If you have any e-mails that are older than 180 days (and we all do), they’re considered "legally abandoned." Any governmental agency can look at these e-mails simply by providing a statement saying that they are relevant to an investigation. The scariest part? There’s no judicial review or oversight required... none at all.
You might think this law was part of the Patriot Act or created after 9/11 to fight the war on Terror – it wasn't. It's called the The Electronic Communications Privacy Act of 1986 (ECPA) and it predated the World Wide Web by almost a decade.
As Technology Evolves, So Must The Law
In the early days of e-mail, messages were only stored on a server for a short amount of time: until they were delivered to you. Now, most of the major e-mail severs out there – Gmail, Hotmail (outlook.com), aol, Yahoo!, etc. – are all cloud-based, and our e-mails live on these servers permanently. Under the ECPA, any e-mails that are over 180 days old are considered abandoned and find themselves one governmental request away from being read. The ironic part is that Gmail originally wanted us to “never delete an e-mail again” by offering us more space than most of us could ever use. Those e-mails we never deleted are now fair game for the government to read.
If 180-day-old e-mails were stored locally on your computer, and not on a server, a government agency would need a search warrant to obtain the files, regardless of how long ago the messages were sent. As it is now, they just need a request.
The ECPA also increased the number of crimes that justify the use of surveillance and the number of judicial members that can authorize that surveillance. This (essentially) gives bosses the rights to legally read their employees’ e-mails if he or she feels the employee’s actions are not in the company’s best interests. Scary, and creepy.
Two years ago, The New York Times published a piece analyzing how that privacy law has been outrun by the web.
History and The Law of Unintended Consequences
So what is the ECPA? The act was initially introduced in the House by Robert Kastenmeier (D – Wisconsin) in June of 1986 and was passed by the house later that month. The Senate passed the bill in October of that year, and President Ronald Reagan signed it into law on October 21, 1986. It was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Statute) and was designed to prevent unauthorized government access to your private electronic communications.
The act has been discussed at great length since it became law, and several court cases have tried to determine whether or not e-mails are protected while they were en route to their final destination.
In United States v. Councilman, Bradford C. Councilman was indicted for conspiracy to violate the Wiretap Act. Councilman was the Vice President of Interloc, Inc., which ran an online rare book listing service. Councilman directed his employees to intercept incoming communications from Amazon to gain a competitive advantage for the business. Councilman moved to dismiss the indictment by arguing that the e-mails were in “electronic storage,” which meant he wasn’t technically intercepting electronic communications. The district court granted his motion. The First Circuit Court of Appeals affirmed the motion, but then reviewed the decision and reversed it. Ultimately, Councilman was acquitted of all charges.
We Have An Advocate
Obviously, the ECPA is outdated and doesn’t reflect how we share, store and use information today. Senator Patrick Leahy (D – Vermont) agrees. He believes that under the ECPA, it is far too easy for a governmental agency to demand ISPs hand over your data that’s been stored on their servers.
Leahy has been the President pro tempore of the United States Senate since December of last year, which means he’s third in the presidential line of succession (behind Vice President Biden and Speak of the House Boehner). Leahy has held the office since 1975, making him the most senior senator. He also took office at a younger age (35) than any other current senator.
On Leahy’s official site, he urges visitors to take action and “Stand Up for Privacy in the Digital Age,” asking you to sign as a citizen co-sponsor of his “legislation to reform ECPA and protect your email privacy!”
What has the Senator done? In March, the House Judiciary Committee he held a hearing to gather testimonies from Google, legal experts and law enforcement on ways to fix the ECPA. That same day, March 19, Leahy and Senator Mike Lee (R – Utah) introduced the Electronic Communications Privacy Act Amendments Act of 2013, which would require law enforcement to obtain a warrant before accessing private e-mails or other online communications.
Here is what Leahy had to say about the newly proposed act:
“No one could have imagined just how the Internet and mobile technologies would transform how we communicate and exchange information today. Privacy laws written in an analog era are no longer suited for privacy threats we face in a digital world. Three decades later, we must update this law to reflect new privacy concerns and new technological realities, so that our Federal privacy laws keep pace with American innovation and the changing mission of our law enforcement agencies.”
Leahy tried to pass the same act last year, but it didn't get to the floor for a vote. Rep. Zoe Lofgren (D – California), also tried to amend ECPA, introducing the Online Communications and Geolocation Protection Act two weeks before Leahy and Lee introduced theirs in March. More recently, the Washington Post reported that Attorney General Eric Holder declared his support for requiring the government to get a warrant before it can read your e-mails. His support has prompted the Internet to buzz that this might actually the end of this antiquated law. We’ll see.