WASHINGTON–For a few hours on Capitol Hill yesterday evening, it was October 1986 again, complete with legwarmers, an Apple IIc, pop rocks, Duran Duran, and cell phones the size of a cat.
The companies sponsoring this night of nostalgia include Google and Facebook, which are hoping to visibly highlight how out-of-date a law enacted 25 years ago today has become in an age of cloud computing, gigabit networks, and terabyte storage.
The law in question is the 1986 Electronic Communications Privacy Act, a statute written in the pre-Internet era of telephone modems and the black-and-white Macintosh Plus. A coalition of groups, which include liberal, conservative, and libertarian non-profit organizations as well as companies, hope to convince the U.S. Congress to update the law to include location privacy and to protect documents stored on the Web through services like Google Docs, Flickr, and Picasa. (CNET was the first to report on the creation of this Digital Due Process coalition last year.)
Their not-so-subtle intent of yesterday’s back-to-the-future blast: to woo congressional staff. That meant convening this privacy-law bacchanal, probably the first the nation’s capital has ever experienced, a few blocks from the Senate and House offices at Top of the Hill on Pennsylvania Avenue, which describes itself as a “World War II-era lounge” featuring “an extensive wine, champagne and martini list.”
The mood of the festivities received a last-minute boost when Sen. Patrick Leahy, the chairman of the Judiciary committee, announced he was planning a committee vote to revise the 1986 law by the end of the year.
“Today this law is significantly outdated and outpaced by rapid changes in technology and the changing mission of our law enforcement agencies after September 11,” Leahy said. “At a time in our history when American consumers and businesses face threats to privacy like no time before, we must renew” our commitment to privacy.
ECPA is notoriously convoluted and difficult even for judges to follow. The groups hope to simplify the wording while requiring police to obtain a search warrant to access private communications and the locations of mobile devices–which is not always the case today.
Another argument for updating ECPA: Internet users currently enjoy more privacy rights if they store data locally, a legal hiccup that could slow the shift to cloud-based services unless it’s changed.
That lack of visible Republican enthusiasm will make it difficult for the legislation to navigate its way through a bipartisan legislature. In June, Leahy told CNET that he hoped to gain GOP support: “I hope so,” he said. “Otherwise we’ll have a heck of a time passing it.”
Second, the U.S. Justice Department has launched a concerted political attack on the principles behind the Digital Due Process coalition. James Baker, the associate deputy attorney general, said in April that rewriting ECPA to grant cloud computing users more privacy protections and to require court approval before tracking Americans’ cell phones would hinder police investigations.
When asked yesterday if the Justice Department had a position on ECPA changes, a spokesman referred CNET to Baker’s previous statements. Department officials have indicated they believe the law strikes a reasonable balance between privacy and law enforcement as currently written — and would be unlikely to drop their opposition unless they get something likemandatory data retention as a sweetener.
Corporate members of the Digital Due Process coalition include Amazon.com, Apple, AT&T, eBay, IBM, Intel, Intuit, LinkedIn, Loopt, and Microsoft.
But it’s the presence of conservative and libertarian groups in the coalition, including Americans for Tax Reform, the Competitive Enterprise Institute, and Citizens Against Government Waste, that might sway more Republican votes. (Other non-profits include the Center for Democracy and Technology, the ACLU, and the Electronic Frontier Foundation.
“I think there’s no reason why believers in the Constitution and limited government, which would include I hope all Republicans, wouldn’t sign on to this,” says Berin Szoka, president ofTechFreedom, a free-market think tank that’s a coalition member.
Szoka adds: “This is about the most basic values of America. The search warrant requirement is and always has been the crown jewel of America’s civil liberties. I’m disappointed not to see more Republicans taking on this fight.”
A related Senate location privacy proposal, introduced in June by Sen. Ron Wyden (D-Ore.), was slightly weakened to attract Republican support. (Wyden’s proposal addresses only location-tracking, including warrantless cell phone tracking, not cloud computing and the other principles embraced by the coalitionn.)
The final version of Wyden’s bill deleted about nine pages of text that would have curbed foreign intelligence location collection. But it also gained a conservative Republican supporter in the form of Rep. Jason Chaffetz of Utah.
This week, Sen. Mark Kirk, an Illinois Republican, announced he was signing on to Wyden’s bill.
“The technological advancements we’ve seen in the past 25 years have revolutionized the way we live our lives, but unfortunately surveillance protections have not kept pace,” Kirk said. “It’s time our digital privacy laws go Back to the Future for a sorely needed update.
Marc Rotenberg, director of the Electronic Privacy Information Center, which is not a member of the coalition, warns that the groups involved in the effort may be inadvertently savaging a law that’s still quite valuable.
“Updating the law? Yes. Trashing the law? No. If you want to trash a law, trash the Patriot Act,” Rotenberg says.
Rotenberg adds that he’s worried the coalition members’ strategy is based on “misunderstanding the law, trashing the law, and focusing only on government access,” instead of expanding it to address what companies can do with data as well. The coalition’s corporate members would, however, be unlikely to agree with additional regulations targeting Web companies.