Government Access to Electronic Communications—Updating the Rules

The Electronic Communications Privacy Act (ECPA) was a forward-looking statute when enacted in 1986. It specified standards for law enforcement access to e-mail and other electronic communications and transactional data, affording important privacy protections to subscribers of emerging wireless and Internet technologies. As providers of electronic communications services, educational institutions are covered by ECPA.

Dramatic advances in technology and business models since 1986 have far outpaced the law. As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for service providers, their customers, and law enforcement agencies. Two examples: the statute may not adequately protect the vast amounts of personal information stored "in the cloud" or mobile location data that reveals our minute-by-minute movements.

After more than two years of dialogue, privacy advocates, think tanks from across the ideological spectrum, legal scholars, and major Internet and communication service providers have developed a core set of principles to update ECPA to apply to new services and technologies. Key recommendations are to extend the traditional requirement of a judicial warrant to private content stored in the cloud and to mobile tracking data. The U.S. Department of Justice is likely to have its own set of counterproposals. This session will explore current standards for government surveillance, the technological changes that are outpacing the law, and recommendations for updating ECPA.