The Electronic Communication Privacy Act (ECPA) was passed in 1986 by the Congress. The law was established to protect the privacy of an individual’s electronic communication as well as to create a legal access to these communications for the government if the adequate process is followed.
The ECPA law has three main titles; the Title I updates “Wiretap Act” to encompass the interference in the oral and wire communication along with the electronic communications. The Title II added to chapter 121 to the United States Code named “Stored Wire and Electronic Communication and Transnational Records Access” which is commonly known as Stored Communication Act (SCA). The Title III introduces new rules that monitor the use of pen register, a device that allows the users to occupy the routing information regarding communications such as the dialed telephone numbers and the email addresses received or sent.
Although the law was passed at the very beginning of the Internet, the Stored Communication Act (SCA) has been evolved with the time and it covers the content of the email, private Facebook messages, YouTube videos, and so-called metadata or non-content information linked to people internet transactions.
The use of SCA is majorly determined by the bodies to which it applies – the Electronic Communication Service (ECS) providers and the Remote Computing Service (RCS) providers which are described in the law.
It does not deal with the government access to records directly with the purpose of the investigation.
The reforms of ECPA were mostly in the SCA section because of the development of technology. With this progress, the law enforcement has majorly focused on its authority under the SCA and accessed stored electronic communications such as the emails directly from the service provider instead of frequently relying on the real-time interception authorized under the “Wiretap Act”.
What Was The Issue With ECPA?
In 1986, the ECPA was an advantageous step towards the privacy, however, for many years, it remains the same which makes it outdated with the advancement in technology.
The most criticized issue of ECPA was the permit of information access to the law enforcement officials without any search warrant. For instance, in many cases, they can access content like stored emails in the cloud which gave them the reach to huge content at a low standard.
With such laws, the ECPA decreased the trust of individuals especially the businesses which deal with the sensitive and confidential customer data.
Due to such a notion, the bill was challenged by the businesses and tech giants.
Email Privacy Act Reform Bill
Thirty years after the introduction of ECPA, the Email Privacy Act was passed in April 2016. The bipartisan ECPA reform bill was passed with an overwhelming majority of 410-0 through the House of Representatives.
The privacy bill has taken five years in making a process where the decades-old law was challenged by the companies like Google and Dropbox for allowing the government to access emails without a warrant. The ECPA warrantless searches also included the emails and other communications retained in third-party cloud providers.
Previously, the ECPA requires government investigators to provide a warrant from a neutral judge to force the revelation of electronic communications stored with the third-party cloud providers for 180 days or less. Moreover, if the communications stored are more than 180-days old, the government could access it with a mere warrant that agency may itself issue.
However, this rule could be a fit for 1986 but not for the present era. With the modernized cloud storage, the years-long information could easily be stored. Also, the electronic communications such as emails, social media messages, others created two years ago are equally private and personal.
Therefore, the House of Representatives has figured out the cause and removed the 180-days distinction from the ECPA law. With the Email Privacy Act reforms, the governmental entities require a criminal warrant to access email communications retained by the third-party providers.
ECPA Reform Legislation and Exemptions to Violation
The ECPA was amended in 1994 by the Communication Assistance to Law Enforcement Act (CALEA), by the USA Patriot Act in 2001, and the USA Patriot Act reauthorization in 2006. The ECPA Modernization Act was proposed in 2012.
There are two main exemptions to allow interception in communications without violating the act.
- The “Provider” exception permits the telephone service provides to hear or monitor the telephone calls if they are directed by the law enforcement officers with an authentic court order. It is also allowed when it’s necessary to provide you the service, to check the equipment, or to protect the provider’s property or rights, for instance, when their network is used without the payment.
- Law enforcement officials can access the communications when one side consents to it. Therefore, if an individual is suspect in illegal activities and government official consents, then agents can listen and retain your conversation.
You can get the further information here.