Goodlatte’s resistance is proving to be a major stumbling block, even though the bill already has more cosponsors than it would need votes to pass.
Under the Electronic Communications Privacy Act, the government can seize emails that have been opened or that are more than 180 days old without judicial approval. When lawmakers passed ECPA in 1986, they assumed that if a person hadn’t downloaded and deleted an email within six months, it could be considered abandoned and wouldn’t require strict privacy protections. While one federal appeals court ruled in 2010 that the Constitution requires police to obtain a warrant to access emails, other courts have concluded that people lose privacy protections when they share information with third parties such as email providers.
“When current law affords more protections for a letter in a filing cabinet than an email on a server, it’s clear our policies are outdated,” Rep. Suzan DelBene, a Washington Democrat and cosponsor of the bill, said at Tuesday’s hearing.
“We are not well-served by a law whose application is unpredictable, and that the courts have had great difficulty interpreting,” said Rep. John Conyers, the top Democrat on the committee. “Because of the rapid pace of technological change, this situation will only get worse if we do not act.”
But Goodlatte argued that Congress should protect the “legitimate needs of law enforcement” by amending the Email Privacy Act to include warrant exemptions for emergencies and other circumstances. “One of the goals of this legislation is to treat searches in the virtual world and the physical world equally, so it makes sense that the exceptions to the warrant requirement and the procedures governing service of warrants should also be harmonized,” he argued.
The Judiciary Committee chairman also warned that there are “serious public safety” concerns with a provision that would require police to serve the criminal suspect with the warrant instead of just the suspect’s email provider. And he argued that the bill could undermine investigations by Congress and civil agencies, which don’t have access to criminal warrants.
That concern was echoed by Andrew Ceresney, the head of enforcement at the Securities and Exchange Commission. The Email Privacy Act, Ceresney testified, “poses significant risks to the American public by impeding the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct.”
But Ceresney acknowledged that the SEC hasn’t tried to subpoena email providers since the appeals court granted constitutional protections to remotely stored content in 2010. The bill’s supporters also argued that civil agencies such as the SEC should just continue forcing the targets of their investigations to turn over records instead of going to email providers like Google.