Email Privacy Act Introduced With Bi-Partisan Support in the House
On January 9, 2017, lawmakers in the House re-introduced legislation, the Email Privacy Act, which, if enacted, would require the government to obtain a court-issued warrant to access electronic communications, including emails and social networking messages, from cloud providers (e.g., Google, Yahoo) when such communications are older than 180 days. Current law, the Electronic Communications Privacy Act (ECPA), only requires court-issued warrants for electronic communications that are 180 days old or less, but authorizes law enforcement and some government agencies — such as the SEC — to obtain electronic communications from cloud providers with a subpoena, issued by a prosecutor without approval of a judge, if the communications are older than 180 days.
Supporters of the Email Privacy Act point out that, when Congress enacted the ECPA in 1986, electronic storage was expensive and email service providers typically deleted electronic communications within 90 days. Congress, when enacting the ECPA, did not require warrants for electronic communications that were older than 180 days, because such communications were, to the limited extent any existed, considered “abandoned property.” Supporters of the Email Privacy Act contend that Congress looked at then existing technology and never contemplated that one day many people would store their electronic communications with email service providers for well beyond 180 days. The Email Privacy Act would, according to supporters, fix this outdated flaw in the ECPA.