Tweet Data

New Irish Warrant Case Decision – Again – Points to Need for Congressional Action to Update ECPA

The importance of this week’s decision by the Second Circuit to deny rehearing in Microsoft’s Irish warrant case has less to do with the action in court and more to do with what happens next. Specifically, with what happens in Congress.

Last July, a panel of the Second Circuit held that a warrant issued by US law enforcement under the Stored Communications Act (SCA) does not have extraterritorial application. As Judge Carney notes in her concurrence with this week’s order: “[I]n many ways the SCA has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”

Laws regarding privacy and law enforcement have always struggled to strike a tricky balance: they must ensure that personal data receives the greatest protection possible while enabling investigators to do their job of keeping the public safe.

Unfortunately, in the digital world, the three decades-old Electronic Communications Privacy Act (ECPA), which is part of the SCA, does neither effectively.

This is understandable. Remember, when ECPA was enacted more than 30 years ago, our use of technology and cloud computing was dramatically different. Today, we store nearly all of our information in the cloud – emails, pictures, documents, health and financial records – and we expect to be able to access it whenever and wherever we are. Thirty years ago, we did not have the web of globally connected data centers and the software to move our data seamlessly around the world.

Software companies and civil liberties groups have urged Congress for years to update ECPA. The updates that passed the House of Representatives unanimously and had bipartisan sponsors in the Senate last Congress would make much-needed changes to enhance privacy protections that we have long championed. This week’s Second Circuit opinion is an important reminder that Congress must also focus on creating an international framework for accessing data – an issue that has also already received bipartisan, bicameral leadership in Congress.

As judges on the Second Circuit have said repeatedly since oral arguments in the case back in September 2015: the best next step is “congressional action to revise a badly outdated statute.” Our digital privacy laws need an update to protect both our privacy and security.

Aaron Cooper

Author:

Aaron Cooper serves as Vice President, Global Policy with BSA | The Software Alliance. In this role, Cooper leads BSA’s global policy team and contributes to the advancement of BSA members’ policy priorities: data privacy and security, intellectual property, and trade. Cooper joined BSA in February 2016 as Vice President, Strategic Policy Initiatives.

Prior to joining BSA, Cooper served as the Chief Counsel for Intellectual Property and Antitrust Law for Chairman Patrick Leahy on the U.S. Senate Judiciary Committee. Most recently, Cooper was of counsel at Covington and Burling, where he provided strategic counseling and policy advice on a range of intellectual property, communications, and privacy issues. Cooper has also served as Legal Counsel to Senator Paul Sarbanes.

Cooper is a graduate of Princeton University and Vanderbilt Law School. He clerked for Judge Gerald Tjoflat on the U.S. Court of Appeals for the Eleventh Circuit.

Leave a Reply

Your email address will not be published. Required fields are marked *