January 28th marked the fifth annual Data Privacy Day, a celebration of the importance of data privacy protection. In our increasingly digital world, it is essential that we protect our data and use personal information responsibly.
This year's official theme, "Respecting Privacy, Safeguarding Data and Enabling Trust," is particularly pertinent to our urgent need to reform the Electronic Communications Privacy Act (ECPA). Enacted in 1986, ECPA makes legal distinctions that defy users' reasonable expectations of privacy. Internet users, however, are largely unaware that electronic or cloud-based communications may be subject to less protection under ECPA.
Private emails, instant messages, text messages, Word documents and spreadsheets, photos, Internet search queries and private posts made over social networks should be afforded the same legal protections as documents stored on a hard drive or letters filed in a drawer and secured in the home. There is no policy rationale for making distinctions between these types of private communications.
Users do not expect that electronic communications in the cloud will be subject to less privacy protection. However, a single email may be subject to different legal standards (i.e. warrant, 2703d court order, or subpoena), depending on whether it is in transit, in storage, how long it is in storage, or whether it has been opened.
By contrast, a document that sits on the hard drive of a computer is fully protected by the warrant clause of the Fourth Amendment, regardless of when it was created, viewed, or for how long it has been stored.
A warrant-for-content standard, as reflected by the legislation passed by the U.S. Senate Judiciary Committee last year, would bring all stored communications under the same probable cause standard set forth under the Fourth Amendment, regardless of whether the communication was opened or unopened or how long the communication remained unopened.
A warrant-for-content rule is consistent with the original concerns that drove Congress to pass ECPA. Congress sought to achieve "a fair balance between the privacy expectations of citizens and the legitimate needs of law enforcement." Congress also wanted to encourage the development and use of new technologies and services and expressed concerns that legal ambiguities about the privacy of new forms of electronic communications "may unnecessarily discourage potential customers from using innovative communications systems."
Last week, Google released their latest Transparency Report, which discloses the number government requests for users' data. The data covered July through December 2012 and showed a continued increase in requests, growing 6 percent over the first half of 2012. Since 2009, when Google released the first iteration of the report, government requests in the United States have increased by 136 percent.
The data underscores the importance of updating ECPA, which was drafted over 25 years ago, long before social networks or apps even existed. Since then, the way Americans use technology has dramatically changed, but ECPA has not, creating a real gap between the law and our users' reasonable expectations of privacy.
Law enforcement agencies have a legitimate need for this data, but we strongly believe that the same procedural protections that apply to offline data should apply to online data that is stored by Google and other cloud services.
Data Privacy Day is intended to educate consumers about how to best protect their privacy online and generate discussion about data privacy rights. It also serves as a good reminder that we must seize this timely opportunity to push for ECPA reform.
Rey Ramsey is the President and CEO of TechNet.