Digital Due Process
A group of tech companies and privacy organizations have come together to encourage Congress to update the 1986 Electronic Communications Privacy Act. Over the years, it has been problematic in its interpretations in the courts, and was partially updated through the USA PATRIOT Act.
However, the world of today and the world of 1986 are quite different. So, many companies, including AOL, AT&T, Google, Intel, Microsoft, ACLU, ALA, ARL, and EFF, have developed consensus around a set of principles which will “simplify, clarify and unify the ECPA standards.” These principles are:
- A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
- A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
- A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
- Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.
They hope to work with legislators to enact an updated version of the law, taking into consideration both security and privacy aspects.