Electronic privacy

  • February 18, 2015

    by Jeremy Leaming

    U.S. Senators are again pushing a bill aimed at providing more protection of consumer data stored by American tech companies overseas.

    Sens. Chris Coons (D-Del.), Orrin Hatch (R-Utah) and Dean Heller (R-Nev.) recently reintroduced the Law Enforcement Access to Data Stored Abroad Act (LEADS Act), which languished in the last Congress. The LEADS Act would change the Electronic Communications Privacy Act (ECPA) and, in part, would prohibit federal officials from using a warrant to obtain information stored abroad, unless the information sought belongs to an American.

    In a press statement, Sen. Coons said, “Law enforcement agencies wishing to access Americans’ data in the cloud ought to get a warrant, and just like warrants for physical evidence, warrants for content under ECPA shouldn’t authorize seizure of communications that are located in a foreign country. The government’s position that ECPA warrants do apply abroad puts U.S. cloud providers in the position of having to break the privacy laws of foreign countries in which they do business in order to comply with U.S. law. This is not only hurts our businesses’ competitiveness and costs American jobs, but it also invites reciprocal treatment by our international trading partners.”

    The senators’ statement on the LEADS Act claims it would “clarify ECPA by stating that the U.S. government cannot compel disclosure of data from U.S. providers stored abroad if accessing that data would violate the laws of the country where it is stored or if the data is not associated with a U.S. person – that is, a citizen or lawful permanent resident of the United States, or a company incorporated in the United States.”

    The U.S. Court of Appeals for the Second Circuit is hearing an appeal of a federal court refusal to set aside a government issued warrant to obtain email account information stored by Microsoft in Ireland.

    See here for more information about the LEADS Act.

  • January 20, 2015
    Guest Post

    by Cameron F. Kerry. Kerry is the Sara R. & Andrew H. Tisch Distinguished Visiting Fellow at the Brookings Institution and a Visiting Scholar at the MIT Media Lab. He is the former General Counsel and Acting Secretary of the U.S. Department of Commerce.

    President Obama went to the FTC this past week to address ways to protect privacy and identity in what he called “a dizzying age” of new technologies. 

    One of the many new technologies changing the ways people interact with information is cloud computing. Whether it's Jennifer Lawrence saving intimate photos to Apple's iCloud, startups scaling up with Amazon Web services, or businesses and consumers moving their documents to Microsoft 365 or Google Docs, cloud computing is becoming a familiar part of our digital daily lives.

    Cloud services offer benefits of large-scale computing, which include efficiency, scalability, security, and computing power, as well as ubiquitous access to data from an increasing variety of devices. But turning over data wholesale to someone else also comes with questions about privacy, confidentiality, security, and control. 

    As evidenced by Microsoft’s challenge to a U.S. government warrant for emails stored in a data center in Ireland, these questions also present challenges to traditional notions of sovereignty and territorial jurisdiction because global networks and cloud systems transcend national borders.

  • September 18, 2014

    by Jeremy Leaming

    * On Feb. 12, 2015 U.S. Senators reintroduced the LEADS Act

    Intending to provide privacy protections to consumers’ data stored on tech companies’ servers overseas or in cloud computing services, a bipartisan group of senators late today introduced legislation to amend the Electronic Communications Privacy Act (EPCA).

    Sens. Chris Coons (D-Del.), Orrin Hatch (R-Utah) and Dean Heller (R-Nev.) announced introduction of the Law Enforcement Access to Data Stored Abroad Act or the LEADS Act. A provision of the bill states that law enforcement offices must “obtain a warrant under the Electronic Communications Privacy Act (EPCA) to obtain the content of subscriber communications from an electronic communications or cloud computing service.”

    The bill comes as Microsoft is fighting in court a warrant from federal prosecutors seeking access to data stored oversees. Microsoft is arguing that the federal government cannot compel disclosure of data it stores in Ireland. Microsoft Bradford L. Smith told The New York Times earlier this year, “What is at stake is the privacy protection of individuals’ email and the ability of American tech companies to sustain trust around the world.” The Times noted that Apple, AT&T and Verizon have all filed briefs supporting Microsoft.

  • August 5, 2014

    by Caroline Cox

    Adam Liptak of The New York Times discusses Justice Ruth Bader Ginsburg’s recent comments on the Supreme Court’s different treatment of cases involving gay people and women. Justice Ginsburg comments suggest that the five-justice conservative majority does “not understand the challenges women face in achieving authentic equality.”

    In Slate, Emily Bazelon explains the recent decisions by the U.S. Court of Appeals for the Fifth Circuit and the U.S. District Court for the Middle District of Alabama that blocked major restrictions on abortion clinics. Despite these pro-choice victories, the legal fight against allegedly burdensome regulations on abortion clinics remains an uphill battle as a Texas law goes before the Fifth Circuit.

    Robert Barnes of The Washington Post reports that a Florida judge has found two of the state’s congressional districts unconstitutional. The decision, one of several challenging gerrymandering throughout the country, sets the stage for a possible Supreme Court case in the fall. 

    Shawn DuBravac, the chief economist of the Consumer Electronics Association, writes for the Harvard Business Review that the Supreme Court’s view on the Fourth Amendment is increasingly taking into account changing technology and the importance digital privacy.

    The New York Times’ James Barron provides the obituary for James S. Brady, White House press secretary for President Ronald Reagan and a major champion of gun control legislation.

    The Alliance for Justice published a comprehensive report detailing each federal case on the legality of a same-sex marriage ban. 

  • July 30, 2014
    Guest Post

    by Cameron F. Kerry. Kerry is the Sara R. & Andrew H. Tisch Distinguished Visiting Fellow at the Brookings Institution and a Visiting Scholar at the MIT Media Lab. He is the former General Counsel and Acting Secretary of the U.S. Department of Commerce.

    Yesterday, I moderated a panel on Microsoft’s federal court challenge to a warrant seeking email records that Microsoft stores at a data center in Ireland.  Microsoft is contending that the governing statute, the stored communications provisions of the Electronic Communications Privacy Act (ECPA), does not apply outside the territory of the United States.

    My take-away from the panel is that discussion of reforms to bring ECPA up-to-date with the way we use devices and cloud services in the 21st Century needs to take up the difficult questions presented by services and networks that flow freely across national borders.  As I put it during the discussion, “what does extraterritoriality mean in a virtual world?”

    The panel featured James Garland of Covington & Burling, who is arguing the case on behalf of Microsoft in the Federal District Court for the Southern District of New York this Thursday, along with other lawyers involved in the case.  The case has been the deserving subject of wide attention, including a stern letter from the European Commission’s Justice Commissioner and a July 27 New York Times editorial.  It involves a warrant issued last December for email records “owned, maintained, controlled or operated by Microsoft” for a particular email address.  Microsoft produced records located in the United States that did not involve the content of the emails, but objected to producing the emails themselves because they are stored in a data center in Dublin, Ireland.  They are there because the Dublin servers are closest to the country that the email customer identified in establishing the account, reducing latency in email transmission.  Microsoft only recently established overseas data centers and, so far as anyone knows, this is the first time any Internet service provider has challenged the extraterritorial application of authorities for law enforcement access to Internet communications.

    The issues center on the interpretation of Section 2703 (c)(A) of the Stored Communications Act in the decision by a federal magistrate in New York issued April 25.  In some respects, the issues are narrow:  for example, does the SCA contain language that overcomes the Supreme Court’s “presumption against extraterritorial application” of U.S. statutes; does the “warrant” required by the SCA to obtain most content of electronic communications incorporate requirements for a warrant under the Fourth Amendment?