US Congress set to tighten email privacy law

Sarah Jacobsson Purewal
16 September, 2012
View more articles fromthe author

A bill that will require law enforcement to obtain a warrant before accessing private online communications such as email or social networking interactions is expected to be introduced in the US Senate this week.

According to the American Civil Liberties Union, this legislation is a “key piece of efforts to reform the Electronic Communications Privacy Act,” which was first passed in 1986.

Back then, email wasn’t nearly as important or prevalent as it is today. So, when the privacy act was written, US Congress initially decided to handle email (and other yet-to-be-defined types of communication, such as instant messaging chats, social networking interactions and uploaded cloud files) as business records, which can be obtained by law enforcement with a simple administrative subpoena.

The ACLU says that, back in 1986, lawmakers assumed email would be “largely transient” and wouldn’t be held for long periods of time. Therefore, the Electronic Communications Privacy Act is structured so that online communications older than 180 days is treated as “discarded” and thus not very private.

So, combine this thought – that looking at an email that’s more than 180 days old is like looking at a letter that somebody abandoned on the side of the road – with the idea that email messages are just business records, and it’s no wonder that US feds can nab the content of email messages with a subpoena.

By the way, this is why cloud services’ terms of service always include a mention about how, if subpoenaed, the provider will give up your personal information to the US government. Last year, Dropbox was heavily criticised for altering its TOS to make this portion more prominent, but the cloud storage provider explained that it didn’t really change anything – while the company planned to fight for its users’ privacy, handing over records because of a subpoena is just, well, the law.

The new bill, which will be introduced by Senator Patrick Leahy of Vermont, will require that law enforcement get a probable-cause warrant before being able to read the contents of private online communications that are more than 180 days old.


Right now US authorities need only ‘reasonable grounds to believe’ that the content of such messages would be useful in their investigation to get a subpoena. However, ‘probable cause’ means they would need to have enough information about the person they’re investigating to warrant a prudent and cautious person’s belief that evidence will be found in such messages.

According to Ars Technica, only the content of emails and online communications will be protected under this new bill; other key pieces of information, such as names, email addresses, IP addresses and transactional data will not require a warrant. The reason for this, according to former US government official Marc J. Zwillinger, is because it’s “the type of information prosecutors use to build probable cause that enables them to seek court-ordered access to more sensitive information.”

This bill’s outcome will affect users in possession of any type of cloud-based services: web-based email, cloud storage providers, social networks, online chat applications or any Google products. And while the legislation is being discussed with regard to US citizens only, if passed, the bill will set a precedent for global industry regulations and other countries’ federal laws, including Australia.

Right now, cloud providers have to give up a person’s information to the US government if they receive a subpoena. And not just information, such as a full name, phone number and address, but the actual contents of any private communication that they have on record. So if a person happens to have Gmail messages or Facebook chats that are older than 180 days, they’re fair game.


That’s not to say that cloud providers (or tech companies, for that matter) will immediately give up personal data. Many companies – Google and Twitter, for example – will fight for their users’ right to privacy and require warrants before they give up information. In piracy lawsuits, many Internet service providers have been known to fight subpoenasby the RIAA.


If this bill passes, US feds will be required to first get a warrant before asking for private information, which is a major step up from a subpoena. In order to get that warrant, they’ll have to be able to demonstrate that they have enough information about a person’s alleged criminal activity to suggest that looking at their private communications will yield real evidence.

One Comment

One person was compelled to have their say. We encourage you to do the same..

  1. AussieMacUser says:

    I think that electronic communication needs to be as protected as plain old letter mail. Even though letter boxes are not the most secure devices, there are serious penalties for tampering with the mail – by anyone, let alone legal authorities..Our society would lose a lot if our communications could not be seen as “private”.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us