Believe it or not, it hasn’t even been two and a half years since Edward Snowden brought the privacy discussion to the forefront. All sorts of privacy concerns have finally come to light, including the revision of an almost thirty year old online law. The Electronic Communications Privacy Act or ECPA was created in 1986 to protect online privacy, but definitions have changed since then. Even in congress, there has been a push to update this law, much to the chagrin of the FTC.
The Federal Trade Commission is the organization charged with protecting our online privacy, but the commission as a whole is not happy with the idea of revising ECPA. Despite bi-partisan support, the FTC is worried they will not be able to do their jobs. They have offered a revision that still carves out protections for warrantless email seizure, depending on the case. The version offered by the FTC keeps the law mostly the same. Why is this law such a problem, you may ask?
First, a bit of history behind the ECPA and why this happened. The ECPA states that a user’s email is protected as long as it is under 180 days old. Anything older than that is considered fair game and companies could be compelled to turn over this information without any type of warrant. Keep in mind, when this rule act was created, people did not keep emails on the company’s servers, they downloaded them to clients on their local machine. In the early 2000s, webmail started to increase in popularity, with many services offering 4MB of storage. The ECPA still offered quite a bit of protection at that time.
The world changed in April 2004 when Google announced 1 GB of storage for their free webmail service. Others followed suit, and everyone started matching or exceeding the 1 GB offer. At that point, the public stopped deleting emails from their email accounts because they no longer had to. In fact, not being required to delete emails was often touted by the companies that offered the service.
Truly, it is no suprise that the FTC is dragging their feet in the face of real reform. They were not terribly happy about the end to end encryption practices that companies now offer, either. Perhaps in this case, they will have to use other methods of obtaining the information they seek. The bottom line is, this law should be revised to reflect the current digital community. Without a revision, the citizens might as well be living in a police state.