After almost three years of delay House lawmakers will vote Wednesday to advance legislation preventing the government from accessing Americans’ old emails without a warrant.
The Email Privacy Act, introduced in 2013 by Kansas Republican Rep. Kevin Yoder, closes a loophole in the thirty-year-old Electronic Communications Privacy Act allowing the government to subpoena Americans’ emails from online service providers after they turn 180 days old, instead of securing a warrant.
Representatives on the House Judiciary Committee will vote to markup the bill Wednesday, advancing at along last thanks to an amendment compromise between Yoder and House Judiciary Committee Chairman Bob Goodlatte.
Goodlatte, accused by privacy advocates of stalling on the bill boasting 309 bipartisan cosponsors, will include a substitute amendment, obtained by The Hill, making some notable changes to the bill. Changes include the removal of a requirement for the government to notify Americans after obtaining their emails, a provision ensuring Congress’ ability to obtain emails in investigations and nuances to technical terminology.
If adopted, the amendment will remove a provision mandating law enforcement notify an individual within 10 days of acquiring their emails, and federal agencies within three days.
Goodlatte and others removed the provision out of concern notifying the subjects of investigations could negatively impact those investigations. Private companies will be allowed to notify their users at will if served with a warrant.
The amendment clarifies a distinction between documents simply stored on a cloud computing service and emails, and explicitly states nothing in the bill can impede Congress’ investigatory powers, including seeking wire or electronic communications.
Most important to supporters, it does not include a carve-out for state and federal agencies including the Federal Trade Commission and the Securities and Exchange Commission, which sought to preserve the subpoena power to get emails in civil cases, where they’re unable to use criminal warrants.
The FTC, the federal agency chiefly responsible for ensuring adequate privacy safeguards are in place over tech companies like Google, was widely criticized for pursuing a carve-out, including by one of its own.
“I am not convinced that this authority is necessary to maintain the commission’s effectiveness as a law enforcement agency now or in cases that we can presently foresee,” outgoing FTC Commissioner Julie Brill said in a statement dissenting from the FTC’s position on the issue in September.
During a hearing before Congress last year representatives from both agencies admitted they hadn’t actually sought to use the loophole in recent years, but wished to safeguard it as a tool regardless.
“On the other hand,” Brill continued, “I am concerned that a judicial mechanism for civil law enforcement agencies to obtain content from ECPA providers could entrench authority that has the potential to lead to invasions of individuals’ privacy and, under some circumstances, may be unconstitutional in practice.”
Also a concern among privacy advocates, Goodlatte forewent adding a provision forcing companies to turn over emails immediately in the event of an emergency.
The legislation boasts a veto-proof supermajority of support, including that of Patriot Act author Jim Sensenbrenner, and underscores a high-profile case involving Microsoft and the Justice Department. Feds cited the loophole in the Reagan-era legislation as justification for a subpoena ordering the company to turn over emails stored in an overseas server.
Department of Justice attorneys argue as a company based in the U.S., Microsoft must comply with the subpoena to turn over cloud-stored Outlook emails housed in a Dublin, Ireland server as part of a drug trafficking investigation.
Other legislation aimed at addressing the case pending before the Second Circuit Court of Appeals includes the ECPA Amendments Act, the Senate’s equivalent to the Email Privacy Act, and the Law Enforcement Access to Data Stored Abroad (LEADS) Act.
The latter bipartisan legislation is principally designed to prevent U.S. agencies from compelling companies to turn over user data stored in overseas servers, unless the account holder is a U.S. citizen. The bill would also update the Mutual Legal Assistance Treaty process, which allows governments to pursue such information from law enforcement in their countries of origin.