On July 12, the Department of Justice has issued a request to web hosting provider, DreamHost, seeking information on visitors to a website that was used to organize protests against President Trump on Inauguration Day. DreamHost has fought this request because it would amount to handing over 1.3 million visitor IP addresses, contact information and content, in what appears to be a clear threat to freedom of speech and privacy.
The broad search warrant seeks for DreamHost to turnover detailed information, including IP addresses, contact information and financial information of all visitors to the site; DreamHost already complied with the request to turn over the registration information of the owners of the website. The warrant also seeks communications and unpublished content, such as draft posts and photos.
The request will clearly have the effect of chilling freedom of speech and freedom of association. It appears that the Administration is seeking to identify dissidents who oppose President Trump, a clear threat to the First Amendment rights of the website’s visitors. One can only assume that the Administration is using the power of the DOJ to threaten and silence critics of President Trump.
For libraries, who have long championed freedom of speech and association, these reports are particularly appalling. Privacy is essential to the exercise of the First Amendment so that an individual may research, inquire and learn without having the subject of his interests scrutinized by others. Patron privacy has long be a fundamental value of libraries and in a world where so much information is now online, it is critical for protections to extend to visitors to websites. The DOJ’s warrant threatens these central tenants to a free and open democracy.
DreamHost is challenging the request, with a hearing scheduled for today. DreamHost argues that the search warrant is overly broad and violates the Fourth Amendment and privacy laws. You can read more at DreamHost’s blog post on the case.
Today, July 27, 2017, Senators Lee (R-UT) and Leahy (D-VT) introduced the ECPA Modernization Act of 2017, a bill to reform the Electronic Communications Privacy Act (ECPA). ECPA is a law from 1986 governing privacy for online communications and, not surprisingly, has long been in need of reform. A law written more than thirty years ago clearly did not conceive of the modern digital age.
Congress has seriously considered reform to rectify the absurdities of the 1986 law that denies individuals a reasonable expectation of privacy for the content of their online communications. Earlier this year, in January 2017, Congressmen Yoder (R-KS) and Polis (D-CO) reintroduced the House version of ECPA reform, the Email Privacy Act (H.R. 387), a bill that unanimously passed the House of Representatives in 2016.
ECPA was written in an era in which few individuals owned computers, most did not use e-mail, social media services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It therefore reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communications.
The ECPA Modernization Act of 2017 would rectify this absurdity and restore Fourth Amendment protections to the digital world, requiring a warrant for the content of online communications just as a warrant would be required for a copy of a document stored in a file cabinet. It would also ensure that the government provides notification to users after it has received content after a warrant has been executed. These reforms are greatly needed in our modern era where everyday communications take place online.
ARL applauds Senators Lee (R-UT) and Leahy (D-VT) for their leadership in promoting much needed ECPA reform in the Senate and urges Congress to quickly pass these bills.
The Association of Research Libraries (ARL) applauds the approval of the Email Privacy Act by the US House of Representatives. The House passed the bill with a voice vote, moving this critical piece of legislation one step toward ensuring that the outdated Electronic Communications Privacy Act (ECPA) is reformed to keep pace with the digital age. The House previously passed the Email Privacy Act in a unanimous vote during the last Congress.
House passage of the Email Privacy Act signals an important recognition that Fourth Amendment protections extend to online communications. As libraries and universities move services into the cloud and more communications take place online, ensuring the protection of information long considered to be private—including what individuals are reading or researching—is essential.
ARL has long supported reform of ECPA to ensure that the Fourth Amendment applies to digital communications and urges the Senate to quickly move forward to pass this bill.
The Electronic Communications Privacy Act (ECPA) is a law from 1986 governing privacy for online communications and has long been in need of reform. For the last several years, Congress has seriously considered reform to rectify the deficiencies of this law that denies individuals a reasonable expectation of privacy for the content of their online communications. On January 10, 2017, Congressmen Yoder (R-KS) and Polis (D-CO) reintroduced the Email Privacy Act (H.R. 387) for the 115th Congress, a bill that unanimously passed the House of Representatives last year.
ECPA was written in an era in which few individuals owned computers, most did not use e-mail, services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communications.
The Email Privacy Act would rectify this absurdity and restore Fourth Amendment protections to the digital world by requiring a warrant for content, just as a warrant would be required for a copy of a document stored in a file cabinet. The bill has enjoyed overwhelming bipartisan, with a super majority of the House of Representatives co-sponsoring the bill in the last Congress, before its unanimous passage.
ARL applauds the reintroduction of the Email Privacy Act and urges Congress to move quickly to pass ECPA reform and restore Fourth Amendment protections for online communications.
On May 24, 2016, ARL joined a coalition of civil society organizations, companies and trade associations in a letter to Senate Judiciary Committee Chairman Grassley and Ranking Member Leahy supporting the Email Privacy Act (H.R. 699) as passed unanimously by the House of Representatives on April 26, 2016. While the House-passed bill did not make all necessary reforms to the Electronic Communications Privacy Act (ECPA), it represents a big step forward by imposing a warrant-for-content rule. Importantly, the H.R. 699 did not include a civil agency carveout, ensuring that civil agencies do not have warrantless access to online communications such as e-mails or documents stored in the cloud.
The Electronic Communications Privacy Act (ECPA) is a law from 1986 governing privacy for online communications and has long been in need of reform. ECPA was written in an era in which few individuals owned computers, most did not use e-mail, services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communication. Essentially, ECPA reform seeks to ensure that the 4th Amendment applies equally to the digital age as it does to the analog world, requiring a warrant for the content of documents and communications.
Civil agencies, primarily the Securities and Exchange Commission (SEC), have repeatedly sought an exemption from the ECPA reforms and continue to do so as the Senate Judiciary Committee considers a vote. These agencies would like to compel third-party providers to disclose the content of personal communications without a warrant, increasing their power beyond the existing tools they have at their disposal such as subpoenas. Such an exemption threatens the reasonable expectation of privacy.
In addition to civil agencies seeking carveouts, law enforcement officials would like to broaden the emergency exceptions language in the ECPA reform bill despite the fact that current law already permits service providers to release information where there is an emergency involving the danger of death or serious physical injury. Expansion of existing law in this area could be subject to abuse by government and law enforcement agencies who may try to overreach to access data.
ECPA is in serious need of reform and the Email Privacy Act passed last month by the House of Representatives–without modification or amendment–represents the appropriate vehicle to move reform forward.
The Association of Research Libraries (ARL) applauds today’s 419-0 vote in the US House of Representatives passing the Email Privacy Act (H.R. 699), a bill that updates the Electronic Communications Privacy Act (ECPA). Passed in 1986, ECPA has not kept pace with evolving technologies and has led to an absurdity that affords greater protection to hard-copy documents than digital communications.
House passage of the Email Privacy Act today signals an important recognition that Fourth Amendment protections extend to online communications. As libraries and universities move services into the cloud and more communications take place online, ensuring the protection of information long considered to be private—including what individuals are reading or researching—is essential.
“Reform of ECPA is long overdue and today’s vote in the US House of Representatives demonstrates overwhelming support for bringing privacy laws in line with the digital age,” said ARL president Larry Alford. “The Email Privacy Act will restore a reasonable expectation of privacy in online communications, requiring the government to obtain a warrant for content, and is a key step forward in updating a 30-year-old law governing digital privacy. ARL applauds today’s vote and urges the Senate to quickly move forward to pass this bill.”
On April 13, 2016, ARL joined a coalition of more than 50 civil society organizations, trade associations and companies in writing to support the Manager’s Substitute Amendment to the Email Privacy Act (H.R. 699), a bill to update the Electronic Communications Privacy Act (ECPA), in advance of the bill’s markup. ECPA, a law passed in 1986, has not kept pace with evolving technology and allows government agencies to access private communications stored in the “cloud” without a warrant. ARL has long supported reform of this outdated law to ensure that Fourth Amendment protections extend to the digital world.
The Email Privacy Act has enjoyed broad support with 314 co-sponsors. While the coalition letter supports the Manager’s Substitute, it notes:
The Manager’s Substitute does not achieve all of the reforms we had hoped for. Indeed, it removes key provisions of the proposed bill, such as the section requiring notice from the government to the customer when a warrant is served, which are necessary to protect users. However, it does impose a warrant-for-content rule with limited exceptions. We are particularly pleased that the Manager’s Substitute does not carve out civil agencies from the warrant requirement, which would have expanded government surveillance power and undermined the very purpose of the bill.
Markup of the bill will happen in the House Judiciary Committee today, April 13, 2016 at 10:30 a.m.
The time for ECPA reform is long overdue and while the Manager’s Substitute rolls back some of the positive aspects of the original bill, it still represents a step forward in protecting privacy in the digital age.
Copyright continues to be an active area with a number of developments since October. The House Judiciary Committee continues to move forward with its copyright review and is close to completing its schedule of meetings between House Judiciary majority and minority staffers and witnesses who testified at hearings during the course of the review. In early 2016, members of the House Judiciary Committee will determine what issues they may want to work on with respect to possible reform. Additionally, Representatives Marino, Chu and Comstock introduced their bill on Copyright Office modernization, which would move the Copyright Office out of the Library of Congress and establish it as an independent agency within the legislative branch. On October 16, 2015, the Court of Appeals for the Second Circuit released its long awaited opinion in Authors Guild v. Google, strongly affirming fair use. Also in October, the Library of Congress released its final rules for the current cycle of the Digital Millennium Copyright Act’s (DMCA) Section 1201 rulemaking. Finally, the Library Copyright Alliance (LCA) filed comments responding to the Copyright Office’s Notice of Inquiry regarding a proposed pilot program for mass digitization and extended collective licensing. These comments questioned the wisdom of such a pilot program.
The US Congress passed the omnibus appropriations bill for FY 2016 and avoided a government shutdown. The omnibus exceeded mandatory caps on discretionary funding, resulting in positive results for higher education and libraries.
The Department of Education issued a proposal to amend regulations and require that all Department grantees awarded direct competitive grant funds openly license all copyrightable intellectual property created with these funds. ARL submitted comments supporting the benefits of open licensing and encouraging continued dialog.
ARL joined in comments on the proposed revision to OMB Circular A-130, the Circular that provides the rules of the road for federal information management and information technology.
The DC Circuit heard oral arguments on net neutrality in December. Although threats regarding a rider to undermine the FCC’s ability enforce its net neutrality rules emerged during the omnibus appropriations process, this rider was ultimately not included.
Congress continues to consider reform of the Electronic Communications Privacy Act (ECPA), and there is widespread support in the House for such reform. The Cybersecurity Information Sharing Act of 2015 was altered in ways that raise greater privacy concerns than its original version and was passed in the omnibus appropriations bill.
The US Supreme Court heard oral arguments in Fisher v. University of Texas at Austin (Fisher II), a case involving the University of Texas (UT) admissions process, which seeks to improve student body diversity.
Finally on the international front, more countries have ratified the Marrakesh Treaty to Facilitate Access to Published Works for Persons Who are Blind, Visually Impaired or Otherwise Print Disabled, moving the Treaty closer to entry into force. The negotiations of the TransPacific Partnership Agreement (TPP) have now been finalized and the texts are now public, but the agreement must still be signed and passed by each of the negotiating parties.
On October 27, 2015, the U.S. Senate voted 74-21 to pass the flawed Cyberinformation Sharing Act (CISA), a slightly modified version from the bill that passed the House of Representatives earlier this year. CISA, which purports to protect against data breaches, actually raises serious privacy concerns. In passing CISA, the Senate unfortunately voted against a number of proposed amendments which would have strengthened user privacy.
Among other concerns, CISA will allow companies to expand monitoring of their users’ online activities and permits sharing of vaguely defined cybersecurity threats without adequate privacy safeguards. It authorizes law enforcement that goes far beyond the scope of cybersecurity.
The Senate and House will now need to conference to resolve the differences between the two versions that passed.
The latest ARL Advocacy and Policy Update (covering mid-August to the beginning of October) is now available. Previous Advocacy and Policy Updates can be found here.
From the current update’s summary:
With its return from an August recess, the US Congress faces several controversial must-pass bills and other divisive issues with little time to spare prior to the passage of a short-term funding measure for the US Government as the Government’s fiscal year ended on September 30. A short-term funding bill that will fund the Government through mid-December was approved in lieu of another Government shutdown.
The US Senate continues to press ahead for passage of the Fair Access to Science and Technology Research Act (FASTR), a bill to codify the Office of Science and Technology Policy’s 2013 memorandum regarding public access to federally funded research.
The White House is building a pool of prospective candidates for the Librarian of Congress position. With James Billington’s retirement at the end of September, the White House has been reaching out to stakeholders, including ARL, for their input and recommendations. Legislation has been introduced in the Senate to limit the term of the Librarian of Congress to 10 years.
Copyright has been an active area over the past six weeks. Members of the House Judiciary Committee are poised to introduce several bills regarding the future of the US Copyright Office— determining the office’s authority and whether it will remain in the Library of Congress. This may be the first issue that the House considers as it continues its review of the Copyright Act for possible reform. A court ruled that Warner/Chappell Music does not hold a valid copyright to the “Happy Birthday” song lyrics, and there were two positive fair use decisions in Lenz v. Universal and Katz v. Google. The Library Copyright Alliance filed comments on the Copyright Office Notice of Inquiry on Extended Collective Licensing, and the 1201 Digital Millennium Copyright Act rulemaking is still underway.
ARL participated in a number of amicus briefs on a variety of issues. ARL, the American Library Association, Association of College and Research Libraries, and Chief Officers of State Library Agencies filed an amicus brief in support of the Federal Communications Commission’s Open Internet Order protecting network neutrality. ARL also joined in an amicus brief in the case Wikimedia v. National Security Agency (NSA), challenging warrantless surveillance and invoking the First Amendment’s protection of privacy.
Congress continues to consider reform of the Electronic Communications Privacy Act, or ECPA and there is widespread support in the House for such reform.
The US Supreme Court has agreed to rehear Fisher v. University of Texas at Austin, a case involving the University of Texas (UT) admissions process, which seeks to improve student body diversity.
On the international front, several additional countries have ratified the Marrakesh Treaty to Facilitate Access to Published Works for Persons Who Are Blind, Visually Impaired, or Otherwise Print Disabled, with Canada moving closer to ratification of the treaty. Another meeting took place in late September–early October to finalize the Trans-Pacific Partnership Agreement, a large, regional, trade agreement among 12 countries including Canada and the US. Finally, the “right to be forgotten” online has been upheld in Europe, and French regulators declared that search engines must apply the right to be forgotten across all domains, not just in France or Europe.