In Texas, cops will soon need a warrant to search your email
Now, it's up to Gov. Rick Perry to sign the bill passed this week by the Texas legislature
Computerworld - Texas is poised to become the first state in the U.S. to require law enforcement officers to get a search warrant based on probable cause before they access any electronic communications and customer data stored by a third-party service provider.
The Texas legislature this week passed a bill (H.B. 2268) mandating the warrant. The measure now only needs a signature by Gov. Rick Perry to become law.
The bill would be the first to address what many, including courts, say are glaring shortcomings in the Electronic Communications Privacy Act. The ECPA was drafted in 1986 and does not always require law enforcement authorities to obtain a search warrant to access email, instant messages and other customer data stored by Internet service providers and online storage services.
In many instances, the ECPA only requires them to give prior notice and obtain an administrative subpoena to access customer data. The only situation where existing federal law mandates a search warrant is for unopened email messages that are less than 180 days old.
Concerns over warrantless email searches by police have prompted sweeping calls for ECPA reforms, both at the state and federal level.
Just last week, for instance, Sen. Rand Paul (R-KY) introduced the Fourth Amendment Preservation and Protection Act of 2013, which stipulates a search warrant requirement similar to the Texas bill. In March, three lawmakers introduced an ECPA reform bill that would require law enforcement agencies to obtain a warrant to intercept or access stored electronic communications and geolocation data.
Similar bills have been proposed by others in recent years, but the Texas statute looks to be the first effort to actually become law.
The measure requires a warrant for all law enforcement access to stored electronic data, regardless of how long it has been stored, who is storing it or how it is being stored. All applications for search warrants would need probable case and have to be supported by an oath by the officer making the request.
In most cases, companies served with such warrants would be required to comply with them within 10 days. In some instances, a judge could require compliance in as little as four days if police are able to prove than a delay would jeopardize an investigation, put someone's life at risk or let someone to escape prosecution.
The bill is important for two reasons, said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation (EFF). First, it creates stronger privacy protections by updating the state's electronic privacy laws.
"Second, although this bill only covers Texas, it will hopefully spur other states to do the same and for Congress to update ECPA, too," Fakhoury said.
California, for instance, is currently considering a similar bill (SB 467) sponsored by the EFF. It has been passed by the California Senate and is now awaiting action in the Assembly, he said.
Separately, ECPA reform has been steadily moving through Congress, with entities as varied as Google and the U.S. Department of Justice now backing a warrant requirement, he noted. "Having individual states demonstrate to Congress that email privacy legislation is both politically and practically feasible, necessary and desired is only going to make the law better for everyone, no matter what state they're in."
The Texas law would only apply to state investigations -- not federal investigations, which will still be governed by ECPA requirements.
This article, In Texas, cops will soon need a warrant to search your email, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!