Lawmakers consider changes to wiretapping law to protect cloud services
E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee
IDG News Service - Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.
Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.
There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.
The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however.
In addition, beyond the confusion over warrants for e-mail stored for less than 180 days, the ECPA doesn't require a warrant for e-mail stored by a vendor for longer than 180 days, even though many e-mail users expect those documents to be private, Dempsey said.
Many telecom and Internet service providers don't understand the rules about what customer communications they are required to turn over, added Albert Gidari Jr., a partner with the Perkins Coie law firm in Seattle.
"These service providers are caught in the middle every day," he said. "The best way to determine whether ECPA is out of balance is to take a look at what service providers do every day -- that is, essentially, guess."
Several members of the House Judiciary Committee's Constitution, Civil Rights, and Civil Liberties Subcommittee said they were open to a revamp of the ECPA, although subcommittee chairman Jerrold Nadler, a New York Democrat, said Wednesday's hearing would be the first of several on the subject.
A wide range of new technologies available since the ECPA was passed create challenges the law doesn't address, Nadler said. "These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from ... criminals, to intervene in our private lives," he said.
In March, a group of tech vendors and civil liberties group, calling itself the Digital Due Process Coalition, launched a campaign for ECPA reform, saying Congress needs to make clearer wiretapping and surveillance rules for electronic communication.
Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect's PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.
The coalition's launch came after the U.S. Department of Justice, in a February court hearing, asserted that it does not need a court-issued warrant to obtain cell site tracking information from mobile-phone carriers.
Representative Hank Johnson, a Georgia Democrat, called on Congress to rewrite the ECPA. "I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers," he said.
While several lawmakers appeared sympathetic to the arguments from Dempsey and Gidari, others seemed to struggle with the technologies discussed in the hearing. Representative Mel Watt, a North Carolina Democrat, said he hadn't heard of the term "cloud computing" until Wednesday.
Watt also questioned if there were "horror stories" of law enforcement abuses because of confusion over the ECPA.
A handful of recent court cases deal with problems in the ECPA, Dempsey said. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days, he added.
"Every one of us probably has five, six, maybe 10 years of e-mail stored," he said.
Back in 1986, service providers didn't store e-mail, because of the cost of storage, Dempsey said. "You read it, you downloaded it, it was deleted from the computer," he said. "Congress thought 180 days would be the absolute, conceivable outside limit, and after that, it was sort of like abandoned property."
- Chicago's CIO doesn't believe in 'good enough'
- Microsoft Office 2013 fires shot at Google's enterprise push
- Google gives Google Docs offline capabilities
- Office 365 off-limits to existing BPOS customers
- Update: Microsoft Office 365 goes live
- Wyoming cuts cable, moves to cloud with Google Apps
- Microsoft takes cloud fight to Google
- Microsoft Office 365: Guide to a slew of versions, prices
- Update: Microsoft makes big cloud move with Office 365
- Google rolls out Apps for Government
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- SANS: Next-Generation Datacenters = Next-Generation Security
- This whitepaper takes a look at some new technology that may allow security teams to implement more flexible and capable protection models in...
- SANS: Protecting Virtual Endpoints with McAfee Server Security Suite Essentials
- SANS review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
- Safeguarding the Next-Generation Data Center
- Use of virtual and cloud servers has exploded. Unfortunately, security often lags behind. McAfee recommends looking at innovative solutions in order to erect...
- Aberdeen: Securing the Evolving Datacenter
- This report highlights ways security technologies and services are evolving to provide the visibility and control needed to deploy workloads flexibly in the... All Government IT White Papers
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- All Government IT Webcasts