Technology

Bill requiring warrant for emails takes step forward in the House

The House Judiciary Committee on Wednesday approved a bill to protect the private emails of Americans from the government, marking a small step forward for one of the most widely supported bills in Congress. 

The committee, on a unanimous 28-0 vote, approved the Email Privacy Act, which would require that law enforcement obtain a warrant before forcing a technology company to hand over a customer’s emails or other electronic communications, no matter how old they are.  

{mosads}The authors of the bill are hopeful that the committee vote will start a push to get the bill to the president’s desk this year. But success is not assured in a tight election-year schedule, especially when law enforcement and civil agencies still have problems with the legislation.

“I’m confident we’ll find a place to put it — whether it is a stand-alone measure or not,” said Rep. Jared Polis (D-Colo.), who helped author the bill with Rep. Kevin Yoder (R-Kan.).

The original bill accumulated 314 co-sponsors in the few years it has languished in committee, but it went through a series of small changes offered by Chairman Bob Goodlatte (R-Va.) ahead of the vote. Privacy advocates accused him of dragging his feet on taking up the bill up until now.

When asked when the bill could hit the House floor, Goodlatte said, “I would think soon, but we don’t have a date yet.”

Some groups that pushed hard for reform said the amendments were an unnecessary sacrifice because of the bill’s already widespread support. However, they agreed to the changes to move the bill forward.

“The changes reflect current practices: [Department of Justice] and FBI policies already require law enforcement officials seeking content to obtain a search warrant and many service providers will not relinquish their users’ content without one,” a group of dozens of tech companies and privacy advocates said. 

The main warrant protections in the amended bill remain intact. The bill closes off a loophole in the Electronic Communications Privacy Act (ECPA) that allowed the government to require a technology company to hand over a customer’s email with a subpoena, rather than a warrant, when they are more than 180 days old.

Those subpoena powers have not been used in years after a 2010 court decision that cast doubt on the constitutionality of the power. But privacy advocates have looked to completely wipe it from the books.

The biggest change in Goodlatte’s substitute amendment removes a provision that would have required the government to notify targets of an ECPA warrant after their emails are handed over. Technology companies who are served the warrant can still inform their customers. 

Civil regulators like the Federal Trade Commission and the Securities and Exchange Commission had asked for an exemption allowing them to obtain customer emails without a criminal warrant. Those warrants are unavailable to them in purely civil cases. 

“This committee quickly reached consensus that those proposals were unworkable, unconstitutional and sometimes both,” ranking Judiciary Democrat John Conyers Jr. (Mich.) said. 

Goodlatte also chose not to add a provision that would mandate technology companies hand over emails without a warrant in an emergency. Currently, technology companies have the option to — and frequently do — voluntarily hand over the information during those kinds of situations. 

Reps. Zoe Lofgren (D-Calif.) and Jason Chaffetz (R-Utah) have wanted the warrant requirement to apply to customers’ geolocation information as well. That amendment was not taken up, but Goodlatte promised a hearing on the legislation later this year or early next year.