Does 25-Year-Old Legislation Adequately Protect Internet Privacy?

A quarter century ago today, Wired reports, then-President Ronald Reagan signed the Electronic Communications Privacy Act into law.

At the time, the act was more than sufficient in terms of digital protection, as we didn't use cellphones, nor was there a world wide web where people could write to each other using "email."

It's hosted email providers -- Yahoo, Gmail, Hotmail, etc. -- that Wired notes are now left unprotected by ECPA, which states that authorities can access email accounts on third-party servers if they are six months old or older without warrant. Wired continues:

ECPA was adopted at a time when e-mail, for example, wasn’t stored on servers for a long time. Instead, e-mail was held there briefly before recipients downloaded it to their inbox on software running on their own computer.

During the Reagan administration, e-mail more than six months old was assumed abandoned, and that’s why the law allowed the government to get it without a warrant. At the time, there wasn’t much of any e-mail for the authorities to acquire because a consumer’s hard drive — not the cloud — hosted their inbox.

But technology has evolved dramatically following EPCA’s passage. E-mail often remains stored on cloud servers indefinitely, in gigabytes upon gigabytes. That means the authorities may access gigs of e-mails, or other cloud-stored content, without warrants if it’s older than six months. The law, believe it or not, still considers as abandoned any e-mail or other files housed on servers for more than 6 months.

Sen. Patrick Leahy, Wired reports, introduced a bill to update this law, of which he was the lead author in 1986, but that he has yet to receive a co-sponsor for it. Leahy proposes needing a warrant for all content.

In a statement in May 2011, Leahy said "Since the Electronic Communications Privacy Act was first enacted in 1986, ECPA has been one of our nation’s premiere privacy laws. But, today, this law is significantly outdated and out-paced by rapid changes in technology and the changing mission of our law enforcement agencies after September 11.  Updating this law to reflect the realities of our time is essential to ensuring that our federal privacy laws keep pace with new technologies and the new threats to our security.”

At the beginning of the year, the New York Times also reported Internet advocacy groups stating the law is outdated:

Many Internet companies and consumer advocates say the main law governing communication privacy — enacted in 1986, before cellphone and e-mail use was widespread, and before social networking was even conceived — is outdated, affording more protection to letters in a file cabinet than e-mail on a server.

They acknowledge that access to information is important for fighting crime and terrorism, but say they are dealing with a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty.

Wired writes that 9/11 sentiment part of the reason why the government is maintaining the six month or older rule even though some groups think it should be updated with a change in the times and technology. Wired reports Associate Deputy Attorney General James Baker as saying that requiring a warrant for all content would have "collateral consequences to criminal law enforcement and the national security."