Friday, November 30, 2012

Senate Updates Digital Privacy Law

It looks like the Petraeus affair has prompted a Senate panel to finally propose an update the 1986 Electronic Communications Privacy Act ("ECPA").  The ECPA, as the name implies, was written before the advent of the internet, e-mail, social media, and the like.  Thus, it is no surprise that the ECPA, as written, did not handle the explosion of the use of the internet, e-mail, and social media well.  A very broad overview of the ECPA and its sister statute:

The first part of the ECPA is essentially a prohibition against wiretapping.  In other words, it prohibits the interception of electronic communications without consent of one of  the parties transmitting the communication. The second part of the ECPA is the Stored Communications Act ("SCA").    The SCA prohibits a person from improperly accessing a "facility through which an electronic communication service is provided."  In other words, accessing e-mails stored on an ISP's server which store the communications.  There is also the Computer Fraud and Abuse Act ("CFAA"), enacted in 1984. 

The CFAA, enacted in 1984, addresses computer crimes such as hacking.  That is, it provides a list of computer-related crimes, including intentionally accessing a computer without authorization (or exceeding authorized access) and thereby obtaining confidential information or anything of value, perpetrating a fraud, or causing damage.  

Thus, each of these statutes prohibit different areas of electronic communication: the interception during transmission (ECPA), the unauthorized access to the facility storing the communication (SCA), and the unauthorized access of a computer storing the communication (CFAA). 

Back to the Senate proposal.  The Senate panel proposed requiring the government to obtain a search warrant before secretly gaining access to e-mail and other electronic communications of a person.  As one may expect, the impetus for this change is to protect a person's privacy and personal information.  This is particularly important given the current upswing in identity theft, computer fraud, and theft of trade secret or proprietary information.  In my humble opinion, the time is ripe to update each of these statutes to both protect the privacy of individuals, yet still allow law enforcement a method for gaining access to evidence.