Plans to end warrantless email searches pass Senate committee

Summary:The privacy law governing how U.S. law enforcement can access email data after a certain time has been passed unanimously across both sides of the Senate.

The Senate Judiciary Committee on Thursday passed a bipartisan measure that would force U.S. law enforcement and government agencies to get a warrant before reading citizen emails.

The vote, which was passed unanimously by members on both sides of the Senate, will be seen as a huge boost for privacy. The provisions would amend the Electronic Communications Privacy Act (ECPA), first signed in 1986 during a time where email was still reserved for the technological bourgeois.

ECPA currently allows the U.S. government to access email older than six months old or if they had been marked as "read" or opened, with a subpoena signed by a federal prosecutor. Only email less than six months old requires a warrant signed by a judge. 

But the amendment, jointly written by Sen. Patrick Leahy (D-VT) and Sen. Mike Lee (R-UT), will require the government to inform a U.S. resident when their email has been disclosed via a search warrant.

Read this

Yes, the FBI and CIA can read your email. Here's how

"Petraeus-gate," some U.S. pundits are calling it. How significant is it that even the head of the CIA can have his emails read by an albeit friendly domestic intelligence agency, which can lead to his resignation and global, and very public humiliation? Here's how.

There are two exceptions: one would be if a National Security Letter "gagging order" has been issued, which may not exist by the time this bill is voted upon, after a U.S. district court found such orders in breach of the First Amendment. The other would be to prevent tipping off a suspect of an investigation by delaying such a notice.

The changes to ECPA would still allow some data to be released under subpoena, such as the date and time of when a communication was made, and the name, address and IP address to access some corporate communication data.

The amendment will also prohibit companies that hold email communications — such as Microsoft, Google, and Apple, among others — from "voluntarily disclosing the contents of its customers' email or other electronic communications to the government." 

This comes at a time where the Cyber Intelligence Sharing and Protection Act (CISPA), a cybersecurity bill that allows U.S. private sector firms to hand over customer data to the U.S. government and receive legal immunity from doing so. This is in spite of Fourth Amendment rights, warns U.S. privacy groups

However, it's not clear how CISPA will affect the Leahy-Lee amendment to ECPA, because of the language used in the cybersecurity bill. CISPA includes a provision that says, "notwithstanding any other provision of law," potentially overriding and undermining decades of basic privacy provisions codified into U.S. law.

The Senate still needs to vote in favor of the bill, and it still has to be passed to the lower House chamber for voting. Nonetheless, it's a step in the right direction for privacy rights. But how other acts of law — if passed — could lead to a significant conflict over privacy (or lack of) jurisdiction.

Topics: Privacy, Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.