The year is 1986. Gasoline costs less than 90 cents per gallon. Kids are jamming to "Rock me Amadeus," although my brother is listening to Huey Lewis and the News while insisting that "Everybody Wang Chung Tonight!" Magnum, P.I. is pre-empted with news that the Space Shuttle Challenger has exploded. Mike Tyson has just become The Champ and Mr. T and his A-Team pals are using the latest technology just unveiled from IBM called the convertible computer (which would later be known as the laptop).
Oh yeah, and on October 21st of that year, Congress passes something called the Electronic Communications Privacy Act, the ECPA. It was designed to put some guidelines in place to for when law enforcement investigators might want to search data stored on a computer.
At the time, Congress said that a private computer, one in your home or your business, should have a strong standard of privacy, requiring a warrant issued by a judge before it could be searched. But, someone else's computer had a lower standard - merely requiring a subpoena from a prosecutor.
It was 1986. There was no Google; Facebook founder Mark Zuckerbeg was two years old (he may not even know how to Wang Chung); no one had email; dial-up modems were pretty much unheard of; and a cell phone looked like this:
Dr. Martin Cooper, inventor of the cellphone
We've come a long way in the 25 years since the ECPA was passed. And yet that 1986 law, unchanged, is still the standard today that is supposed to protect many of our communications.
Why is this important and why do we care? Well it has a lot to do with the lower standard of protection for your data that is on someone else's computer. "Wait a second," you say, "my email is on my computer." Think again, my friend, because for hundreds of millions of us our email is stored in the cloud, on servers used by companies like Gmail and Yahoo. Based on the ECPA, the privacy protection given to those emails is one of the lowest standards in law enforcement. An old, hand-written letter sitting out on your desk for anyone to see is more protected than encrypted emails you send.
The 1986 ECPA also does nothing to address the many other forms of communication that have cropped up over the past quarter century. It does not address social networks like Facebook, Skype, or Twitter. It does not deal at all with smartphones or the fact that the location of your iPhone or Android phone is being tracked all the time by Apple and Google.
What's really frightening is that the Justice Department is asking congress not to update the law. Law enforcement likes that most of our electronic communications are offered only feeble privacy protections. They don't want to have to go to a judge to get a search warrant to look at your emails, your cell phone data, or what you might have said in a private Skype or Facebook chat.
Searching email and cell phone records has become one of the most common ways of investigating crime. In testimony before congress earlier this year, Google said it got more than 4,000 requests for data from law enforcement in the first half of 2010. A few years ago, Verizon told congress that it gets 90,000 requests a year (data from this New York Times editorial). It is pretty safe to assume that those numbers have grown significantly since then.
The laws that are supposed to protect our privacy are hopelessly outdated and must be changed. In Michigan, the ACLU has been battling state police over the state's right to use data extraction devices; hand-held gadgets that can download address books, text messages, photos, and all kinds of other stuff from cell phones at the tap of a button. God forbid you get pulled over in Michigan while using your smartphone to check your Gmail! The police won't even know which way to violate your privacy rights first!
Congress needs to update the ECPA now. The idea that the law protecting our electronic communication was written... well before there really was electronic communication is a complete Joke. Lets write a new punch line!