WASHINGTON -- Investigators would need a search warrant to get people's old emails under a bill considered Tuesday by a House panel looking to update a nearly 30-year-old federal law to reflect today's communications.
The Email Privacy Act, co-authored by Rep. Kevin Yoder, R-Kan., and Rep. Jared Polis, D-Colo., has broad bipartisan support and would close a loophole in the 1986 Electronic Communications Privacy Act, which passed before online storage became so convenient and inexpensive. The law gave the government access to emails older than 180 days with just a subpoena. The emails were considered abandoned at the time, when there was rarely enough storage space to hold emails longer than six months.
Under current law, the government uses subpoenas to Internet service providers like Google or Yahoo to obtain emails older than 180 days; search warrants are already generally required by service providers for more recent email content.
The bill taken up by the House Judiciary Committee instead would require agents to get a search warrant, which generally requires probable cause that a crime has occurred. Exceptions in the bill would allow agents to continue obtaining emails in terrorism investigations without any changes.
Committee Chairman Bob Goodlatte, R-Va., said he hoped to provide a "fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies," so that searches in the virtual world and physical world are treated equally.
This is a "modest step for bringing our privacy protections into the 21st century," said Chris Calabrese, who is vice president for policy for the Center for Democracy & Technology.
He added that the bill still provides more leeway for law enforcement than when using a warrant to search a physical place. For example, it allows investigators to wait up to 10 days to provide notice of the email warrant to the subject, as well as a gag order in certain circumstances so that person would not be notified at all.
Google's law enforcement director, Richard Salgado, told lawmakers that provisions under the old law "do not reflect the reasonable expectations of privacy of users."
He also noted that the Justice Department has said there is no reason under privacy law for criminal investigators to treat old emails differently than newer emails. The Supreme Court ruled last year that law enforcement officers generally need a warrant to search the contents of a cellphone.
The Securities and Exchange Commission opposes the new measure, saying as a civilian law enforcement agency it can't obtain a criminal warrant.
The SEC's enforcement director, Andrew Ceresney, said agents can't reasonably expect the targets of their investigations to turn over emails or other messages that might implicate them in fraud schemes.
"Individuals who violate the law are often reluctant to produce to the government evidence of their own misconduct," he said, adding that individuals would be able to contest a subpoena under revisions proposed by the SEC.
Under questioning, Ceresney acknowledged that his agency has not used its subpoena power to access older emails as allowed under the Electronic Communications Privacy Act since an appeals court in 2010 ruled that the provision violates the Fourth Amendment because it doesn't require a warrant.
Some states have worked to address inconsistencies in the law due to technological advances. California passed a law earlier this year requiring the government to obtain a warrant when requesting communications from third parties. The California law also applies to metadata, such as details on who sent or received the information, which previously only required a subpoena.
This is the second time Congress has examined email privacy and a change to the 1986 law. A bill in 2013 received broad bipartisan support but failed to proceed beyond initial votes. Since then, disclosures by former National Security Agency contractor Edward Snowden about the scope of government snooping on Americans' communications led to increased privacy concerns and efforts to limit government access.
Earlier this week, after a gag order was lifted on a founder of an Internet service provider, it was revealed that the FBI has used national security letters to demand records from ISPs, phone companies and financial institutions, without a warrant.