Lawmakers consider changes to wiretapping law to protect cloud services
E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee
IDG News Service - Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.
Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.
There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.
The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however.
In addition, beyond the confusion over warrants for e-mail stored for less than 180 days, the ECPA doesn't require a warrant for e-mail stored by a vendor for longer than 180 days, even though many e-mail users expect those documents to be private, Dempsey said.
Many telecom and Internet service providers don't understand the rules about what customer communications they are required to turn over, added Albert Gidari Jr., a partner with the Perkins Coie law firm in Seattle.
"These service providers are caught in the middle every day," he said. "The best way to determine whether ECPA is out of balance is to take a look at what service providers do every day -- that is, essentially, guess."
Several members of the House Judiciary Committee's Constitution, Civil Rights, and Civil Liberties Subcommittee said they were open to a revamp of the ECPA, although subcommittee chairman Jerrold Nadler, a New York Democrat, said Wednesday's hearing would be the first of several on the subject.
A wide range of new technologies available since the ECPA was passed create challenges the law doesn't address, Nadler said. "These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from ... criminals, to intervene in our private lives," he said.
In March, a group of tech vendors and civil liberties group, calling itself the Digital Due Process Coalition, launched a campaign for ECPA reform, saying Congress needs to make clearer wiretapping and surveillance rules for electronic communication.
Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect's PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.
The coalition's launch came after the U.S. Department of Justice, in a February court hearing, asserted that it does not need a court-issued warrant to obtain cell site tracking information from mobile-phone carriers.
Representative Hank Johnson, a Georgia Democrat, called on Congress to rewrite the ECPA. "I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers," he said.
While several lawmakers appeared sympathetic to the arguments from Dempsey and Gidari, others seemed to struggle with the technologies discussed in the hearing. Representative Mel Watt, a North Carolina Democrat, said he hadn't heard of the term "cloud computing" until Wednesday.
Watt also questioned if there were "horror stories" of law enforcement abuses because of confusion over the ECPA.
A handful of recent court cases deal with problems in the ECPA, Dempsey said. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days, he added.
"Every one of us probably has five, six, maybe 10 years of e-mail stored," he said.
Back in 1986, service providers didn't store e-mail, because of the cost of storage, Dempsey said. "You read it, you downloaded it, it was deleted from the computer," he said. "Congress thought 180 days would be the absolute, conceivable outside limit, and after that, it was sort of like abandoned property."
- Chicago's CIO doesn't believe in 'good enough'
- Microsoft Office 2013 fires shot at Google's enterprise push
- Google gives Google Docs offline capabilities
- Office 365 off-limits to existing BPOS customers
- Update: Microsoft Office 365 goes live
- Wyoming cuts cable, moves to cloud with Google Apps
- Microsoft takes cloud fight to Google
- Microsoft Office 365: Guide to a slew of versions, prices
- Update: Microsoft makes big cloud move with Office 365
- Google rolls out Apps for Government
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Why Projects Fail
- CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings
- This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools
- The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution
- In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence... All Government IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Government IT Webcasts