Proposed US law could deal knockout blow to FBI in overseas cloud privacy ding-dongs
Two bills filed to drag data protection rules into 2015
The US Congress, now fully under Republican control, is getting busy with laws to protect data: two bipartisan bills appeared on Thursday that would bring the 1986 Electronic Communications Privacy Act (ECPA) bang up to date in the 21st century.
The first piece of proposed legislation [PDF] is the Electronic Communications Privacy Amendments Act of 2015, submitted in the Senate by Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) and in the House by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO).
The bill would require cops and the Feds to show probable cause when seeking a search warrant to rifle through people's emails and other data. (California is mulling over a similar requirement.)
Under today's rules, set back when Ronald Reagan was in the White House, deem that any email can be searched, with probable cause or not, provided at least 180 days have passed since the message was sent and received.
"For too long now Americans' electronic communications have been subject to invasive and unwarranted searches based on laws written for the Apple 2, not the iPhone 6," said Rep. Jared Polis.
"Today, a majority of the House of Representatives is standing up to say that the government has no more business reading your personal email than it does reading your physical mail. I look forward to working with my colleagues on both sides of the aisle to pass this bipartisan bill and make a reasonable expectation of privacy the law for all forms of communication."
The bill has strong support, with six Senate cosponsors and 228 members of the House of Representative – over half of the voting body. If it passes, President Obama would be unlikely to veto the legislation, since the sponsors include some of his closest partners in Congress.
"The bill we are introducing today protects Americans' digital privacy – in their emails, and all the other files and photographs they store in the cloud. It builds consumer trust, and it provides law enforcement agencies with the tools they need to ensure public safety," Sen. Leahy said.
"This is a bipartisan issue, and now is the time to act swiftly to bring our privacy protections into the digital age."
Meanwhile in the cloud…
The second piece of legislation [PDF] is the Law Enforcement Access to Data Stored Abroad (LEADS) Act, and also plans to overhaul the aged ECPA to reflect the growth in cloud data.
The Law Enforcement Access to Data Stored Abroad (LEADS) Act, proposed by Senators Orrin Hatch (R-UT), Chris Coons (D-DE), and Dean Heller (R-NV), would codify how US crime-fighters could access data stored on servers outside America's borders.
It would force the Feds to go through foreign governments using existing treaties if they want to look into computers in other countries – rather than assuming a search warrant issued in the States against a US-based company applies globally.
"Law enforcement agencies wishing to access Americans' data in the cloud ought to get a warrant and just like warrants for physical evidence, warrants for content under ECPA shouldn’t authorize seizure of communications that are located in a foreign country," said Coons.
"The government’s position that ECPA warrants do apply abroad puts US cloud providers in the position of having to break the privacy laws of foreign countries in which they do business in order to comply with U.S. law. This not only hurts our businesses’ competitiveness and costs American jobs, but it also invites reciprocal treatment by our international trading partners."
Microsoft is in a tough legal fight with Uncle Sam over just this topic. US investigators went to a New York judge for permission to seize emails stored in Microsoft's Dublin servers for evidence in a court case against drugs traffickers.
The Feds claim they have the right to search foreign systems under the ECPA, avoiding the need to apply to the Irish government to recover the information.
Redmond knows that this would basically kill its cloud business overseas, and other cloud providers are just as worried. Telling companies that their data is up for grabs any time US law enforcement fancies a peek is not what you'd call a strong selling point.
"Microsoft supports the LEADS Act for its common sense reforms. The LEADS Act is a real solution to a real problem," Microsoft's general counsel Brad Smith wrote in a blog post.
"We’re joining a broad coalition of companies and associations in the technology, telecommunications, manufacturing and cloud computing sectors to advocate for passage of the LEADS Act." ®