On Friday, November 9, ARL filed comments responding to National Telecommunications and Information Administration’s (NTIA) request for comment on “Developing the Administration’s Approach to Consumer Privacy.”
In the submitted comments, ARL recognizes that strong privacy protections for users is necessary, but also that overly-prescriptive requirements can cause difficulties in compliance. The comments point to several elements that are critical for meaningful privacy protection, including ensuring transparency and consent, while other areas may be nuanced and policymakers must consider unintended consequences of particular regulations. For example, the right to deletion raises complex issues and requires a nuanced approach to avoid unnecessary alterations to the cultural and historical record. The comments also note that effective remedies and enforcement mechanisms are needed to make regulations meaningful.
All filed comments are available on the NTIA site.
On July 12, the Department of Justice has issued a request to web hosting provider, DreamHost, seeking information on visitors to a website that was used to organize protests against President Trump on Inauguration Day. DreamHost has fought this request because it would amount to handing over 1.3 million visitor IP addresses, contact information and content, in what appears to be a clear threat to freedom of speech and privacy.
The broad search warrant seeks for DreamHost to turnover detailed information, including IP addresses, contact information and financial information of all visitors to the site; DreamHost already complied with the request to turn over the registration information of the owners of the website. The warrant also seeks communications and unpublished content, such as draft posts and photos.
The request will clearly have the effect of chilling freedom of speech and freedom of association. It appears that the Administration is seeking to identify dissidents who oppose President Trump, a clear threat to the First Amendment rights of the website’s visitors. One can only assume that the Administration is using the power of the DOJ to threaten and silence critics of President Trump.
For libraries, who have long championed freedom of speech and association, these reports are particularly appalling. Privacy is essential to the exercise of the First Amendment so that an individual may research, inquire and learn without having the subject of his interests scrutinized by others. Patron privacy has long be a fundamental value of libraries and in a world where so much information is now online, it is critical for protections to extend to visitors to websites. The DOJ’s warrant threatens these central tenants to a free and open democracy.
DreamHost is challenging the request, with a hearing scheduled for today. DreamHost argues that the search warrant is overly broad and violates the Fourth Amendment and privacy laws. You can read more at DreamHost’s blog post on the case.
Today, July 27, 2017, Senators Lee (R-UT) and Leahy (D-VT) introduced the ECPA Modernization Act of 2017, a bill to reform the Electronic Communications Privacy Act (ECPA). ECPA is a law from 1986 governing privacy for online communications and, not surprisingly, has long been in need of reform. A law written more than thirty years ago clearly did not conceive of the modern digital age.
Congress has seriously considered reform to rectify the absurdities of the 1986 law that denies individuals a reasonable expectation of privacy for the content of their online communications. Earlier this year, in January 2017, Congressmen Yoder (R-KS) and Polis (D-CO) reintroduced the House version of ECPA reform, the Email Privacy Act (H.R. 387), a bill that unanimously passed the House of Representatives in 2016.
ECPA was written in an era in which few individuals owned computers, most did not use e-mail, social media services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It therefore reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communications.
The ECPA Modernization Act of 2017 would rectify this absurdity and restore Fourth Amendment protections to the digital world, requiring a warrant for the content of online communications just as a warrant would be required for a copy of a document stored in a file cabinet. It would also ensure that the government provides notification to users after it has received content after a warrant has been executed. These reforms are greatly needed in our modern era where everyday communications take place online.
ARL applauds Senators Lee (R-UT) and Leahy (D-VT) for their leadership in promoting much needed ECPA reform in the Senate and urges Congress to quickly pass these bills.
Today marks the 20th anniversary of the Supreme Court of the United States’ decision in Reno v. ACLU, a case that determined that certain provisions of the Communication Decency Act (CDA) – which sought to govern speech online – violated the right to free speech. This decision was a landmark decision, the Court’s first about the Internet and applied the same freedom of speech rules for print to speech on the Internet (both of which are more open than TV or radio broadcasts).
The CDA was designed to protect children from “obscene or indecent” content. However, because of the breadth and vagueness of the provisions, the Court found that the CDA could also suppress speech to adults:
We are persuaded that the CDA lacks the precision that the First Amendment requires when a statute regulates the content of speech. In order to deny minors access to potentially harmful speech, the CDA effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another.
The Court found that less restrictive alternatives could be used to achieve the same goal of reducing explicit content to children. The CDA, however, resulted in “an unnecessarily broad suppression of speech addressed to adults.”
Reno v. ACLU is a decision that gave us the Internet as we know it today. One that is free and open, a modern town square. Celebrating this landmark ruling brings to mind a number of related issues that are at the forefront of discussions today. While Reno v. ACLU gave us a ruling that established that freedom of speech applies online, we are still fighting for strong net neutrality rules that keeps the Internet open to all and does not favor one speech over another. While the Supreme Court’s Reno v. ACLU decision applied the same First Amendment protections to online speech as print, we are still fighting for reforms to the Electronic Communication Privacy Act to ensure that the same Fourth Amendment protections that apply to print apply to online communications.
Let’s celebrate 20 years of Reno v. ACLU, but remember that there is still work to be done to ensure that Constitutional rights apply with the same force in the digital world as it did in an analog one.
The Association of Research Libraries (ARL) applauds the approval of the Email Privacy Act by the US House of Representatives. The House passed the bill with a voice vote, moving this critical piece of legislation one step toward ensuring that the outdated Electronic Communications Privacy Act (ECPA) is reformed to keep pace with the digital age. The House previously passed the Email Privacy Act in a unanimous vote during the last Congress.
House passage of the Email Privacy Act signals an important recognition that Fourth Amendment protections extend to online communications. As libraries and universities move services into the cloud and more communications take place online, ensuring the protection of information long considered to be private—including what individuals are reading or researching—is essential.
ARL has long supported reform of ECPA to ensure that the Fourth Amendment applies to digital communications and urges the Senate to quickly move forward to pass this bill.
The Electronic Communications Privacy Act (ECPA) is a law from 1986 governing privacy for online communications and has long been in need of reform. For the last several years, Congress has seriously considered reform to rectify the deficiencies of this law that denies individuals a reasonable expectation of privacy for the content of their online communications. On January 10, 2017, Congressmen Yoder (R-KS) and Polis (D-CO) reintroduced the Email Privacy Act (H.R. 387) for the 115th Congress, a bill that unanimously passed the House of Representatives last year.
ECPA was written in an era in which few individuals owned computers, most did not use e-mail, services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communications.
The Email Privacy Act would rectify this absurdity and restore Fourth Amendment protections to the digital world by requiring a warrant for content, just as a warrant would be required for a copy of a document stored in a file cabinet. The bill has enjoyed overwhelming bipartisan, with a super majority of the House of Representatives co-sponsoring the bill in the last Congress, before its unanimous passage.
ARL applauds the reintroduction of the Email Privacy Act and urges Congress to move quickly to pass ECPA reform and restore Fourth Amendment protections for online communications.
On September 13, 2016, ARL joined in a coalition letter of 33 organizations expressing concerns regarding congressional oversight of intelligence activities. The letter calls on Congress “to provide a meaningful check on the executive branch and reform how it conducts oversight over intelligence matters.” The letter calls for a number of reforms to the House Permanent Select Committee on Intelligence and to strengthen Congressional power, including to provide members with sufficient staff assistance.
The letter concludes:
In addition to the above reforms, we urge you to consider establishing a distinct, broad-based review of the activities of the Intelligence Community since 9/11, modeled after the 9/11 Commission or the U.S. Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities.
When questions were raised about the activities of the intelligence community in the 1970s, Congress reacted by forming two special committees, colloquially known as the Pike and Church committees. Reports preceded wholesale reforms of the intelligence community, including improving congressional-oversight mechanisms. The outcome improved congressional oversight and the perception of its efficacy. The House should provide the new select committee adequate staffing and financial support, and give it a broad mandate to review practices and structures associated with congressional oversight of intelligence matters.
The full letter can be read here.
On May 24, 2016, ARL joined a coalition of civil society organizations, companies and trade associations in a letter to Senate Judiciary Committee Chairman Grassley and Ranking Member Leahy supporting the Email Privacy Act (H.R. 699) as passed unanimously by the House of Representatives on April 26, 2016. While the House-passed bill did not make all necessary reforms to the Electronic Communications Privacy Act (ECPA), it represents a big step forward by imposing a warrant-for-content rule. Importantly, the H.R. 699 did not include a civil agency carveout, ensuring that civil agencies do not have warrantless access to online communications such as e-mails or documents stored in the cloud.
The Electronic Communications Privacy Act (ECPA) is a law from 1986 governing privacy for online communications and has long been in need of reform. ECPA was written in an era in which few individuals owned computers, most did not use e-mail, services like Facebook did not exist, and “the cloud” had not yet transformed the way people communicate and work. It reflects a poor understanding of the digital age and has clearly not kept pace with evolving technologies. ECPA allows the government to seize online documents and communications older than 180 days without a warrant, leading to an absurdity that grants greater protection to hard copy documents than to digital communication. Essentially, ECPA reform seeks to ensure that the 4th Amendment applies equally to the digital age as it does to the analog world, requiring a warrant for the content of documents and communications.
Civil agencies, primarily the Securities and Exchange Commission (SEC), have repeatedly sought an exemption from the ECPA reforms and continue to do so as the Senate Judiciary Committee considers a vote. These agencies would like to compel third-party providers to disclose the content of personal communications without a warrant, increasing their power beyond the existing tools they have at their disposal such as subpoenas. Such an exemption threatens the reasonable expectation of privacy.
In addition to civil agencies seeking carveouts, law enforcement officials would like to broaden the emergency exceptions language in the ECPA reform bill despite the fact that current law already permits service providers to release information where there is an emergency involving the danger of death or serious physical injury. Expansion of existing law in this area could be subject to abuse by government and law enforcement agencies who may try to overreach to access data.
ECPA is in serious need of reform and the Email Privacy Act passed last month by the House of Representatives–without modification or amendment–represents the appropriate vehicle to move reform forward.
*Cross-posted from ARL News*
The Association of Research Libraries (ARL) applauds today’s 419-0 vote in the US House of Representatives passing the Email Privacy Act (H.R. 699), a bill that updates the Electronic Communications Privacy Act (ECPA). Passed in 1986, ECPA has not kept pace with evolving technologies and has led to an absurdity that affords greater protection to hard-copy documents than digital communications.
House passage of the Email Privacy Act today signals an important recognition that Fourth Amendment protections extend to online communications. As libraries and universities move services into the cloud and more communications take place online, ensuring the protection of information long considered to be private—including what individuals are reading or researching—is essential.
“Reform of ECPA is long overdue and today’s vote in the US House of Representatives demonstrates overwhelming support for bringing privacy laws in line with the digital age,” said ARL president Larry Alford. “The Email Privacy Act will restore a reasonable expectation of privacy in online communications, requiring the government to obtain a warrant for content, and is a key step forward in updating a 30-year-old law governing digital privacy. ARL applauds today’s vote and urges the Senate to quickly move forward to pass this bill.”
The Senate version of the bill, the Electronic Communications Privacy Act Amendments Act of 2015 (S. 356), has enjoyed broad, bipartisan support. The Association of Research Libraries strongly encourages the Senate to pass this legislation soon.
On April 13, 2016, ARL joined a coalition of more than 50 civil society organizations, trade associations and companies in writing to support the Manager’s Substitute Amendment to the Email Privacy Act (H.R. 699), a bill to update the Electronic Communications Privacy Act (ECPA), in advance of the bill’s markup. ECPA, a law passed in 1986, has not kept pace with evolving technology and allows government agencies to access private communications stored in the “cloud” without a warrant. ARL has long supported reform of this outdated law to ensure that Fourth Amendment protections extend to the digital world.
The Email Privacy Act has enjoyed broad support with 314 co-sponsors. While the coalition letter supports the Manager’s Substitute, it notes:
The Manager’s Substitute does not achieve all of the reforms we had hoped for. Indeed, it removes key provisions of the proposed bill, such as the section requiring notice from the government to the customer when a warrant is served, which are necessary to protect users. However, it does impose a warrant-for-content rule with limited exceptions. We are particularly pleased that the Manager’s Substitute does not carve out civil agencies from the warrant requirement, which would have expanded government surveillance power and undermined the very purpose of the bill.
Markup of the bill will happen in the House Judiciary Committee today, April 13, 2016 at 10:30 a.m.
The time for ECPA reform is long overdue and while the Manager’s Substitute rolls back some of the positive aspects of the original bill, it still represents a step forward in protecting privacy in the digital age.