H.R. 699 (114^th): Email Privacy Act

The bill introduced during this Congress with the most cosponsors is theEmail Privacy Act, with 310 cosponsors, a bipartisan mix of 194 Republicans and 115 Democrats. In theory this bill — H.R. 699, introduced by Rep. Kevin Yoder (R-KS3) — should be a near-lock for passage. But when the same bill was introduced last session, it failed to pass. What will the result be this time?

Odds of passage

When the same bill was introduced in the last session of Congress, in 2013, it attracted 272 cosponsors, including a similar 174 Republican / 98 Democrat bipartisan breakdown. Yet it never received a vote after being referred to the House Judiciary Committee. However, Committee Chair Rep. Bob Goodlatte (R-VA6) announced last week that the bill won’t languish this time around, and will receive a markup in March.

What the bill does

Under current law, as described by The Hill, the government may use subpoenas instead of warrants when forcing companies (such as Google, Yahoo, Facebook, Twitter, etc.) to turn over customers’ electronic communications, including emails, when those messages are more than 180 days old. While warrants require “probable cause,” subpoenas don’t, and they allow much more information to be collected. (The difference is important for several other reasons.)

As The Hill explained, “The [subpoena] provision is a holdover from an era in which it would have been largely impractical for an email service provider to store emails for more than six months and cloud storage was not yet available. It is universally accepted that the law has not kept up with current technology.” The Electronics Communications Privacy Act (ECPA), which created the subpoena power, was enacted in 1986.

The bill would end this loophole and require government agencies to seek warrants for digital communications older than 180 days.

Who supports the Email Privacy Act

To put the bill’s 310 cosponsors into perspective, the next most-cosponsored bills this session were 303 for a Congressional Gold Medal nomination and 301 for the Blue Water Navy Vietnam Veterans Act. For another perspective, a bill only needs 290 votes in the House to override a presidential veto.

President Obama’s administration has been supportive of policy changes in this area, writing in 2013 in response to a We the People petition that “The ECPA is outdated, and it should be reformed.” However, because bills can undergo significant modifications during the legislative process, the White House added, “We aren’t going to endorse a single ECPA-reform bill at this time.” It does not appear that Obama or the White House has weighed in on the current bill.

“The last time Congress updated our email privacy laws, we were two years removed from the release of the first Macintosh computer,” Yoder said when introducing the bill. “It’s time Congress modernized these outdated statutes to ensure that the rights protected by the Fourth Amendment extend to Americans’ email correspondence and digital storage.”

Politics makes strange bedfellows, as the New York Times Editorial Board came out in support of the bill introduced by a conservative Republican: “Internet users today store incredible amounts of private information online so they can have access to it from any connected device. That data should be just as protected as the photos, letters and other documents people keep at home.”

Who opposes it

Some federal agencies like the Securities and Exchange Commission have come out against the bill. The SEC does not have authority to obtain criminal warrants in their investigations, such as those into financial fraud. In testimony before the House Judiciary Committee in November, SEC Division of Enforcement Director Andrew Ceresney warned, “H.R. 699, in its current form, poses significant risks to the American public by impeding the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct.”

Steven H. Cook, president of the National Association of Assistant United States Attorneys, also warned, “While the Email Privacy Act expands Fourth Amendment protections and imposes a warrant requirement to compel disclosure of stored email or text, the statute does not recognize any of the well-established exceptions to the warrant requirement that would be applicable in every other circumstance. I know of no other area of the law where this is the case.”

(American federal law recognizes six main exceptions to a warrant requirement for searches: a search incidental to a lawful arrest, a “plain view exception,” if the person being searched gives their consent, “stop and frisk,” an automobile exception, and in an emergency.)

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on Feb 4, 2015.

Email Privacy Act

Amends the Electronic Communications Privacy Act of 1986 to prohibit a provider of remote computing service or electronic communication service to the public from knowingly divulging to a governmental entity the contents of any communication that is in electronic storage or otherwise maintained by the provider, subject to exceptions.

Revises provisions under which the government may require a provider to disclose the contents of such communications. Eliminates the different requirements applicable under current law depending on whether such communications were: (1) stored for fewer than, or more than, 180 days by an electronic communication service; or (2) held by an electronic communication service as opposed to a remote computing service.

Requires the government to obtain a warrant from a court before requiring providers to disclose the content of such communications regardless of how long the communication has been held in electronic storage by an electronic communication service or whether the information is sought from an electronic communication service or a remote computing service

Requires a law enforcement agency, within 10 days after receiving the contents of a customer's communication, or a governmental entity, within 3 days, to provide a customer whose communications were disclosed by the provider a copy of the warrant and a notice that such information was requested by, and supplied to, the government entity. Allows the government to request delays of such notifications.

Prohibits disclosure requirements that apply to providers from being construed to limit the government's authority to use an administrative or civil discovery subpoena to require: (1) an originator or recipient of an electronic communication to disclose the contents of such communication, or (2) an entity that provides electronic communication services to its employees or agents to disclose the contents of an electronic communication to or from such employee or agent if the communication is on an electronic communications system owned or operated by the entity.

Allows the government to apply for an order directing a provider, for a specified period, to refrain from notifying any other person that the provider has been required to disclose communications or records.

Directs the Comptroller General to report to Congress regarding disclosures of customer communications and records under provisions: (1) as in effect before the enactment of this Act, and (2) as amended by this Act.