By Barry SteinhardtBarry Steinhardt is an internationally-recognized expert on the impact of technology on privacy rights, due process, and freedom of expression. He was the inaugural director of the ACLU Technology and Liberty Project, a position he held from 2002 until his retirement in 2009. He is currently a member of the ACLU of Virginia Board of Directors.
The year was 1986—October 21, 1986 to be exact.
It would be three years before a young British computer scientist Tim Berners-Lee (now Sir Tim Berners-Lee) would publish a ground breaking paper that led to what we now know as the Internet.
Google would not be launched for 11 years. Facebook, whose founder was still in diapers, was two decades away.
But 25 years ago today, Congress passed the Electronic Communications Privacy Act (ECPA) to apply Fourth Amendment principles of privacy to new ways of communicating, placing limits on when and how the government could gain access to our electronic messaging and records.
It was a remarkably important legislative accomplishment.
But communications technology -- and with it the government’s ability to surveil our speech and countless activities that are electronically recorded-- has been advancing at light speed since 1986.
Sadly, the law that was intended to protect our electronic communications from the government’s prying eyes no longer does that.
The now outdated ECPA is allowing the government to engage in a shopping spree in the candy store of information about who you are, where you go, and what you do that is being collected every minute by cell phone providers, search engines, social networking sites, and other websites.
ECPA needs not only to be brought into the 21st Century to address technologies that have been developed since 1986, but given the speed at which even newer technologies are being developed, it must be made flexible enough to anticipate the changes still to come.
The ECPA should be amended to:
Robustly Protect All Personal Electronic Information. Current loopholes in our privacy laws must be closed to ensure that electronic information, including most transactional communications, are protected from government searches unless a warrant based on probable cause is issued by a judge.
Safeguard Location Information. Location as transmitted by our cell phones is clearly personal information. Government officials should have to obtain a warrant based on probable cause before accessing it.
Contain Appropriate Oversight and Reporting Requirements. Existing reporting requirements for wiretap orders must be extended to all types of law enforcement surveillance, including electronic records kept by private companies. This will ensure oversight of the law by Congress and transparency to the public.
Require a Suppression Remedy for Illegally Obtained Information. Under current law, most illegally obtained electronic communications can still be used in court. The ECPA should be amended so that the same rules apply for electronic and non-electronic information-- if it's illegally obtained, it should not be used against an individual in court.
Limit Exceptions to the Law. Overly broad exceptions now allow easy access to the content of electronic records without notice, consent, or a true emergency. Records should only be viewed in a true emergency with informed consent and proper notice.Online privacy is stuck in the Digital Dark Age. Because privacy laws don’t auto-update like our anti-virus software, but instead need legislative approval, they tend to lag behind technology. The ACLU has become a key leader in the campaign to urge Congress to restore the original promise of ECPA.
If you agree that electronic mail deserves the same privacy protections as our postal mail, or that our cell phone calls should be protected in the same way as landline calls are, then join the ACLU’s campaign. Take action today!