Privacy & Information Security Law Blog

On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act (“ECPA”) of 1986. In particular, the legislation would require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers. Although ECPA currently requires law enforcement agencies to obtain a warrant to search the contents of electronic communications held by service providers that are less than 180 days old, communications that are more than 180 days old can be obtained with a subpoena.

The Email Privacy Act previously received unanimous approval in the House of Representatives in April 2016, but failed to gain traction in the Senate Judiciary Committee after Representative John Cornyn (R-TX) added a controversial amendment that would have expanded the FBI’s ability to use “national security letters” to obtain a suspect’s information from wire or electronic communications service providers. The proposed amendment gave the director of the FBI (or a designee), the ability to compel providers to disclose certain information about a suspect other than the contents of the suspect’s communications, including the individual’s name, physical address, contact information, payment card or bank account information, IP address, login history and length of service with the provider.

In May 2016, the U.S. Securities and Exchange Commission (“SEC”) expressed concern that the proposed Email Privacy Act would hinder its ability to obtain critical evidence of securities law violations. The SEC asserted that the bill would require all government agencies, including civil enforcement agencies like the SEC, to obtain criminal warrants when seeking electronic communications of service providers. According to the SEC, because it “does not have criminal law enforcement powers and therefore lacks the authority to apply for search warrants, the bill would inhibit the SEC in its mission of protecting investors and promoting confidence in the U.S. capital markets.” Currently, the SEC may seek electronic communications from service providers by issuing administrative subpoenas under its own statutory authority.

In a statement issued on January 10, 2017, Representative Polis noted that “[t]he Email Privacy Act will update, and bring our archaic laws into the 21st century, and protect Americans’ Fourth Amendment privacy rights, whether they’re communicating through pen-and-paper mail or email. Americans justly demand this level of privacy, and I remain confident that the bill will swiftly pass Congress.”