Is Congress about to pass the first significant privacy-protection legislation since 9/11?
Right now if you store any information in “the cloud” for longer than 180 days, the government does not need a warrant to search it, only a subpoena, which does not require judicial approval. This means all those emails in your inbox from last year, the Google Docs that you’ve been working on for a while, and everything you have saved in your Dropbox are essentially not covered by the Fourth Amendment to the Constitution.
How this is possible? It’s because when the law governing this, the Electronic Communications Privacy Act (ECPA), was written in 1986, five years before Tim Berners-Lee had even invented the Internet, and has not been updated since. It was written at a time when no one ever conceived that email or data would be stored online; after all you had to connect via a dial-up modem to get information displayed in one of 16 colors available on your computer monitor. If information was left online for an extended period, it had likely been forgotten or abandoned. But today, the ECPA allows that, in theory, law enforcement need not go through a judge in order to go through your inbox.
The disconnect between statute books and modern life has led to a bipartisan push to update the law. The ECPA Amendment Act, co-sponsored by Sens. Patrick Leahy (D-VT) and Mike Lee (R-UT), would extend the warrant requirement to communications stored online for more than 180 days. The bill is not perceived to be terribly controversial—after all, as one Senate aide points out, it is not intended to radically change the law, but simply to restore the balance that Congress originally intended when it passed ECPA in 1986.