A coalition that includes Google and Microsoft is aiming to get the Electronic Communications Privacy Act updated to reflect the needs of today’s technologically fast-paced world, where much consumer and business data resides in the cloud. I listened in on a conference call this afternoon, which featured several members of the coalition, including representatives from both companies.
Jim Dempsey of the Center for Democracy and Technology led the discussion, and ran down the four principles the coalition is trying to get instilled in the legislation. As laid out on the coalition’s site, these include:
– A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
– A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
– A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
– Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.
The ideas have been sent to Capitol Hill, but the goal at this point is to simply begin a dialogue around these issues. "We’re not expecting these will be enacted this year," says Dempsey.
Mike Hintze of Microsoft says the company’s interest is based on the fact that the statute, which was passed in 1986 hasn’t kept up with technological changes, and as a result has led to confusion among companies, law enforcement, and customers. "we don’t believe the balance between privacy and law enforcement should be turned on its head," he says.
"I don’t think there is a single incident that I would point to for the need for this change," says Richard Salgado, Google Senior Counsel, Law Enforcement and Information Security. Other members of the coalition voiced agreement with this.
So far, members of the coalition include: ACLU, American Library Association, Americans for Tax Reform, AOL, Association of Research Libraries, AT&T, Center for Democracy & Technology, Citizens Against Government Waste, Competitive Enterprise Institute, Computer and Communications Industry Association, eBay, Electronic Frontier Foundation, Google, Information Technology & Innovation Foundation, Integra Telecom, Intel, Loopt, Microsoft, NetCoalition, The Progress & Freedom Foundation, and Salesforce.com.
More information about the initiative can be found at DigitalDueProcess.org. Google also has more about it on its official blog.