House passes email privacy act, again

Image from 

Last year, the Email Privacy Act passed the House without opposition but stalled and died in the Senate. House members and privacy advocates are wondering if it will be any different this time.

On Feb. 6, the House again passed the Email Privacy Act by unanimous voice vote. The bill updates the 1986 Electronic Communications Privacy Act (ECPA) to clarify and expand search warrant regulations for law enforcement to compel service providers to turn over customer emails or other data on their servers.

The current law draws a distinction between emails residing on provider's systems, and those downloaded to the computer or device of an end user. The age of the email is also a factor.

Privacy organizations such as the Electronic Frontier Foundation have long pushed for legislation to increase email privacy.

House Judiciary Committee chairman Bob Goodlatte (R-Va.) urged the Senate to pick up the pace on the legislation.

"As the House again has overwhelmingly approved this bill, it's time for the Senate to take up this bipartisan legislation and send it to the President's desk to become law," he said in a statement.

Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa) said that those looking for quick moves on ECPA may be disappointed.

"We’ll certainly take a look at the bill again at some point, but it’s a tough road in the Senate," Grassley said. "Everyone agrees ECPA needs to be updated. But there was broad, bipartisan interest on our committee to modernize the law to also address law enforcement and national security equities in ways the House bill omits."

The legislation moves to the Senate just days after a court ruling that could color the debate.

On Feb. 3, 2017, a U.S. magistrate judge in Pennsylvania ruled that Google was required to turn over data held on its servers outside the U.S. that was the subject of Stored Communications Act warrants in criminal cases involving crimes committed in the U.S.

Google refused to comply with the warrants, citing a previous ruling by the Court of Appeals for the Second Circuit that said Microsoft was not required to turn over data in a criminal case because the data resided on a server in Ireland.

Grassley noted that the Microsoft ruling has "raised the stakes" for any move to pass ECPA because of the new limits on the ability of U.S. law enforcement to access data stored abroad.

Magistrate Judge Thomas J. Rueter of the Eastern District of Pennsylvania said the Google case was not governed by the Microsoft precedent.

"In contrast to the decision in Microsoft, this court holds that the disclosure by Google of the electronic data relevant to the warrants at issue here constitutes neither a 'seizure' nor a 'search' of the targets' data in a foreign country," Rueter wrote. "Electronically transferring data from a server in a foreign country to Google's data center in California does not amount to a 'seizure' because there is no meaningful interference with the account holder's possessory interest in the user data."

Google said it will appeal the ruling.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.