On June 14, 2013 Texas Governor Rick Perry signed into law, HB2268, a bill requiring Texas law enforcement officials to obtain a warrant before accessing email and other communications content. The legislation, which goes into effect in September, gives Texas the strongest email privacy law in the United States. The bill fixes a defect in Texas law that derived from the 1986 federal Electronic Communications Privacy Act (ECPA) that allows email older than 180 days to be obtained without a warrant. ECPA sets a privacy floor – states can provide additional protections and that’s what Texas just did.
Why all the fuss?
When it comes down to it, it’s a matter of trust, and when I say trust I mean economics. With the global cloud computing industry expected to reach explosive growth, economic prosperity is at stake. If individuals and companies cannot ensure the privacy of their data in the cloud; they simply won’t put it there. And that means the growth of cloud computing will be significantly curtailed, ultimately affecting jobs and the economy, not just in the United States but around the globe.
A template for the nation
The Texas legislation is significant; in fact it passed both the Texas House of Representatives and the Texas Senate without a single nay vote! When it comes down to it, legislators in Texas determined that a vote for privacy is a vote for prosperity – and that’s just hard to argue with. The Texas bill should be used as a template for all states to make their own statements on behalf of prosperity.
Will the federal government catch up?
A new bill (S. 607) to amend the United States Electronic Communications Privacy Act (ECPA) is in the works, introduced by U.S. Senators Leahy (D-VT) and Lee (R-UT). Basically, S.607 would require all U.S. state and federal law enforcement (but not the CIA or NSA) to obtain a warrant, after showing “probable cause,” to obtain the “content” of any electronic communication.
Is the federal amendment to ECPA enough?
The U.S. Congress is considering a request by the SEC for an exception that would allow it and all other federal regulatory agencies including the IRS to access electronic communications with a rubber-stamp order. It wants to compel service providers (data centers, telecommunications companies, cloud services providers, etc.) to disclose their users’ content directly to federal regulatory agencies without a warrant. This causes a serious trust issue, and as previously stated that translates into an economic issue. Why? Because the service provider would surrender ALL files in the target account, including those that are irrelevant to the subject of the investigation, denying businesses their right to safeguard privileged information, and bypassing every consumer’s right to oppose or limit the government’s right of access.
What is ECPA anyway?
The United States Electronics Communications Privacy Act (ECPA) was enacted in 1986, when we lived in a very different electronic world than today; the “public” Internet did not even exist. The primary purpose for ECPA was to address the then-new communications technologies and services and govern how law enforcement could obtain information about “oral,” “wire” and “electronic” services, which at the time mostly consisted of bulletin boards and walled-garden portals. WebMail as we know it now did not exist and there were no cloud-based storage services. For more on ECPA read this.
What can we do TODAY to protect our privacy?
Legislation like ECPA can help protect our privacy but it is not enough. Golden Frog believes in encryption and developed products like VyprVPN to help preserve an open and secure Internet experience while respecting user privacy. VyprVPN is used in more than 215 countries around the globe by people that share our belief that encryption helps protect privacy. Golden Frog also believes in due process of law and complies with law enforcement requests that are backed by the appropriate warrants.
Ron Yokubaitis, co-CEO, Golden Frog