Calif. governor vetoes email privacy legislation for third time
It would have required police to obtain a warrant for email searches
Computerworld - For the third year in a row, California Gov. Jerry Brown has killed a bill that would have required state law enforcement authorities to obtain a warrant to search email and other electronic communications of suspects in criminal investigations.
In a veto memo (download PDF) Saturday, Brown said he was rejecting the bill because its provisions would slow down criminal investigations and impose notice requirements that go beyond what's required under federal law.
California Senate Bill 467 had earlier won broad bipartisan support in the state legislature, passing both legislative houses with overwhelming support.
The bill, introduced by Sen. Mark Leno, would have barred Internet Service Providers and email services from handing over to the police any email or stored communications belonging to customers without a court-issued search warrant.
The federal Stored Communications Act (SCA) of 1986, cited by Brown in his veto memo, currently requires authorities to obtain search warrants only if they want to search through unopened email or communications that are less than 180 days old. The federal law does not require a warrant in the case of electronic communications stored for more than 180 days.
The vetoed California bill, on the other hand, would have required a warrant on all searches. It would have also required state law enforcement to notify email account holders that a search of their communications had taken place.
Brown's veto runs counter to trends in other states and at the federal level.
Earlier this year, for instance, Texas Gov. Rick Perry signed into law a bill that mandates a court-issued warrant for all email searches.
The statute, which is the first of its kind in the country, requires a warrant for all law enforcement access to stored electronic data, regardless of how long the data has been stored, who is storing it or how it is being stored. All applications for search warrants need probable case and have to be supported by an oath by the officer making the request.
In most cases, companies served with such warrants are required to comply with them within 10 days. In some instances, a judge can require compliance in as little as four days if police are able to prove that a delay would jeopardize an investigation, put someone's life at risk or let someone to escape prosecution.
Similarly, earlier this year, Sen. Rand Paul (R-Ky.) introduced a bill dubbed the Fourth Amendment Preservation and Protection Act of 2013 that contains many of the same provisions as in the Texas bill and the one vetoed by Brown.
Similarly, a bill introduced by three lawmakers earlier this year sought to make changes to existing federal law so as to incorporate a warrant requirement for all email searches.
Brown's rejection of SB 467 in light of such trends is disappointing, said Hanni Fakhoury, staff attorney with the Electronic Frontier Foundation, a privacy advocacy group and a bill sponsor. "I think California is bucking the trend," Fakhoury said.
Though Texas is the only state to have actually passed a warrant requirement, others are moving in that direction, he said. "There are [also] proposals in Congress to require a warrant and courts are increasingly finding an expectation of privacy in emails and other forms of electronic communications," Fakhoury said.
Brown's argument that a warrant requirement would impede investigations is also misplaced, Fakhoury said. "The government can request a delay in [notification] for 90 days, and that delay can be renewed if it would impede an investigation," he said.
"Even the federal Department of Justice has testified before Congress that they support a warrant requirement, which to me is compelling evidence a warrant requirement wouldn't impede an investigation."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Benefits of Automated Log Management This paper discusses the challenges associated with effective log management and enables you to better define best practices and requirements for log management...
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts