State lawmakers have been busy worrying about online privacy this week.
On Tuesday, the Texas legislature sent a bill to Governor Rick Perry that would require investigators to get warrants if they want to read people’s e-mails. That law goes further than the 1986 law that guides such activity at the federal level. Then, on Wednesday, Maine’s House of Representatives passed a bill requiring warrants for those seeking location information about cell phone users. The bill now goes back to the state’s Senate, which has already passed it, for enactment.
Each bill, if it becomes law, would be the first of its kind, according to privacy advocates.
The zeal for electronic privacy in statehouses seems to be spreading. California’s state assembly will hold a hearing on an e-mail privacy bill next month. (Lawmakers in that state have also been trying to pass tough cell phone privacy bills for a while, but Governor Jerry Brown has been vetoing them.)
The practical effects are limited, since state laws can restrict only their own governments; federal investigators could still come to Texas and read all the e-mail they want.
That’s OK, though, because to a certain extent this is lobbying in the form of lawmaking. The real action is taking place in Washington, where a swath of interested parties, ranging from technology companies to libertarians, has been pushing for changes to the 1986 Electronic Communications Privacy Act. The law, intended to extend protections against wiretapping to electronic communications, was written before most of the behavior it now regulates existed.
“Hopefully one of the things that comes from all these states doing this legislation is that it pressures Congress to act,” says Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation. But, he quickly adds, “I wouldn’t say that it’s only symbolic.”
The federal government seems eager to play along—on some things. It’s pretty hard to argue that online activity should be regulated by a law written three years before the World Wide Web was invented. The federal law didn’t foresee a world in which people’s most private information was held on computer servers that didn’t belong to them or they carried around devices that sent constant information about their locations to private corporations. So it made some distinctions that don’t make any sense today. It gives more protection to recent e-mails than older ones, for example, and special protection to unopened messages. Updating the law could also clarify who would be allowed to access electronic communications in situations such as litigation, civil investigations by government agencies, and divorce proceedings.
“There is no principled basis to treat e-mail less than 180 days old differently than e-mail more than 180 days old,” Elana Tyrangiel, Acting Assistant Attorney General for the Office of Legal Policy, told Congress in March. (Tyrangiel is the sister of Bloomberg Businessweek editor in chief Josh Tyrangiel.)
Law enforcement officials don’t necessarily share the principle that cell phone location should be harder to get at, though. The police were the driving force behind getting Governor Brown to veto cell phone privacy legislation in California, and they have been pushing back on any attempt to put similar language into new federal legislation.
With cloudy prospects for federal legislation, and limited power for state laws, this issue seems destined to spend its near future in the courts. So far, that has not served as any way to a clear conclusion: according to Digital Due Process, a privacy advocacy group, there have been over 30 federal court opinions on access to cell phone data in the last five years. No consensus is emerging.