The Senate Judiciary Committee held a closely watched hearing Wednesday on reforming the Electronic Communications Privacy Act (ECPA), attended by a host of government officials, privacy advocates and industry representatives. On one thing there was general consensus: The nearly 30-year old statute must be reformed. However, it also became clear during the nearly three-hour hearing that the devil is in the details—and that devil may continue to hit the breaks on much-needed reform.

Instead of reporting on the myriad debates that reared their heads during the hearing, though, it may be illustrative to focus on just one back-and-forth to demonstrate the complexity of ECPA reform. (If you are hungry for more reporting on yesterday's hearing, I've put together some suggested reading below.)

The first panel featured representatives from the Department of Justice, the Securities and Exchange Commission and the Federal Trade Commission (FTC), all of whom expressed concerns with the current legislative proposals reforming ECPA. Daniel Salsburg, who serves as FTC Chief Counsel in the agency’s Bureau of Consumer Protection’s Office of Technology, Research and Investigation, testified that the agency is concerned its civil authority could be hampered if proposed legislation passes muster.

To be clear, the FTC “supports the objectives of ECPA reform,” Salsburg testified, but “the FTC is concerned that recent proposals could impede its ability to obtain certain information from ECPA service providers in future cases.”

Here’s why: Under the current ECPA regime, the FTC can compel ECPA service providers to produce a customer or subscriber’s content “with notice or delayed notice,” but a 2010 Sixth Circuit Court decision—United States v. Warshak—“held that the Fourth Amendment bars warrantless access to email content held by an ECPA service provider.” The FTC has decided not to use its authority granted under ECPA to compel such disclosures, but Salsburg points out in his testimony that current legislative proposals would mandate that government receive a criminal warrant to obtain content—an avenue not available to the agency.

As a result, Salsburg laid out a three-part FTC wish list for legislators reforming ECPA to consider: provide civil law enforcement agencies with a the ability to “obtain previously public commercial content that advertises or promotes a product or service”; compel a ECPA service provider to disclose content data with a customer’s consent and, if the latter fails, have the ability to obtain a court order compelling the provider to hand over the target’s data.

The need for a criminal warrant would “create some obstacles in future civil law enforcement cases,” Salsburg stated, “including those against fly-by-night scammers and especially those based abroad” or those who refuse CID or discovery requests. As a fix, the FTC calls for a “judicial mechanism” that would provide the agency with access in such cases.

But not everyone in the FTC agrees with that latter proposal.

 

Concurrent with Salsburg’s testimony, FTC Commissioner Julie Brill, herself a former Attorney General in Vermont, released a statement dissenting from part of the official FTC testimony. Brill is concerned about the third part of Salsburg’s three-pronged wish list, or, more specifically, Part II.C of his written testimony on gaining a judicial mechanism. Brill wrote that such authority is not necessary for the FTC to be effective. “I am also concerned,” she wrote, “that a judicial mechanism for civil law enforcement agencies to obtain content from ECPA providers could entrench authority that has the potential to lead to invasions of individuals’ privacy” and could potentially be unconstitutional.

Brill argues the agency has a host of alternative mechanisms to be effective in its pursuance of scammers and bad actors, but, perhaps most importantly to her, privacy of individuals’ electronic content is paramount. She said the costs for the agency to concentrate its authority here “is real.” She continues: “Fundamentally, I believe that individuals’ privacy interests extend to what they store and send online. I simply am not convinced that a judicial mechanism enabling civil law enforcement agencies to order ECPA-covered providers to turn over content will provide the safeguards against government intrusion to which individuals are entitled.”

Boiled down, ECPA reform is extremely complex, and, by focusing here on just one agency, it’s clear that a discussion and debate around those devilish details will continue. At this stage, if the FTC isn’t even on the same page with itself on ECPA reform, Congressional backing may be quite a ways away.

For further reading on yesterday's hearing:

  • The National Journal and USA Today each provide a solid overview and description of the tension between the Obama administration and tech companies.
  • The Daily Dot also delves into the FTC's testimony and reaction from several privacy and tech advocates.
  • For more on Google's strong reaction against arguments made Wednesday by the DoJ, SEC and FTC, check out The Hill's coverage here.
  • A Reuters report focuses on the SEC's arguments against portions of the current ECPA reforms.
  • And Sens. Mike Lee (R-UT), Patrick Leahy (D-VT) together with Reps. Kevin Yoder (R-KS) and Jared Polis (D-CO), the lawmakers behind the Senate and House ECPA reform companion bills, took to the op-ed page of The Hill to advocate for ECPA reform.