Electronic Communications Privacy Act

The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer ( et seq.), added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act (SCA, et seq.), and added so-called pen trap provisions that permit the tracing of telephone communications ( et seq.). ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Statute), which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).

Overview
"Electronic communications" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptic system that affects interstate or foreign commerce, but excludes the following:
 * Wire or oral communication
 * Communication made through a tone-only paging device
 * Communication from a tracking device (as defined in section 3117)
 * Electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds

Title I of the ECPA protects wire, oral, and electronic communications while in transit. It sets down requirements for search warrants that are more stringent than in other settings. Title II of the ECPA, the Stored Communications Act (SCA), protects communications held in electronic storage, most notably messages stored on computers. Its protections are weaker than those of Title I, however, and do not impose heightened standards for warrants. Title III prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing, and signaling information used in the process of transmitting wire or electronic communications without a court order.

History
The law was first brought to attention after the Captain Midnight broadcast signal intrusion, where electrical engineer John R. MacDougall hacked into the HBO signal on April 27, 1986.

As a consequence, this act was passed. This act also made satellite hijacking a felony.

Provisions
The ECPA extended government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer ( et seq.), added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act ( et seq.), and added so-called pen/trap provisions that permit the tracing of telephone communications ( et seq.).

provides for gag orders which direct the recipient of a pen register or trap and trace device order not to disclose the existence of the pen/trap or the investigation.

Employee privacy
The ECPA extended privacy protections provided by the Omnibus Crime Control and Safe Streets Act of 1968 (of employers monitoring of employees phone calls) to include also electronic and cell phone communications. See also Employee monitoring and Workplace privacy.

Case law
Several court cases have raised the question of whether e-mail messages are protected under the stricter provisions of Title I while they were in transient storage en route to their final destination. In United States v. Councilman, a U.S. district court and a three-judge appeals panel ruled they were not, but in 2005, the full United States Court of Appeals for the First Circuit reversed this opinion. Privacy advocates were relieved; they had argued in amicus curiae briefs that if the ECPA did not protect e-mail in temporary storage, its added protections were meaningless as virtually all electronic mail is stored temporarily in transit at least once and that Congress would have known this in 1986 when the law was passed. (see, e.g., RFC 822). The case was eventually dismissed on grounds unrelated to ECPA issues.

The seizure of a computer, used to operate an electronic bulletin board system, and containing private electronic mail which had been sent to (stored on) the bulletin board, but not read (retrieved) by the intended recipients, does not constitute an unlawful intercept under the Federal Wiretap Act, 18 U.S.C. s 2510, et seq., as amended by Title I of ECPA. Governments can actually track cell phones in real time without a search warrant under ECPA by analyzing information as to antennae being contacted by cell phones, as long as the cell phone is used in public where visual surveillance is available.

In Robbins v. Lower Merion School District (2010), also known as "WebcamGate", the plaintiffs charged that two suburban Philadelphia high schools violated ECPA by remotely activating the webcams embedded in school-issued laptops and monitoring the students at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.

Criticism
ECPA has been criticized for failing to protect all communications and consumer records, mainly because the law is so outdated and out of touch with how people currently share, store, and use information.

Under ECPA, it is relatively easy for a government agency to demand service providers hand over personal consumer data stored on the service provider's servers. Email that is stored on a third party's server for more than 180 days is considered by the law to be abandoned. All that is required to obtain the content of the emails by a law enforcement agency is a written statement certifying that the information is relevant to an investigation, without judicial review. When the law was initially passed, emails were stored on a third party's server for only a short period of time, just long enough to facilitate transfer of email to the consumer's email client, which was generally located on their personal or work computer. Now, with online email services prevalent such as Gmail and Hotmail, users are more likely to store emails online indefinitely, rather than to only keep them for less than 180 days. If the same emails were stored on the user's personal computer, it would require the police to obtain a warrant first for seizure of their contents, regardless of their age. When they are stored on an internet server however, no warrant is needed, starting 180 days after receipt of the message, under the law. In 2013, members of the U.S. Congress proposed to reform this procedure.

ECPA also increased the list of crimes that can justify the use of surveillance, as well as the number of judicial members who can authorize such surveillance. Data can be obtained on traffic and calling patterns of an individual or a group without a warrant, allowing an agency to gain valuable intelligence and possibly invade privacy without any scrutiny, because the actual content of the communication is left untouched. While workplace communications are, in theory, protected, all that is needed to gain access to communiqué is for an employer to simply give notice or a supervisor to report that the employee's actions are not in the company's interest. This means that, with minimal assumptions, an employer can monitor communications within the company. The ongoing debate is, where to limit the government's power to see into civilian lives, while balancing the need to curb national threats.

In 2011, The New York Times published "1986 Privacy Law Is Outrun by the Web", highlighting that: "...the Justice Department argued in court that cellphone users had given up the expectation of privacy about their location by voluntarily giving that information to carriers. In April, it argued in a federal court in Colorado that it ought to have access to some e-mails without a search warrant. And federal law enforcement officials, citing technology advances, plan to ask for new regulations that would smooth their ability to perform legal wiretaps of various Internet communications." The analysis went on to discuss how Google, Facebook, Verizon, Twitter and other companies are in the middle between users and governments.