What Is The Electronic Communications Privacy Act (“ECPA”)?
The ECPA of 1986 protects a variety of electronic communications and records. Title I protects electronic, wire and oral communications in transit. Title II, the Stored Communications Act (18 U.S.C. §§ 2701-12) (“SCA”) protects stored electronic communications. Title III prohibits the use of trap and trace devices and pen registers, which essentially compile a record of dialed telephone numbers and routing.
Titles I and II both restrict the ability of law enforcement and governmental agencies to acquire communications protected by the ECPA. Title I requires a court authorized search warrant upon a showing of probable cause that the communications sought contain evidence that a crime was committed. Title II of the SCA only requires a similar judicial warrant for stored communications 180 days or less. In the case of stored communications older than 180 days, law enforcement or a governmental agency only need issue an administrative subpoena. That administrative subpoena is essentially a letter from the agency to the holder of the stored communications, such as an Internet Services Provider (“ISP”), that the communications are relevant to an investigation and forces the holder to divulge the stored communications.
This is significant because the standard required for law enforcement or regulatory agency to obtain e-mails or data files older than 180 days differs not only in the age of the communication, but also where the communication is stored. For example, if the communication is stored on a computer hard drive in one’s home or business, law enforcement is required to obtain a search warrant to obtain the data regardless of age. In the case of communications stored with a third party, the standard of proof (i.e., court approved warrant v. agency subpoena) depends upon the amount of time the communication has been stored, with the dividing line being 180 days.
Changes In The Use Of Data Storage
Congress originally passed the SCA and the ECPA in 1986 with a few amendments since then. In the intervening 26 years, data usage drastically changed. Previously, storage, both online and offline was at a premium. In the past, e-mail was predominately downloaded from ISPs to e-mail clients and stored locally on a user’s computer. Alternately, users deleted older e-mails stored on third party servers. Users predominately stored all data and communications locally on their hard drives. Businesses typically stored their communications on their own servers.
The landscape of communication and data storage today has turned to third party “cloud” services. For individuals, Web based e-mail providers such as Gmail, Yahoo and e-mail provided by ISPs with generous storage encourages individuals to keep e-mail and even voice mails in the case of Google Voice on third party servers indefinitely instead of deleting communications or downloading them to local client hard drives. Even businesses have migrated to “cloud services” including hosted e-mail servers and cloud-based backup.
Increases In The Use Of Administrative Subpoenas
At least anecdotally, the amount of agency subpoena requests has dramatically increased. For example, in Google’s Transparency Report (http://www.google.com/transparencyreport/removals/government/), notes in the first half of 2012 it had 1,791 subpoena requests. In the first half of 2011 Google reported 949 such requests.
Recent Efforts To Require Court Issued Warrants For Stored Communications
The good news is that there is movement in the U.S. Senate to amend the ECPA to protect communications older than 180 days older. Legislation introduced by Senator Patrick Leahy recently passed a Senate panel against objections by law enforcement that it would hinder investigations. If passed, the proposed law would require law enforcement and regulatory agencies to obtain a court issued search warrant for all stored communications, regardless of the age. Of course, it is early in the legislative process. Stay tuned.