Data

New Irish Warrant Case Decision – Again – Points to Need for Congressional Action to Update ECPA

The importance of this week’s decision by the Second Circuit to deny rehearing in Microsoft’s Irish warrant case has less to do with the action in court and more to do with what happens next. Specifically, with what happens in Congress.

Last July, a panel of the Second Circuit held that a warrant issued by US law enforcement under the Stored Communications Act (SCA) does not have extraterritorial application. As Judge Carney notes in her concurrence with this week’s order: “[I]n many ways the SCA has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”

Laws regarding privacy and law enforcement have always struggled to strike a tricky balance: they must ensure that personal data receives the greatest protection possible while enabling investigators to do their job of keeping the public safe.

Unfortunately, in the digital world, the three decades-old Electronic Communications Privacy Act (ECPA), which is part of the SCA, does neither effectively.

This is understandable. Remember, when ECPA was enacted more than 30 years ago, our use of technology and cloud computing was dramatically different. Today, we store nearly all of our information in the cloud – emails, pictures, documents, health and financial records – and we expect to be able to access it whenever and wherever we are. Thirty years ago, we did not have the web of globally connected data centers and the software to move our data seamlessly around the world.

Software companies and civil liberties groups have urged Congress for years to update ECPA. The updates that passed the House of Representatives unanimously and had bipartisan sponsors in the Senate last Congress would make much-needed changes to enhance privacy protections that we have long championed. This week’s Second Circuit opinion is an important reminder that Congress must also focus on creating an international framework for accessing data – an issue that has also already received bipartisan, bicameral leadership in Congress.

As judges on the Second Circuit have said repeatedly since oral arguments in the case back in September 2015: the best next step is “congressional action to revise a badly outdated statute.” Our digital privacy laws need an update to protect both our privacy and security.

Cybersecurity, Privacy

A Positive Step in the Encryption Debate

The members of the House Encryption Working Group took on a seemingly impossible task this year when they set out to bridge the gap between the two sides of this noisy and difficult debate. That makes the result of their work – a series of balanced findings that summarizes their careful consideration of these issues … Read More >>

Cybersecurity, Data, Privacy

It’s Time to Move the Encryption Discussion Forward

The encryption discussion in Washington has been locked in a polarized stalemate for months — with loud voices on distant ends deeply dug in. Encryption is a complex issue that affects a range of global stakeholders, from governments to businesses to individuals. The ideal solution needs to consider all legitimate sides of the argument and … Read More >>

Compliance and Enforcement, Cybersecurity

New BSA Survey: Organizations Can Combat Cyberattacks by Avoiding Unlicensed Software

Organizations worried by the ever-increasing threat of cyberattacks should start by looking inward. One of the first, critical steps an organization needs to take is to ensure that all of the software running on its own network is legitimate and fully licensed. Doing so matters, as highlighted in Seizing Opportunity Through License Compliance, this year’s … Read More >>