A group of conservative and libertarian organizations along with legal counsel for Microsoft called on Congress Wednesday to reform Reagan-era legislation granting the government warrantless access to old emails held by U.S. tech companies — authority the Justice Department is using to try and obtain emails stored on a Microsoft server in Ireland.
TechFreedom, FreedomWorks, Heritage Action, Taxpayers Protection Alliance, Americans for Tax Reform and others sent a letter to Congress Wednesday encouraging lawmakers to take up reforms to the 1986 Electronic Communications Privacy Act (ECPA) — authority minted during the Reagan years that gives intelligence and law enforcement agencies like NSA and FBI warrantless access to stored electronic communications after 180 days.
“We, the undersigned, write in support of a simple principle: that law enforcement must convince a judge to issue a warrant before obtaining emails and the contents of other private online communications,” the groups said in a letter to House and Senate Judiciary Committee leaders Wednesday.
The groups called on lawmakers to advance the House’s Email Privacy Act and the Senate’s ECPA Amendments Act, both of which impose a warrant requirement on government agencies to access old emails. Both carry majority bipartisan support on both sides of the Capitol — including a veto-proof 290 yes votes in the House.
Wednesday’s letter urged lawmakers to forego exemption requests from a “carve-out” of agencies including the IRS, FTC, FEC, EPA and others who argue they should be able to compel companies like Microsoft to turn over emails belonging to a target of investigation by a simple showing of probable cause.
“Instead of allowing regulatory agencies to compel email and other cloud service providers to produce private data without a warrant, Congress should codify the trend of courts confronted with such situations: that the targets of regulatory investigations themselves remain subject to administrative subpoenas — and if they refuse to comply, they will be subject to appropriate sanctions,” the organizations wrote.
“It is difficult to imagine how Congressional Republicans could consider granting such new power to regulators, given the vast (and increasing) overreach of the regulatory state.”
The 30-year-old authority came under renewed scrutiny last year when the Justice Department tried to force Microsoft to turn over emails stored on a server in Dublin as part of a drug trafficking investigation. Microsoft argued in federal court the server was outside the government’s jurisdiction, while DOJ countered that as a U.S.-based company, Microsoft must comply with the order regardless of the server’s physical location.
A federal district court in New York sided with the government last summer, prompting Microsoft to appeal the ruling the U.S. Second Circuit Court of Appeals, where a decision is pending.
To help fight the case Microsoft enlisted Bancroft PLLC to act as legal counsel, where partners Jeffrey Harris and former U.S. Assistant Attorney General for Legal Policy Viet Dinh penned a white paper out Wednesday examining other legal measures the government could take to access such data instead of ECPA.
The Law Enforcement Access to Data Stored Abroad (LEADS) Act, another ECPA reform proposed in both chambers, recognizes requests like the Microsoft case should go through the Mutual Legal Assistance Treaty (MLAT) process — when one country seeks information about foreign nationals from the target’s native law enforcement agencies.
“When one country seeks information about another country’s nationals — such as when U.S. law enforcement officials seek information about foreign citizens that is stored on a server in a foreign country — this should be addressed on a government-to-government basis through an MLAT request,” the authors wrote. “It is wholly inappropriate to insert an email provider into what is fundamentally a dispute between two sovereign nations.”
The U.S. currently has MLAT agreements with more than 50 countries including Australia, Canada, Brazil, France, Germany,
India, Japan, Mexico, Russia, and the United Kingdom.
The LEADS Act establishes new framework for facilitating MLAT requests, including the creation of an online intake form to hear requests from foreign government, which will also serve as a best-practice process to encourage other countries to do the same, and a requirement for DOJ to publish the number of requests the government makes annually, as well as the time it takes to process those requests.
“When a country needs information about a foreign citizen that is stored in a foreign country, the proper way to obtain that information is to file a request with the other government through the well-established MLAT process — not to go directly to a private company with a warrant or subpoena for customer records,” the authors wrote. “The United States would view it as an egregious breach of protocol (and its own sovereignty) if a foreign government forced a multinational company to produce information about a U.S. citizen that was stored in the United States.”