When
I began practicing law at the dawn of the Internet Age, I soon realized that in
the digital space, this long-held, common-sense approach to law enforcement searches
is not always applicable. Surprisingly, searches in the physical world almost
always require a warrant while searches in the “digital world” generally do
not. Under the 1986 Electronic
Communications Privacy Act (ECPA), enacted with 1980s technology in mind, the legal
need for a warrant to access one’s personal digital content depends on the type
of technology utilized to store the data and how old the correspondence is.
According
to an Electronic Information Privacy
Center (EPIC) analysis of ECPA, the backbone of U.S. digital privacy law, law
enforcement does not need a warrant to access both opened and unopened emails
stored in the cloud for more than 180 days.
In contrast, emails located on a home hard drive and opened emails that
are less than 180 days old require a warrant.
The
deficiencies in this approach are becoming more apparent every day. For example, law enforcement agencies across the
country
are using mobile devices called Stingrays to collect information that is stored on our cell
phones and other digital devices without warrants. Law enforcement has refused to
discuss, even in court, the technology
utilized in Stingray devices. And this is just one example of overreach.
Our
current legal framework worked best in 1986. ECPA made sense then because lawmakers
didn’t envision people storing thousands of personal files for years on remote or
cloud-based servers. In 1986, these
technologies did not exist. Over
the past 30 years, technological innovation has changed how we create, access,
process, and archive digital content.
Today, many people store personal emails and data in the cloud or apps. Due to the growing interconnectedness of our
society, many of these platforms have servers located around the globe. At any given time, our data may be processed,
archived, or stored in servers anywhere in the world.
Whether
a warrant is required to access one’s digital data should not depend on the age
of the content, the technology utilized to store the information, or the
location of the data. In the face of
ECPA’s limitations, some states, such as Virginia and California,
have enacted laws requiring a warrant before Stingray technology may
be deployed. A forward-thinking national
law that requires a warrant to access digital content regardless of data’s age
or the type of storage technology utilized is needed.
Fortunately,
Congress has recently proposed a bipartisan fix to this problem with the introduction
of the Law Enforcement
Access to Data Stored Abroad Act (LEADS). This bill offers a well-balanced approach
that requires law enforcement to obtain a warrant when it wants access to personal
digital content. If data is located on
an app or a server that is located overseas, it requires law enforcement to
follow the legal process required to obtain the information in the jurisdiction
where the content is located. This
common-sense approach ensures that personal information is treated equally
whether located in the physical or the digital world.
It’s
time for the United States to demonstrate leadership on digital privacy issues.
A step in the right direction would be to enact the bipartisan LEADS Act.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.