Seven Points Experts Are Making About Reforming Outdated Laws for Today’s Tech

Posted in Government Access to Data, Policy Reform

sunscreen expired washingtonAlthough computing has changed, many of our electronic privacy laws have not been updated in the past 30 years. Today, the limitations of our laws don’t match people’s privacy expectations – and they don’t address the challenges law enforcement faces in working to keep the public safe.

But don’t just take our word for it. Here’s what others are saying:

1. Yesterday’s electronic privacy laws don’t meet today’s needs.

“As Congress works to reform our domestic privacy laws, we must modernize the legal framework for government access to digital data stored around the world.”
– Sen. Orrin Hatch (R-Utah), statement on the reintroduction of the LEADS Act, February 2015

“In today’s Digital Age, we store incalculable quantities of personal information on cloud servers which may be located anywhere in the world, something 1980s-era ECPA never anticipated. It’s time to modernize the way we conduct digital trade and the legal framework that controls how law enforcement agencies interact with this data.”
– US Cyber Challenge National Director Karen Evans, The Hill, March 2015

“As increasing amounts of personal data are stored digitally, questions of Fourth Amendment protections for digital data will become even more critical in assuring the future of digital privacy.”
– The Brennan Center at New York University School of Law, Amicus Brief, December 2014

2. Law enforcement shouldn’t be able to access email without a warrant.

“Americans are stunned, my constituents are stunned, when they hear that without a warrant, without notice, without due process, that [law enforcement] can look at their emails, look at their content in the cloud … to build a case against them.”
– U.S. Rep. Kevin Yoder (R-Kansas), National Journal, May 2015

“Requiring warrants for all content stored in the U.S. would mark a significant step forward for privacy.”
– Center for Democracy & Technology Senior Counsel Greg Nojeim, Blog Post, September 2014

3. Warrants shouldn’t reach outside the United States.

“United States search warrants do not have extraterritorial reach. The government is trying to do an end run.”
– Electronic Frontier Foundation Senior Staff Attorney Lee Tien, The New York Times, June 2014

“…There is no indication whatsoever that Congress ever intended that search warrants for electronic communications apply to the contents of customer-owned communications and data stored outside the United States”
– Verizon Communications Inc., Cisco Systems, Inc., Hewlett-Packard Co., Ebay Inc., Salesforce.com Inc., and Infor, Amicus Brief, December 2014

4. Use treaties for cross-border disputes.

“We have a mutual legal assistance framework in place for cooperation in criminal matters, which remains the preferred avenue for such cooperation, including for the transfer of data.”
– Ireland’s Minister for Data Protection Dara Murphy TD, Irish Examiner, December 2014

“The Commission remains of the view that where governments need to request personal data held by private companies and located in the EU, requests should not be addressed to the companies but should proceed via agreed formal channels of cooperation between public authorities, such as the mutual legal assistance agreements or sectorial EU-US agreements authorizing such transfers.”
– Viviane Reding, former Vice-President of the European Commission, Justice Fundamental Rights and Citizenship, in a letter to a Member of the European Parliament, July 2014   

5. The potential clash between American laws and other countries’ laws jeopardizes Americans’ privacy.

“If the Justice Department gets access to information on Microsoft’s Irish server, what’s to stop courts in, say, Brazil from ordering American companies like Google that do business in that country to turn over information stored in, say, San Francisco?”
– New York Times Editorial, “Must Microsoft Turn Over Email on Irish Servers?” July 2014

“The disregard for the interplay between national laws threats to universalize access to the private communications of American individuals and businesses.”
– AT&T Corp., Rackspace and Computer & Communications Industry Association, i2 Coalition and Applications Developers Alliance, Amicus Brief, December 2014

“The government’s position that ECPA warrants do apply abroad puts U.S. cloud providers in the position of having to break the privacy laws of foreign countries in which they do business in order to comply with U.S. law. This not only hurts our businesses’ competitiveness and costs American jobs, but it also invites reciprocal treatment by our international trading partners.”
– Sen. Chris Coons (D-Del.), statement on the introduction of the LEADS Act, February 2015

6. Without reform, law enforcement has a tougher job.

“This patchwork of jurisdiction will ultimately undermine investigations and will only get worse as more and more countries follow their lead.”
– The Chertoff Group, “Law Enforcement Access to Evidence in the Cloud” white paper, May 2015

“[The Criminal Division’s Office of International Affairs’] difficulty in responding to foreign requests promptly jeopardizes the effectiveness of U.S. law enforcement and our diplomatic efforts.”
– FY2016 President’s Budget briefing, Department of Justice Criminal Division, February 2015

7. International agreements are essential to a better balance between individual privacy and public safety.

“…Perhaps a more promising approach to start, might be a set of more informal agreements–almost like best practices across a group of like-minded nations–that would specify when and under what circumstances governments could be permitted to directly compel the production of communications data from ISPs and other similarly situated providers, thus beginning to address some of these contested issues.”
– Jennifer Daskal, Assistant Professor of Law, American University, “The Un-territoriality of Data,” Yale Law Journal, 2015/2016 

“At least as urgently needed is reform and modernization of the entire international system for mutual legal assistance, which should start with improved technology and procedures with our closest allies and those other countries from which we most urgently need information in our most important cases.”
– Bryan Cunningham, Information Security, Privacy, and Data Protection Lawyer, and former Deputy Legal Adviser to National Security Adviser Condoleezza Rice, The Hill, June 2015

“So you really do need to have some kind of international agreement that takes account of the various national interests that are involved. … And I think at the end of the day, the international community has to come together to figure out how you balance out those interests and what the most efficient way is for making this process work quickly. We have found ways to do that in the past. We do it in a number of different areas, banking for example, there’s a lot of work that goes on which is transnational, and this requires a transnational solution.”
– Faiza Patel, Co-Director of the Liberty and National Security Program at the Brennan Center for Justice, at a panel December 15, 2014