Latest in ECPA

Cross-Border Data

The Simplest Cross-Border Fix: Removing ECPA’s Blocking Features

The House Judiciary Committee is holding a hearing at 10am this morning on cross-border data requests, featuring testimony from the Department of Justice, the U.K. government, Google, the Center for Democracy and Technology, state law enforcement, and yours truly. The hearing will be livestreamed here, where you can also find the written testimony.


ECPA Reform 2.0: Previewing the Debate in the 115th Congress

On January 9th, Reps. Yoder and Polis re-introduced the Email Privacy Act to update the Electronic Communications Privacy Act (ECPA) (there is no Senate companion bill yet). ECPA sets forth the rules for how federal, state and local government agencies (and foreign governments) obtain electronic communication content and metadata from U.S. service providers.

Privacy Paradox

Reactions to the Microsoft Warrant Case

Yesterday, the Second Circuit released its long-awaited opinion in the Microsoft Ireland case, ruling that the DOJ cannot compel Microsoft to produce emails stored on its Irish servers, because to do so would be an extraterritorial application of the Stored Communications Act (SCA), and nothing in the Act rebuts the presumption against extraterritoriality. I will have more to say about the case in the coming days, but I wanted to share a few initial reactions here.

Privacy Paradox

ACLU Seeks to Join Microsoft in ECPA Challenge

Yesterday, the ACLU filed a motion to join Microsoft’s ongoing challenge to the constitutionality of § 2705(b) of the Electronic Communications Privacy Act (ECPA), which permits the government to obtain gag orders that prohibit technology companies like Microsoft from disclosing to anyone that the government has obtained customer data. The case began last month when Microsoft filed a complaint in the District Court for the Western District of Washington.


ECPA Reform Passes the House -- Unanimously

As I've previously written, the Congress has been considering updating the Electronic Communications Privacy Act. The Act, first adopted in 1986, does not have a warrant requirement for government access to the content of older, stored email. I have testified in favor of modernizing ECPA to remove this historical oddity. Today, the House unanimously passed the Email Privacy Act (H.R. 699) today by a vote of 419-0.


ECPA and the Omnibus

While we are at it, I thought I would also call attention to this provision of the Omnibus. It appears in the section which funds the financial services agencies (that is, it applies to the IRS, SEC, FTC, GSA, and OMB):

Subscribe to Lawfare