For those of us born in the 1990s, it is hard to imagine that people once lived without email and the internet. Rather than instantaneously sending a message to a colleague, people were stuck using the dreaded snail-mail services like USPS that take 3-5 days to deliver.
Now, not only do we expect instant communications, but we also assume that, like with snail mail, our emails are still private correspondence protected by the Fourth Amendment. However, a petition filed last week by the Department of Justice (DoJ) to re-open a 2014 case could change all that.
The case involves Microsoft’s supposed liability to turn over their data stored in Ireland to the U.S. government. This case has raised concerns regarding just how private our emails may or may not be.
The government claims that the 1986 Reagan-era Electronic Communications Privacy Act (ECPA), or more specifically the Title II Stored Communications Act — a Fourth Amendment loophole — obligates Microsoft to cough up the data.
ECPA circumvents the Constitution and Bill of Rights by allowing the government to seize all electronic communications that are more than 180 days old. But ECPA was enacted before personal communications were even in use, let alone the Cloud, so it does not accurately reflect the state of current technology.
In the Microsoft case, the stored data in question is located in Dublin, Ireland. Even though the data center is located in Ireland, the DoJ felt Microsoft should be forced to comply with the order because it is a U.S. company. Microsoft was held in contempt of court for refusing to hand over the data. Ultimately, the case was appealed and the Second Circuit Court of Appeals in New York issued a 63-page decision in July reversing the decision.
Judge Gerard Lynch stated this decision should be “celebrated as a milestone in protecting privacy” and, according to the ruling, “the warrant, in this case, may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s email account stored exclusively in Ireland. Because Microsoft has otherwise complied with the warrant, it has no remaining lawful obligation to produce materials to the government.”
The concurring opinion also emphasized the need for Congress to take action “to revise [the] badly outdated statute” in order to review the ECPA and ensure it is representative of today’s technology needs.
In short, the Second Circuit Court of Appeals got it right, but the DoJ has refused to accept their decision.
Thankfully, stalwart defenders of privacy rights, Sens. Orrin Hatch (R-UT), Chris Coons (D-De) and Dean Heller (R-NV) have introduced new legislation that seeks to close the loopholes currently threatening our privacy while still allowing law enforcement to do their job. With bipartisan and bicameral support, the International Communications Privacy Act (ICPA) has been introduced to establish a legal standard for accessing extraterritorial communications. The senators have rightly concluded that the decision of how and when U.S. law enforcement should have access to data stored overseas belongs with Congress, not the courts.
In a letter to Attorney General Loretta Lynch, the sponsors of ICPA stated that “the government’s current position presents unique challenges for a number of industries that increasingly face a conflict between U.S. law and the laws of other countries…That are forced to…either comply with the demand and satisfy U.S. law and risk violating the privacy laws of the host country, or challenge U.S. law enforcement’s request in order to comply with the laws of the host jurisdiction.” No company or individual should be forced into this untenable situation.
The ICPA bill should be passed immediately to determine the U.S. law enforcement’s ability to obtain electronic communications around the world. The United States does not have an automatic right to access data in other countries, just as other countries don’t have a right to seize property within our borders. ICPA will set a precedent that will guide not only the United States, but also foreign countries’ policies related to data collection and future technological development. The time to act is now.