By Oded Green
On April 6, 2011, the Senate Judiciary Committee held a hearing regarding a proposed update to the Electronic Communications Privacy Act (ECPA) in light of cloud computing and other technological developments that have occurred since the statute was enacted more than two decades ago. The ECPA is comprised of three laws — the Wiretap Act, the Stored Communications Act, and the Pen Register Act — which govern when certain parties, including law enforcement and other governmental authorities, may access communications and related data and to whom they may disclose those communications and data.
According to Senate Judiciary Committee Chairman, Patrick Leahy, with the explosion of cloud computing, social networking sites and other new technologies, determining how to bring ECPA into the digital age is one of Congress’ greatest challenges. He added that ECPA is “hampered by conflicting standards that cause confusion for law enforcement, businesses and consumers.” For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent.
In testimony for the U.S. Department of Justice, Associate Deputy Attorney General James Baker emphasized the critical role ECPA plays in law enforcement, national security, and cyber security activities, as well as its importance to protecting the privacy interests of all Americans. That said, according to Mr. Baker, any adoption of a proposal requiring government officials to obtain a warrant (based on probable cause) before they can compel disclosure of stored content, may cause “collateral consequences to criminal law enforcement and the national security of the United States.” In addition, in his testimony, Mr. Baker identified additional provisions of ECPA that may require further clarifications and updates. These areas include governmental access to cell tower information relating to cell phone calls and cell phone locations.