Jason Atchley - Technology Sales & Business Development
Tuesday, February 11, 2014
Jason Atchley : Privacy : We Need to Cut a New Deal on Communications Information Privacy
Jason Atchley
We Need to Cut a New Deal on Communications Information Privacy
If we wait for courts to develop new Fourth Amendment doctrines we may not achieve a good balance, clear guidelines, or widespread support for resulting rules.
It is (high) time to rewrite and modernize the law that regulates access to our private communications and to the detailed information those communications automatically create.
No, I’m not talking about the statutes relating to the U.S. Foreign Intelligence Surveillance Court, or the National Security Agency’s collection of metadata. We do need to constrain the growth of a surveillance state, even if some intelligence activities can be justified. But ordinary government information collection and eavesdropping, in the course of normal law enforcement activities, are just as badly in need of reform.
Before 1986, the wiretap statute required a warrant only for the “aural” interception of communications. That formulation stemmed from the practice of attaching alligator clips to phone lines so the police could use earphones to listen in on a call. But information was increasingly being exchanged in digital form. Interception might involve reading an email, not listening to a voice. So it was clear that the wiretap statute needed to be updated to cover new forms of electronic communication.
I was involved in the negotiations and drafting that led to the Electronic Communications Privacy Act. A deal could be struck because:
1) Companies like IBM wanted to encourage use of electronic communications by assuring some level of privacy against both private and government “interception.”
2) Government representatives respected privacy interests and realized that normal law enforcement operations would proceed more smoothly if some clear statutory rules (rather than vague constitutional tests) established required procedures.
3) Privacy advocates like the Electronic Frontier Foundation understood that what was needed were standards that allowed justified government access but prevented unreasonable intrusions.
The ECPA compromise was reached against the background of two assumptions. First, any new protection would have to be added on top of the existing wiretap statute, rather than disrupting the complex balance that had previously been struck re “aural” interception of phone calls. (This was achieved by requiring a wiretap warrant for the “interception” of any electronic communication.)
Second, insofar as emails and other digital communications might be stored on servers, they would also require some protection. But some stored electronic communication—say a message posted to a public “bulletin board”—could not reasonably be treated as a private communication (it was readily available to all). And because, under the then current technology, most email users downloaded emails to their local personal computer in order to read it, electronic messages stored for more than 180 days might reasonably be given somewhat less protection (just as property abandoned in a self-storage locker might be somewhat less protected against a government search).
The ECPA standards, supported by a broad consensus among technology companies, law enforcement agencies and civil rights organizations served us all reasonably well for many years. But the technology has changed. Now we have the cloud and gmail. Now your cell phone constantly reports where you are. It is no longer reasonable to assume that someone who stores email on a remote server they don’t own for more than 180 days has any less reason to want to protect the privacy of those “papers and effects.”
No comments:
Post a Comment