A law that allows the government to read email and cloud-stored data over six months old without a search warrant is under attack from technology companies, trade associations and lobbying groups, which are pressing US Congress to tighten privacy protections. Federal investigators have used the law to view content hosted by third-party providers for civil and criminal lawsuits, in some cases without giving notice to the individual being investigated.
Nearly 30 years after US Congress passed the law, the Electronic Communications Privacy Act, which government officials have interpreted to cover newer technologies, cloud computing companies are scrambling to reassure their customers, and some clients are taking their business to other countries.
Ben Young, the general counsel for Peer 1, a web hosting company based in Vancouver, British Columbia, said his customers were keeping their business out of the US because the country "has a serious branding problem."
"We've enjoyed a competitive advantage in Canada," he said, "because the public perception in the business community is that American law enforcement has more access to data than in other parts of the world."
Places such as Germany, Iceland and Switzerland are trading on a reputation of stronger protections for companies, but such safeguards are not universally tighter than those in the United States. "Some countries are stricter on privacy, and some of them are not," said Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, a technology advocacy group.
Privacy has been an increasing concern since Edward J Snowden's revelations last year about bulk data collection by the National Security Agency, but an overhaul of the Electronic Communications Privacy Act has failed to break into the national conversation. "Because it's not sexy," said Katie McAuliffe, the executive director for digital liberty at Americans for Tax Reform.
The US' image problem has caused "real, tangible harm" for businesses, said Christian Dawson, the chief operating officer at ServInt, a web hosting company based in Reston, Va. "It's very easy for providers outside the country to say, 'Hey, move your business offshore into an area that cares more about your privacy.' They don't have better laws necessarily. They have a better marketing department."
Silicon Valley giants like Facebook, Twitter and Google say they will no longer hand over their customers' data without a search warrant. But smaller web hosting and cloud computing companies may be outmuscled by law enforcement officials as they try to protect their customers, said Ron Yokubaitis, the co-chief executive of Data Foundry, a data centre company based in Texas. "Mostly, they are going to comply because they don't know their rights or can't spend the money to resist," he said.
A coalition of technology companies, trade associations and lobbying groups, called Digital Due Process, is pushing Congress to bolster privacy rules. Bipartisan bills in the House and the Senate have brought together a hodgepodge of supporters, including liberals and Tea Party favourites.
Senator Mike Lee, Republican of Utah, co-sponsored the Senate bill. He said in a recent interview that "like most Americans," he was shocked to find that the 1986 statute was on the books.
"Almost every American thinks that it is frightening that we have a law that suggests that the government has the right to read your email after only 180 days," Lee said. "It's an easy issue in which to achieve bipartisan compromise and consensus."
The bill would require a search warrant for access to electronic communications, with exceptions for some emergency situations. It would also require the government to notify individuals within 10 days that their information was being investigated. However, it does not address rules for location data, like GPS information from an individual's cellphone.
The Senate Judiciary Committee approved the bill a year ago, but it has since stalled. One reason is resistance from federal investigating agencies that use subpoenas to gain access to electronic communications in civil cases, particularly the Securities and Exchange Commission.
"The SEC cannot get a search warrant, so a bill that requires a warrant to obtain emails from an ISP would undermine the SEC's ability to protect American investors and hold wrongdoers accountable," said Andrew Ceresney, the director of the Division of Enforcement at the SEC, referring to Internet service providers. Instead, the SEC would have to rely on an individual's voluntary disclosure of digital content.
But some legal experts, and at least one appeals court, do not find that argument compelling. "The courts say that email on a server somewhere is like email in your virtual home," said Orin S Kerr, a professor at George Washington University Law School. "We wouldn't say the SEC should have the power to tell your landlord to break into your apartment and get evidence. The same rule should apply."
The United States Court of Appeals for the Sixth Circuit, in Cincinnati, ruled in 2010 that part of the Electronic Communications Privacy Act was unconstitutional. Since the decision, most major technology companies have required a search warrant for customers' content.
Nearly 30 years after US Congress passed the law, the Electronic Communications Privacy Act, which government officials have interpreted to cover newer technologies, cloud computing companies are scrambling to reassure their customers, and some clients are taking their business to other countries.
Ben Young, the general counsel for Peer 1, a web hosting company based in Vancouver, British Columbia, said his customers were keeping their business out of the US because the country "has a serious branding problem."
"We've enjoyed a competitive advantage in Canada," he said, "because the public perception in the business community is that American law enforcement has more access to data than in other parts of the world."
Places such as Germany, Iceland and Switzerland are trading on a reputation of stronger protections for companies, but such safeguards are not universally tighter than those in the United States. "Some countries are stricter on privacy, and some of them are not," said Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, a technology advocacy group.
Privacy has been an increasing concern since Edward J Snowden's revelations last year about bulk data collection by the National Security Agency, but an overhaul of the Electronic Communications Privacy Act has failed to break into the national conversation. "Because it's not sexy," said Katie McAuliffe, the executive director for digital liberty at Americans for Tax Reform.
The US' image problem has caused "real, tangible harm" for businesses, said Christian Dawson, the chief operating officer at ServInt, a web hosting company based in Reston, Va. "It's very easy for providers outside the country to say, 'Hey, move your business offshore into an area that cares more about your privacy.' They don't have better laws necessarily. They have a better marketing department."
Silicon Valley giants like Facebook, Twitter and Google say they will no longer hand over their customers' data without a search warrant. But smaller web hosting and cloud computing companies may be outmuscled by law enforcement officials as they try to protect their customers, said Ron Yokubaitis, the co-chief executive of Data Foundry, a data centre company based in Texas. "Mostly, they are going to comply because they don't know their rights or can't spend the money to resist," he said.
A coalition of technology companies, trade associations and lobbying groups, called Digital Due Process, is pushing Congress to bolster privacy rules. Bipartisan bills in the House and the Senate have brought together a hodgepodge of supporters, including liberals and Tea Party favourites.
Senator Mike Lee, Republican of Utah, co-sponsored the Senate bill. He said in a recent interview that "like most Americans," he was shocked to find that the 1986 statute was on the books.
"Almost every American thinks that it is frightening that we have a law that suggests that the government has the right to read your email after only 180 days," Lee said. "It's an easy issue in which to achieve bipartisan compromise and consensus."
The bill would require a search warrant for access to electronic communications, with exceptions for some emergency situations. It would also require the government to notify individuals within 10 days that their information was being investigated. However, it does not address rules for location data, like GPS information from an individual's cellphone.
The Senate Judiciary Committee approved the bill a year ago, but it has since stalled. One reason is resistance from federal investigating agencies that use subpoenas to gain access to electronic communications in civil cases, particularly the Securities and Exchange Commission.
"The SEC cannot get a search warrant, so a bill that requires a warrant to obtain emails from an ISP would undermine the SEC's ability to protect American investors and hold wrongdoers accountable," said Andrew Ceresney, the director of the Division of Enforcement at the SEC, referring to Internet service providers. Instead, the SEC would have to rely on an individual's voluntary disclosure of digital content.
But some legal experts, and at least one appeals court, do not find that argument compelling. "The courts say that email on a server somewhere is like email in your virtual home," said Orin S Kerr, a professor at George Washington University Law School. "We wouldn't say the SEC should have the power to tell your landlord to break into your apartment and get evidence. The same rule should apply."
The United States Court of Appeals for the Sixth Circuit, in Cincinnati, ruled in 2010 that part of the Electronic Communications Privacy Act was unconstitutional. Since the decision, most major technology companies have required a search warrant for customers' content.
© 2014 The New York Times News Service