The Senate Judiciary Committee on Thursday passed a bipartisan measure that would force U.S. law enforcement and government agencies to get a warrant before reading citizen emails.
The vote, which was passed unanimously by members on both sides of the Senate, will be seen as a huge boost for privacy. The provisions would amend the Electronic Communications Privacy Act (ECPA), first signed in 1986 during a time where email was still reserved for the technological bourgeois.
ECPA currently allows the U.S. government to access email older than six months old or if they had been marked as "read" or opened, with a subpoena signed by a federal prosecutor. Only email less than six months old requires a warrant signed by a judge.
But the amendment, jointly written by Sen. Patrick Leahy (D-VT) and Sen. Mike Lee (R-UT), will require the government to inform a U.S. resident when their email has been disclosed via a search warrant.
There are two exceptions: one would be if a National Security Letter "gagging order" has been issued, which may not exist by the time this bill is voted upon, after a U.S. district court found such orders in breach of the First Amendment. The other would be to prevent tipping off a suspect of an investigation by delaying such a notice.
The changes to ECPA would still allow some data to be released under subpoena, such as the date and time of when a communication was made, and the name, address and IP address to access some corporate communication data.
The amendment will also prohibit companies that hold email communications — such as Microsoft, Google, and Apple, among others — from "voluntarily disclosing the contents of its customers' email or other electronic communications to the government."
This comes at a time(CISPA), a cybersecurity bill that allows U.S. private sector firms to hand over customer data to the U.S. government and receive legal immunity from doing so. This is in spite of Fourth Amendment rights, .
However, it's not clear how CISPA will affect the Leahy-Lee amendment to ECPA, because of the language used in the cybersecurity bill. CISPA includes a provision that says, "notwithstanding any other provision of law," potentially overriding and undermining decades of basic privacy provisions codified into U.S. law.
The Senate still needs to vote in favor of the bill, and it still has to be passed to the lower House chamber for voting. Nonetheless, it's a step in the right direction for privacy rights. But how other acts of law — if passed — could lead to a significant conflict over privacy (or lack of) jurisdiction.