
- "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Simplifying Product Design In A Complex World
- Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local... All Government IT White Papers
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- All Government IT Webcasts