Update May 26, 2016: Senate Judiciary Committee Chair Charles Grassley (R-IA) postponed marking up the Email Privacy Act. The committee website will provide further details on whether or not the bill will be marked up in June.
The Senate Judiciary Committee is expected to vote on the Email Privacy Act on Thursday. Senators Patrick Leahy (D-VT) and Mike Lee (R-UT) plan to introduce near-identical text of the House-passed bill, H.R. 699, as substitute language for the existing Senate bill, S. 356. This manager’s amendment contains minor changes. In addition, up to eight different amendments may be offered.
The Email Privacy Act would amend the Electronic Communications Privacy Act (ECPA) to require the government to get a probable cause warrant from a judge before obtaining private content stored in the “cloud” with companies such as Google, Facebook, and Dropbox. The House of Representatives passed H.R. 699 last month by a unanimous vote of 419-0. The Senate Judiciary Committee held a hearing last September on the need to reform ECPA and codify the Sixth Circuit Court of Appeals’ 2010 ruling that the government violated the Fourth Amendment when it obtained emails stored by third parties without a probable cause warrant.
EFF recommends senators vote "NO" on all amendments except the manager's amendment, and HEN16524 by Sen. Jeff Flake (R-AZ), which would loosen the gag requirements of ECPA that are contested in a recent lawsuit by Microsoft.
The committee must reject the other amendments, especially one by Senators Lindsey Graham (R-SC), Sheldon Whitehouse (D-RI), and Richard Blumenthal (D-CT) that would "reform" the Computer Fraud and Abuse Act (OLL16603); and the electronic communication transactional records (ECTR) amendment (OLL16601) by Sen. John Cornyn (R-TX) that would expand the types of information the FBI can obtain with a National Security Letter, without prior judicial oversight.
The committee must also defeat amendments that would create a so-called mandatory emergency exception—a requirement that service providers comply with government requests for user data when the government claims emergency circumstances, again without prior oversight by a court. The mandatory emergency exception is found in two amendments by Sen. Jeff Sessions (R-AL). EFF recommends senators vote "NO" on both amendments: HEN16527 and HEN16529. These amendments are unnecessary because ECPA (18 U.S.C. § 2702) already permits service providers to hand over content or other records in an “emergency involving danger of death or serious physical injury to any person.” And it is beneficial for users that service providers may withhold data when they believe that the government is fraudulently using the emergency exception to bypass due process requirements. In 2010, for example, the Department of Justice’s Inspector General found that “exigent letters and informal requests were used in circumstances that do not appear to qualify as emergencies under Section 2702” (p. 261).
We urge the Senate Judiciary Committee to pass a “clean” bill without any further amendments that would weaken the privacy protections in the legislation. Please contact your senators and urge them to pass a strong Email Privacy Act so that your emails and private documents stored online have the same protection as those stored in your home or office!