The Email Privacy Act is a bill introduced in the United States Congress. The bipartisan proposed federal law was sponsored by Representative Kevin Yoder, a Republican from Kansas, and then-Representative Jared Polis, a Democrat of Colorado. The law is designed to update and reform existing online communications law, specifically the Electronic Communications Privacy Act (ECPA) of 1986.[1] [2] [3]
In the 113th Congress (2013 - 15), the bill never made it out of subcommittee. In the 114th Congress (2015 - 17), the bill was unanimously passed by the House, but was derailed in the Senate following a series of weakening amendments offered by Republican Senator John Cornyn of Texas, the Senate Majority Whip. In the 115th Congress (2017 - 19) and 116th Congress (2019 - 21), the legislation passed the House, but failed to receive a vote in the Senate.
The legislation would require authorities such as the U.S. Department of Justice and Securities and Exchange Commission to obtain a search warrant to access emails, data in cloud storage, and other digital communications more than 180 days old.[4] [5]
Under current law - the Electronic Communications Privacy Act (ECPA) of 1986 - authorities can obtain such data by issuing an administrative subpoena to an Internet service provider, without the need to obtain judicial approval.[4] [5] The Congressional Research Service reported in 2015 that: "In recent years, ECPA has faced increased criticism from both the tech and privacy communities that it has outlived its usefulness in the digital era and does not provide adequate privacy safeguards for individuals' electronic communications. In light of these concerns, various reform bills have been introduced in the past several Congresses..."[6]
The Email Privacy Act would codify as federal law the decision of the United States Court of Appeals for the Sixth Circuit in United States v. Warshak (2010). In that case, the Sixth Circuit held that the Fourth Amendment to the United States Constitution requires that the government obtain a warrant before accessing emails stored online (e.g., in the cloud). The Warshak ruling currently applies only to the Sixth Circuit; the Email Privacy Act would extend its rule nationwide.
The legislation "is widely supported by the tech industry and privacy advocates."[1]
The Electronic Frontier Foundation has pushed for the legislation for over six years, hailing the House vote in favor of the legislation in 2016 as "a win for user privacy" and urging the Senate to approve it without weakening amendments.[7] The EFF noted, however, that the bill "isn't perfect" because it does not require the government to notify users when the government seeks their data from service providers, which the EFF believes is "a vital safeguard ensuring users can obtain legal counsel to fight for their rights."[7]
A wide array of civil society groups, corporations, and trade associations issued an open letter in April 2016 expressing support for the Email Privacy Act.[8] Among the groups to sign on to the letter were Adobe, ACT/The App Association (formerly the Association for Competitive Technology), Amazon.com, Inc., the American Civil Liberties Union (ACLU), the American Library Association, Americans for Tax Reform (ATR), the Brennan Center for Justice, the Center for Democracy & Technology (CDT), Cisco Systems, the Consumer Technology Association, the Direct Marketing Association, Dropbox, the EFF, Facebook, FreedomWorks, Google, HP, the Internet Association, LinkedIn, Microsoft, the Newspaper Association of America, Niskanen Center, Symantec, Twitter, U.S. Chamber of Commerce, and Yahoo.[8] The groups wrote that the Email Privacy Act is a necessary update "to reflect internet users' reasonable expectations of privacy with respect to emails, texts, notes, photos, and other sensitive information stored in "the cloud."[8]
The Digital 4th Coalition, an advocacy coalition consisting of the ACLU, ATR, CDT, and Heritage Action, supports the legislation, creating a website to support the legislation and to urge citizens to push for it. The coalition spans the ideological spectrum from left to right.[9] [10]
A public-opinion survey of U.S. registered voters conducted by Vox Populi Polling on behalf of the Digital 4th Coalition found that 77 percent agreed that a warrant should be required to access "emails, photos and other private communications stored online."[11] When respondents heard a summary of the ECPA's provisions, "86 percent said it should be updated, and 53 percent said they'd be more likely to support a candidate who favored 'strengthening online privacy' through reforming the law."[11]
In 2015, the Obama administration expressed support for reforming and updating the ECPA in response to an online We the People petition that garnered more than 100,000 signatures, although the White House did not express support for any particular reform effort.[12]
The bill faces opposition from some federal agencies, who state that they rely on subpoenas to conduct investigations.[1] [11] In Senate committee testimony given in September 2015, Federal Trade Commission officials expressed concern that "recent proposals could impede its ability to obtain certain information" from Internet companies.[11]
The bill failed in the 113th Congress. The bill was introduced in May 2013 by Yoder and 272 cosponsors as H.R. 1852. However, it never made it out of the United States House Judiciary Subcommittee on Crime, Terrorism, Homeland Security and Investigations.[13]
In the 114th Congress, the bill was introduced again, in February 2015, as H.R. 699. The bill garnered the most cosponsors of any bill in this Congress, with 194 Republicans and 115 Democrats cosponsoring. The 14-page bill unanimously passed the House Judiciary Committee and then, on April 27, 2016, unanimously passed the House (419-0).[4] [7] [14] The passage of the bill in the House was hailed by the New York Times editorial board, which called the bill a "sensible" if imperfect update to privacy law and said that the House vote was a "rare and remarkable display of bipartisanship."[15]
The lead sponsors of the companion Senate legislation, the Electronic Communications Privacy Act Amendments Act of 2015 (S. 356) were Senator Patrick Leahy, Democrat of Vermont, and Senator Mike Lee, Republican of Utah.[4] [16] Twenty-five other senators were cosponsors.[16]
After the House passed its bill, Leahy and Lee called upon the Senate to "take up and pass this bipartisan, common-sense legislation without delay."[5] However, the bill languished in the Senate Judiciary Committee,[4] [5] and the committee's chairman, Senator Chuck Grassley, Republican of Iowa, expressed concern "about the details of this reform, and whether it is balanced to reflect issues raised by law enforcement."[17] Senate Majority Whip John Cornyn, Republican of Texas, offered two amendments in the Judiciary Committee that weakened the legislation: one to give federal authorities the power to access electronic identifying information without a warrant in counterterrorism cases, and the other to give the director of the Federal Bureau of Investigation or someone acting in his or her capacity "the power to compel a provider to hand over the name, physical address, email, telephone number or other identifying information" if relevant to "an authorized counterterrorism operation."[18] [19] The Cornyn amendments angered civil liberties and tech-advocacy groups who supported the bill, including Computer & Communications Industry Association, ACLU, and Open Technology Institute, who urged the Senate to pass the House bill.[18] Six other senators have also offered amendments in the Senate Judiciary Committee,[19] including an amendment by Republican Senator Jeff Sessions of Alabama, which would have exempted federal agents from the requirement to secure a warrant if the government asserts that an emergency situation exists.[20] The Sessions amendment was opposed by advocates for privacy rights, "because it does not require any judicial backstop to review the action afterward to see if the surveillance was warranted and should continue."[20] After the Cornyn and Sessions amendments were offered, the bill's lead Senate sponsors, Leahy and Lee, withdrew the bill from consideration, saying that they feared that the amendments would make "Americans' electronic communication even less private than it is now."[20]
The Email Privacy Act was again introduced in the 115th Congress, with Polis and Yoder again being the lead sponsors of the bill.[21] It passed the House of Representatives (where it had 109 sponsors) on a voice vote on February 6, 2017, but was again expected to encounter Republican opposition in the Senate,[22] and never made it out of Senate committee.[23]
In the 116th Congress, the Email Privacy Act was included as an amendment to the version of the National Defense Authorization Act for Fiscal Year 2019 (NDAA FY 2019) legislation passed by the House of Representatives; the amendment passed on 351 - 66 vote.[24] However, the provision failed in the Senate, and so the NDAA FY 2019 "passed without EPA's reforms or the broader ECPA Modernization Act of 2017" proposed by Senator Patrick Leahy (D-VT) or Senator Mike Lee (R-UT).[25]