PJ Media

Can Congress Pass Digital Privacy Reform Legislation?

WASHINGTON – Lawmakers are seeking to reform a decades-old law governing electronic communications in the wake of a Supreme Court ruling that gave a boost to digital privacy protections.

The high court ruled unanimously in June that law enforcement officials need warrants to search the cell phones of people they arrest.

The ruling was the result of two cases involving cell phone searches in which police used information discovered on arrestees’ phones to connect the plaintiffs to crimes.

After stopping David Leon Riley for a traffic violation, San Diego police used pictures on his smartphone and guns found in his trunk to connect him to an earlier shooting and the Bloods street gang. The other plaintiff, Brima Wurie, was arrested in Boston after police observed him participating in what they thought was a drug sale. Information on his cell phone was used to locate a drug stash along with a gun and ammunition at Wurie’s home.

The Fourth Amendment protects Americans from unreasonable searches, which typically extends to items considered personal property.

Decades of jurisprudence, however, have permitted law-enforcement officials to search a suspect and the area within his reach “from incident to arrest.” Warrantless searches have been justified by the need to protect officers from hidden weapons and to prevent suspects from destroying evidence.

The court found that neither rationale applied to the digital data accessible through a cell phone or other mobile devices.

The court made a distinction between cell phones and other items that someone may carry around with them, saying they are protected under the Fourth Amendment because today’s mobile devices are “in fact mini-computers that have the capacity to be used as telephones.”

“Modern cell phones are not just another technological convenience,” Roberts wrote in the court’s opinion. “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple – get a warrant.”

Roberts also noted that an individual’s email and electronic files contain “the sum of an individual’s private life,” including “a record of all his communications,” and other sensitive materials like “a prescription, a bank statement” stored on remote servers. This problem is compounded by the fact that cell phone users may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference, he said.

The decision still allows warrantless cell phone searches for some specific cases, including an imminent threat of evidence destruction, when there is a need to pursue a fleeing subject or aid people facing danger.

In addition, the Supreme Court’s ruling has left in place the provisions under the Electronic Communications Privacy Act of 1986 (ECPA). ECPA allows law enforcement agencies to look at emails and other private information transmitted and stored on the Internet without a warrant as long as they are older than 180 days.

The disclosures of former NSA contractor Edward Snowden exposed to the public the extensive private information provided to the government by telecommunications providers and technology companies.

Details released by seven wireless carriers revealed they had answered more than a million requests for customer records last year, including text messages, browsing history, and location data, from local, state, and federal law enforcement agencies. In February, several tech companies disclosed that they have turned over data deemed of interest to national security to the U.S. government.

Speaking at the Cato Institute, Rep. Ted Poe (R-Texas) called any access of personal information without a warrant a “violation of the Fourth Amendment” and said Congress must draw the line on what the legal expectation of privacy should be for electronic communications.

“If you don’t have probable cause to get a warrant then you can’t seize the information. That’s what the standard should be. It has been that way since we enacted the Fourth Amendment of the U.S. Constitution, and it should be that way indefinitely,” Poe said.

Poe, a former felony prosecutor, has introduced a proposal with Rep. Zoe Lofgren (D-Calif.) that would update ECPA. The legislation would bar government agencies from searching the content of Americans’ communications without first obtaining a warrant – just as they must before intercepting a physical piece of correspondence. It would also require a warrant if the government wants to access geolocation data.

“Law enforcement always seems to push the envelope as to whether they can do what they’re doing to get information, especially on what they think is criminal conduct based on my experience at the courthouse,” he said. “Based on what we’ve seen, they will always interpret the law to the extent that allows them to seize the information. That’s why when we draft this legislation, it has to be very specific so they know you can do this and you cannot do that.”

Poe said any privacy legislation should ensure that the Fourth Amendment applies to new advances in technology, without the need for the Supreme Court to rule.

“I don’t know what the judges in the Supreme Court would rule. They may say you don’t have a reasonable expectation of privacy. There’s people in law enforcement who say you don’t have a reasonable expectation of privacy. So Congress must come in and say yes, there is a legal expectation of privacy,” he said.

Sens. Mike Lee (R-Utah) and Patrick Leahy’s (D-Vt.) proposed ECPA update cleared the Senate Judiciary Committee last year, but stalled after it encountered opposition from civil agencies.

Reps. Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) have introduced legislation that would also prevent the government from accessing private email accounts without a warrant.

The Email Privacy Act gained its 218th sponsor on June 18, raising the hope that the bill could move this year. The bill needs two-thirds of the House, or 290 co-sponsors, to allow Congress to vote on the bill under a suspension of the rules.

The tech industry and privacy advocates praised the milestone as a sign that Congress will finally move on the issue.

Others, however, are not as optimistic about the legislative efforts to protect the privacy of Americans online.

Katie McAuliffe, the executive director of Digital Liberty, said the legislation is stalling because government agencies want to carve out “loopholes” that would allow them to continue business as usual.

Some regulatory agencies are seeking an exception that would partially gut the bills. These agencies complain that since they have no warrant authority, the legislation would limit their ability to conduct investigations.

Currently, government agencies can obtain email older than 180 days with a mere subpoena, which they can obtain without the need to convince a judge of probable cause.

“That’s why it’s not going anywhere in the House. That’s why it’s not going anywhere in the Senate. It’s not going anywhere because the government wants to read your email without you knowing it,” McAuliffe said.