Skip to Content

Government Surveillance

Email Privacy Act Brief

The Email Privacy Act Amends the Electronic Communications Privacy Act (ECPA) of 1986: Thirty years ago, when ECPA was enacted, it was a forward-looking statute addressing a brand new technology: email and computer storage. However, while technology has advanced dramatically in the decades since ECPA was enacted, the statute’s privacy standards have not been updated, leaving important information without full protection. The Email Privacy Act (H.R. 699), which recently passed in the House by an overwhelming 419-0 vote, would finally bring the law that sets standards for government access to private internet communications into the 21st century by:

  • Requiring, with limited exceptions, that law enforcement obtain a warrant based on probable cause before searching and seizing the contents of Americans’ emails, texts, and photographs stored in the cloud.
  • Removing the antiquated rule that emails that are older than 180 days or already opened can be obtained without a warrant.

The Bill Strikes the Appropriate Balance Between Privacy Concerns and Law Enforcement Needs: The reforms in the bill ratify the Sixth Circuit’s decision in U.S. v. Warshak, which held that email content is protected by the Fourth Amendment and that law enforcement access requires a probable cause warrant. Warshak is effectively the law of the land today – DOJ and FBI policies already require agents to obtain a search warrant, and many service providers will not relinquish their users’ content without one.

During the markup, House Judiciary members addressed a variety of law enforcement concerns by:

  • Removing a provision that would have required the government to provide notice to the subscriber or customer when a warrant for their data is served on their provider. While the bill permits service providers to notify the affected subscriber or customer directly, law enforcement would still be able to obtain court orders that delay provider notice in 180-day increments, as many times as needed.
  • Preserving all of the current exceptions to the warrant requirement including: 1) voluntary disclosure by providers in case of an emergency; 2) voluntary disclosures with consent; 3) disclosure of To/From information, which may be obtained with a court order issued under § 2703(d); and 4) mandatory disclosure of child pornography to the National Center for Missing and Exploited Children under 18 U.S.C. § 2258A.
  • Introducing a new exception for public promotional content. The Email Privacy Act clarifies that the warrant requirement does not apply to previously public or currently public content that advertises or promotes a product to avoid hindering investigations of commercial and marketing fraud.
  • Maintaining law enforcement’s ability to preserve records. If a government agency has not yet obtained a warrant or other legal process, it can direct a provider to preserve information in a subscriber’s account and ensure nothing is deleted – all without judicial approval.
  • Requiring timely responses to warrants. The bill requires providers to respond to warrants “promptly,” and expressly authorizes courts to impose specific deadlines on service providers to respond to warrants.
  • Providing an exception for corporate emails. The bill clarifies that agencies can continue to use subpoenas to obtain corporate emails of employees and agents.

The Bill Does NOT Grant Civil Agencies Warrantless Snooping Power: A civil agency carve-out, which CDT strongly opposes, would grant the Internal Revenue Service (IRS), Environmental Protection Agency (EPA), Securities and Exchange Commission (SEC), and many more federal, state and local agencies new authority to demand a target’s emails from service providers. Such a carve-out would undermine the very purpose of the bill by giving government broad new access to private communications at a much lower standard.

Additional resources available on the Digital Fourth website.

Coalition letter in support of the Email Privacy Act (April 26, 2016).

For more information, please contact Chris Calabrese, CDT Vice President, Policy, at [email protected].