Electronic Communications Privacy Act
|Long title||An Act to amend title 18, United States Code, with respect to the interception of certain communications, other forms of surveillance, and for other purposes.|
|Enacted by the||99th United States Congress|
|Effective||October 21, 1986|
|Public Law||Pub.L. 99–508|
|Stat.||100 Stat. 1848|
|USA PATRIOT Act|
Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer (18 U.S.C. § 2510 et seq.), added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act (SCA, 18 U.S.C. § 2701 et seq.), and added so-called pen/trap provisions that permit the tracing of telephone communications (18 U.S.C. § 3121 et seq.).
ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Statute), which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).
"Electronic communications" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but excludes the following:
- Wire or oral communication
- Communication made through a tone-only paging device
- Communication from a tracking device (as defined in section 3117)
- Electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds
Title I of the ECPA protects wire, oral, and electronic communications while in transit. It sets down requirements for search warrants that are more stringent than in other settings. Title II of the ECPA, the Stored Communications Act (SCA), protects communications held in electronic storage, most notably messages stored on computers. Its protections are weaker than those of Title I, however, and do not impose heightened standards for warrants. Title III prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing, and signaling information used in the process of transmitting wire or electronic communications without a court order.
The ECPA extended government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer (18 U.S.C. § 2510 et seq.), added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act (18 U.S.C. § 2701 et seq.), and added so-called pen/trap provisions that permit the tracing of telephone communications (18 U.S.C. § 3121 et seq.).
Several court cases have raised the question of whether e-mail messages are protected under the stricter provisions of Title I while they were in transient storage en route to their final destination. In United States v. Councilman, a U.S. district court and a three-judge appeals panel ruled they were not, but in 2005, the full United States Court of Appeals for the First Circuit reversed this opinion. Privacy advocates were relieved; they had argued in Amicus curiae briefs that if the ECPA did not protect e-mail in temporary storage, its added protections were meaningless as virtually all electronic mail is stored temporarily in transit at least once and that Congress would have known this in 1986 when the law was passed. (see, e.g., RFC 822). The case was eventually dismissed on grounds unrelated to ECPA issues.
The seizure of a computer, used to operate an electronic bulletin board system, and containing private electronic mail which had been sent to (stored on) the bulletin board, but not read (retrieved) by the intended recipients, does not constitute an unlawful intercept under the Federal Wiretap Act, 18 U.S.C. s 2510, et seq., as amended by Title I of ECPA. Governments can actually track cell phones in real time without a search warrant under ECPA by analyzing information as to antennae being contacted by cell phones, as long as the cell phone is used in public where visual surveillance is available.
In Robbins v. Lower Merion School District (2010), also known as "WebcamGate", the plaintiffs charged that two suburban Philadelphia high schools violated ECPA by remotely activating the webcams embedded in school-issued laptops and monitoring the students at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.
ECPA has been criticized for failing to protect all communications and consumer records, mainly because the law is so outdated and out of touch with how people share, store, and use information nowadays. For instance, under the ECPA it is relatively easy for a government agency to demand that service providers hand over personal consumer data that has been stored on their servers.
For instance, email that is stored on a third party's server for more than 180 days is considered by the law to be abandoned, and all that is required to obtain the content of the emails by a law enforcement agency, is a written statement certifying that the information is relevant to an investigation, without judicial review.
When the law was initially passed, emails were stored on a third party's server for only a short period of time, just long enough to facilitate transfer of email to the consumer's email client, which was generally located on their personal or work computer. Now, with online email services prevalent such as Gmail and Hotmail, users are more likely to store emails online indefinitely, rather than to only keep them for less than 180 days. If the same emails were stored on the user's personal computer, it would require the police to obtain a warrant first for seizure of their contents, regardless of their age. When they are stored on an internet server however, no warrant is needed, starting 180 days after receipt of the message, under the law. In 2013 members of the U.S. Congress proposed to reform this procedure.
The ECPA also increased the list of crimes that can justify the use of surveillance as well as the number of judicial members who can authorize such surveillance. Data can be obtained on traffic and calling patterns of an individual or group without a warrant, allowing an agency to gain valuable intelligence and possibly invade privacy without any scrutiny, because the actual content of the communication is left untouched. While workplace communications are in theory protected, all that is needed to gain access to communiqué is for an employer to simply give notice or a supervisor to feel that the employee's actions are not in the company's interest. This means that with minimal assumptions an employer can monitor communications within the company. The ongoing debate is on where to limit the government's power to see into civilian lives, while balancing the need to curb national threats.
Last year, for example, the Justice Department argued in court that cellphone users had given up the expectation of privacy about their location by voluntarily giving that information to carriers. In April, it argued in a federal court in Colorado that it ought to have access to some e-mails without a search warrant. And federal law enforcement officials, citing technology advances, plan to ask for new regulations that would smooth their ability to perform legal wiretaps of various Internet communications.
- "Office of Justice Programs (OJP), U.S. Department of Justice (DOJ)". Retrieved 2013.
- 18 U.S.C.A. § 2510 (2012)
- In Re: Sealing and Non-disclosure of Pen/Trap/2703(d) Orders of May 30, 2008, p. 5
- 36 F.3d 457 (5th Cir. 1994).
- 402 F. Supp. 2d 597 (D. Md. 2005).
- Doug Stanglin (February 18, 2010). "School district accused of spying on kids via laptop webcams". USA Today. Retrieved February 19, 2010.
- "Initial LANrev System Findings", LMSD Redacted Forensic Analysis, L-3 Services – prepared for Ballard Spahr (LMSD's counsel), May 2010. Retrieved August 15, 2010.
- Andrea Peterson, "Privacy Protections for Cloud E-mail", Think Progress, March 20, 2013.
- Helft, Miguel and Claire Cain Miller, “News Analysis: 1986 Privacy Law Is Outrun by the Web”, New York Times, January 9, 2011. Retrieved 2011-01-10.