Editorial: U.S. Senate should join House in protecting email privacy

By The Herald Editorial Board

As far as law enforcement and the federal law regarding electronic communications are concerned, any of your emails older than 180 days have been “abandoned” and don’t carry an expectation of privacy; they’re no different than the trash you leave at the curb and can be searched without a warrant.

That standard, allowing law enforcement agencies to obtain old emails without a warrant, is a holdover from the Electronic Communications Privacy Act, passed in 1986, years before most of us heard “You’ve got mail,” when we went to our computers. The act has gone untouched since it was passed, as has the loophole that denies the privacy protections and warrant requirements that apply to hardcopy documents.

Along with email, this standard also applies to any documents stored in the cloud, such as with storage services such as Dropbox; law enforcement agencies can go to the email or other service provider and demand documents older than 180 days without seeking a judge’s permission.

That would change under the Email Privacy Act, which on Monday passed for a second time in two years in the U.S. House by unanimous voice vote.

Among the prime supporters of the act was 1st District Rep. Rep. Suzan DelBene, D-Washington, who worked on mobile communication issues when she was at Microsoft; as she did a year ago, DelBene supported the act introduced by Rep. Kevin Yoder, R-Kansas.

DelBene has previously introduced related legislation that would require a warrant for the geolocation data from smartphones, which can show where you are and where you’ve been.

That bill, the Online Communication and Geolocation Protection Act, has yet to be reintroduced this year. It would provide an added protection not found in the Email Privacy Act; it would require law enforcement agencies to notify the subject of a search of email or other online data after the warrant is issued.

The email privacy bill and its unanimous bipartisan support in the House is simple to understand, DelBene said from Washington, D.C., following Monday’s passage: “We are just trying to make sure emails are held to the same standard as a piece of paper.”

Last year, however, the bill died under the weight of “poison pill” amendments sought by Senate Republicans, particularly Sens. John Cornyn of Texas and Jeff Sessions of Alabama.

Cornyn’s amendment attempted to expand the government’s use of National Security Letters that would have allowed federal investigators to secretly demand emails, IP addresses and browser histories from internet providers. Sessions’ amendment, likewise, would have allowed law enforcement to demand records from providers by invoking an emergency. (Wired noted this week that this is something providers already do on a routine basis when an actual emergency exists.)

President Trump’s nomination of Sessions as his Attorney General, however, could help break the block in the Senate and ease the act’s passage there. But Sessions’ likely confirmation this week by his peers could cut both ways. With Sessions as the nation’s chief law enforcement officer, he might likely encourage the president to veto the Email Privacy Act.

The president probably won’t need much prodding from Sessions. He sold himself during and after the campaign as a “law and order” man. This week, speaking with sheriffs from around the country, Trump threatened to “destroy” the career of a Texas state senator who is seeking reforms to that state’s civil asset forfeiture law.

Overwhelming support by the Senate, joined with the same already shown twice by the House, should be enough to convince Trump of the need to update a law that protects the privacy of all Americans and brings a 30-year-old statute into the 21st century.

If not, then it ought to be enough to override a veto.