• Law, Policy -- and IT?

    Tracy Mitrano explores the intersection where higher education, the Internet and the world meet (and sometimes collide).



Finding the right balance.

March 8, 2015

Of all the laws in need of reform due to the Internet’s disruptive effects, ECPA remains primary. Promulgated in 1986, it updated the Safe Streets and Crime Control Act of 1968, the first U.S. “wire-tap” law. At the time prescient because it included “data networking” in the definition of electronic communications, ECPA nonetheless would quickly become antiquated once the Internet became public.  

ECPA lies at the root of many contemporary legal conundrums. Is it legal for law enforcement to capture all telephonic metadata, for example? Most will recognize this question as a result of the Snowden disclosures. ECPA’s munging of telephony and data networking under the Fourth Amendment line created constitutional inconsistency. Whereas this line made sense with telephony, because time-stamped source and destination telephone numbers do not reveal content, data networking metadata sometimes does (subject lines of emails, for example) or can be used to resolve to data (Internet protocol addresses resolved to web sites).  

This inconsistency is often attributed to the Patriot Act. In fact, it lies at the core of ECPA. The Patriot Act exacerbated it. By lowering law enforcement’s showing for metadata to a simple request filed with a clerk – well below the functional level of “probable cause” and the judicial oversight that comes with it --  the Patriot Act effectively stripped ECPA of its foundational Fourth Amendment design. Questions about government surveillance and civil liberties have hung in the balance ever since. 

As if this flaw were not enough, federal appellate court judges have been confounded by ECPA ever since, especially on the subject of email. Is it metadata or content? For how long should it be protected under the Fourth Amendment? Here is a quick summary via dicta of its impenetrable language and interpretation. "[A] fog of inclusions and exclusions" – Briggs v. American Air Filter Co. (5th Cir. 1980)  "[A] statute . . . which is famous (if not infamous) for its lack of clarity" – Steve Jackson Games, Inc. v. United States Secret Service (5th Cir. 1994)"[T]he Fifth Circuit . . . might have put the matter too mildly." – U.S. v. Smith (9th Cir. 1998)  [Quotes courtesy of Steve McDonald.] 

With all of this history, I urge support for the Law Enforcement Access to the Data Stored Abroad Act (LEADS Act). Congressman Marino has also introduced the bill in the House. 

One of the few proposed bills in Congress with bipartisan support, the LEADS Act amends ECPA balancing civil liberties and national security. It requires law enforcement to obtain a warrant to access email stored abroad of a U.S. person, so long as the request does not conflict with domestic law of the country in which the server resides. This Act amends the antiquated notion of the current law that protects email for only 180 days left unread by the recipient. It brings back the original intent of the 1967 Katz case, the Safe Streets and Crime Control Act of 1968, and even ECPA in 1986. It redraws a clear line in the sand between metadata and content. In so doing, it accomplishes the most important feat of bringing Internet technologies into line with Fourth Amendment jurisprudence. The LEADS Act will not fix all that is amiss with ECPA, but it is start. Moreover, it gets ECPA reform off on the right foot. 


Back to Top