Electronic Communications Privacy Act of 1986
The Electronic Communications Privacy Act (ECPA) of 1986 is a significant U.S. law aimed at safeguarding the privacy of individuals' electronic communications. It prohibits the unauthorized interception of wire, oral, or electronic communications while outlining specific circumstances under which government agencies can legally intercept such communications. The law evolved from earlier legislation, including the Federal Wiretap Act of 1968, in response to the burgeoning use of computers and electronic communications during the early 1980s.
Since its enactment, ECPA has undergone multiple amendments, particularly after the September 11, 2001, terrorist attacks, which intensified the dialogue surrounding privacy rights versus national security. These amendments have expanded government surveillance capabilities, allowing for broader access to communications data under certain conditions, such as in cases of terrorism or computer fraud. However, the rise of new technologies, such as smartphones and cloud computing, has introduced complexities in interpreting and applying the law, especially concerning the privacy expectations surrounding stored communications.
As a result, ECPA continues to be a vital subject of discussion, reflecting the ongoing tension between the need for security and the protection of individual privacy rights in an increasingly digital world.
Electronic Communications Privacy Act of 1986
The Electronic Communications Privacy Act (ECPA) of 1986 prohibits the interception of private wire, oral, or electronic communications, outlines the circumstances under which such communications may be intercepted by the government, and describes the requisite procedures for the government to conduct such an investigation. Developments in telecommunications technologies have complicated the application of ECPA, and the law has been amended numerous times since the terrorist attacks of September 11, 2001, furthering the debate over individual privacy rights versus national security concerns.
Background
In the early 1980s, the growing use of computers for communication prompted Congress to update the Omnibus Crime Control and Safe Streets Act of 1968, better known as the Federal Wiretap Act, which protected citizens’ rights to privacy in oral and telephone communications. Passed on October 21, 1986, the Electronic Communications Privacy Act (ECPA) also sought to build upon the Foreign Intelligence Surveillance Act of 1978 (FISA).
ECPA generally prohibits private individuals from intercepting wire, oral, or electronic communications. Some states allow such interception if one or more parties consent. Under ECPA, interception is also permitted in workplace settings during the course of routine business operations. Law enforcement and other government agencies must follow protocols outlined by ECPA in order to intercept individuals’ communications as part of an ongoing investigation. To gain access to such communications, the investigating agent or official would have to obtain a warrant or subpoena, depending on the communication type. The law provided complaint mechanisms for individuals whose communications were illegally intercepted by other individuals or a corporate entity but not by the government.
At the time ECPA was enacted, computer communications were in their infancy. Electronic communications were conducted within small networks and stored on local servers, typically in a business environment. Interception, as defined under ECPA, has therefore been limited to transmission, and e-mail left unopened for an extended period was treated like abandoned property. As technology has evolved and personal computing grown over the decades since ECPA was passed, several court cases have revealed the gray areas and inconsistencies in the law’s application. Interception of live phone calls has been treated differently from accessing stored voicemail, while e-mail, either opened or unopened, has been subject to different standards than those for either type of telephone interaction. The advent of the Internet posed greater challenges still, as information posted to password-protected websites also came to be considered electronic communications with similar expectations of privacy. In the 2000s and early 2010s, individual use of smartphones and cloud computing introduced new problems as personal electronic communications and documents were increasingly stored in remote servers, rather than on home computers, which are fully protected by the Fourth Amendment provisions regarding search and seizure. Moreover, defining the “transmission” time for such electronic transactions has grown more difficult.
Electronic Communications Privacy Act Today
ECPA has been amended and expanded several times since 2001, in the months immediately following the September 11 terrorist attacks. The USA PATRIOT Act of 2001 authorized law enforcement and government officials to intercept communications that show evidence of terrorist or computer fraud activities; disclose the contents of communications that contain foreign intelligence to appropriate officials; and approve nationwide searches for electronic evidence. The law also allows the government to conduct “roving electronic surveillance” in cases where a target might thwart an ongoing investigation; to seize voicemails under warrant; and to subpoena communications metadata, such as the length of and parties to a telephone call. Under the act, service providers could disclose customer communications to the government in a potentially life-threatening emergency. Interception devices were limited to recording metadata, not contents, of communications, and they could not be used in investigations conducted “on the basis of activities protected by the first amendment to the US Constitution.” The USA PATRIOT Act made federal officials and employees liable to administrative action or civil suit for disclosure violations.
In 2005, the USA PATRIOT Improvement and Reauthorization Act amended the criteria and protocols for roving wiretap authorizations, expanded the definition of terrorist and criminal activities subject to surveillance, and allowed the government to delay notice of a search warrant; it also mandated that service providers disclose customer information to the government if requested for foreign intelligence purposes. The Additional Reauthorizing Amendments Act of 2006 exempted libraries that do not offer “electronic communication service” from the rules governing service providers. The reauthorization acts of 2006, 2009, and 2011 all provided for the continued use of “roving electronic surveillance.”
In 2013, documents leaked by Edward Snowden revealed National Security Administration (NSA) mass surveillance programs that had recorded phone metadata, user data from e-mail and social media providers, and web traffic data, affecting both foreign and domestic communications users. That same year Congress began considering the Electronic Communications Privacy Act Amendments Act, which sought to prohibit a service provider from intentionally disclosing the contents of communications that it stores or maintains to the government. It would also require an investigating law enforcement or governmental agency to produce a warrant and notice the affected customer within a specified period. Under this bill, subpoenas could be used to require a sender or receiver to disclose a communication’s contents to the government or to require disclosure of contents on a company- or organization-owned electronic communications system.
The Fourth Amendment Preservation and Protection Act of 2013 was proposed to prevent the government from acquiring information from “third-party” records systems such as those kept by service providers. Similarly, the Online Communications and Geolocation Act was introduced to require communications disclosures only under warrant and to prevent the interception of individuals’ geolocation data with few exceptions.
Three provisions of the USA PATRIOT Act’s Section 215 expired on June 1, 2015. The provisions had allowed the NSA’s bulk collection of private phone records, roving wiretaps, and tracking of suspected terrorists without known ties to foreign organizations or nations. On June 2, 2015, President Barack Obama signed the USA Freedom Act into law. The law extends the provisions allowing roving wiretaps and tracking of suspected terrorists, but prevents the NSA from routinely collecting phone record metadata in bulk from telecommunications companies. While the law still requires telecommunications companies to collect and store telephone records, the it requires the NSA to obtain approval from the Foreign Intelligence Surveillance Court before it can access targeted, rather than bulk, metadata.
Bibliography
Ackerman, Spencer. “Surveillance Reform Bill Returns with Concessions to NSA on Data Collection.” Guardian. Guardian News and Media, 23 Apr. 2015. Web. 11 June 2015.
Becker, Mark. “The Electronic Communications Privacy Act.” The Communications Act: A Legislative History of the Major Amendments, 1934–1996. Ed. Max D. Paglin, Joel Rosenbloom, and James R. Hobson. Silver Spring: Pike, 1999. 120–24. Print.
“Electronic Communications Privacy Act (ECPA).” EPIC.org. Electronic Privacy Information Center, n.d. Web. 12 Sept. 2013.
“Electronic Communications Privacy Act of 1986 (ECPA).” Justice Information Sharing. US Dept. of Justice, Office of Justice Programs, 21 Mar. 2012. Web. 13 Sept. 2013.
Frackman, Andrew, Rebecca C. Martin, and Claudia Ray. “The Electronic Communications Privacy Act of 1986.” Internet and Online Privacy: A Legal and Business Guide. New York: ALM, 2002. 113–18. Print.
“H.R. 1847 – Electronic Communications Privacy Act Amendments Act of 2013.” Congress.gov. Lib. of Congress, n.d. Web. 13 Sept. 2013.
“H.R. 2048 – USA FREEDOM Act of 2015.” Congress.gov. Lib. of Congress, 2 June 2015. Web. 11 June 2015.
Reuters. “U.S. Phone Companies Escape New Data Storage Mandate in Surveillance Bill.” Reuters. Thomson Reuters, 2 June 2015. Web. 11 June 2015.
“S.607 – Electronic Communications Privacy Act Amendments Act of 2013.” Congress.gov. Lib. of Congress, n.d. Web. 13 Sept. 2013.
Stray, Jonathan. “FAQ: What You Need to Know about the NSA’s Surveillance Programs.” ProPublica. Pro Publica, 5 Aug. 2013. Web. 17 Sept. 2013.
“Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act).” Justice Information Sharing. US Dept of Justice, Office of Justice Programs, 22 Mar. 2012. Web. 13 Sept. 2013.