If you haven’t heard the name Rep. Zoe Lofgren before, prepare to become quite accustomed to it. Today Rep. Lofgren announced two new bills, both dealing technology issues, that could spark a more constructive debate on both privacy, and the security of Internet freedom.
Of course, the proposed laws are miles away from becoming policy, but they could be construed as hinting at a new direction of the winds of Washington. We’ll take a look at each in turn, briefly, and the sum what their existence might mean for both policy and the discussion on Capitol Hill concerning technology.
ECPA 2.0 Act
The Electronic Communications Privacy Act (ECPA), passed in 1986, deals with the protection of communication whilst in progress, and stored communication. However, as was recently demonstrated, it’s fantastically out of date. For example, any email that you have kept for longer than 180 days can be accessed by the police, provided that they promise that it is relevant to their investigation.
Why would that be? When the ECPA was passed, storage was expensive; who kept an email longer than six months? This is the sort of thing that outdates the ECPA heavily; technology has simply moved on.
To that end, unlike some bills out recently that patch the ECPA, Rep. Lofgren wishes to drastically alter it. Citing the fact that “U.S. law enforcement agencies made over 1.3 million demands to carriers for subscriber information in 2011,” the ECPA 2.0 Act would put into place four key ideas to protect individual privacy, while providing for access to information when it becomes critical.
From the Representative’s summary of her proposed bill, the four points:
1. The government should obtain a warrant before compelling a service provider to disclose an individual’s private online communications.
2. The government should obtain a warrant before it can track the location of an individual’s wireless communication device.
3. Before it can install a pen register or trap and trace device to capture real time transactional data about when and with whom an individual communicates using digital services (such as email or mobile phone calls), the government should demonstrate to a court that such data is relevant to a criminal investigation.
4. The government should not use an administrative subpoena to compel service providers to disclose transactional data about multiple unidentified users of digital services (such as a bulk request for the names and addresses of everyone that visited a particular website during a specified time frame). The government may compel this information through a warrant or court order, but subpoenas should specify the individuals about whom the government seeks information.
Gut check those rules, and ask yourself if they seem fair. Oddly, I suspect that there will be pushback; even patching the aforementioned email bug caused some to fret about hindering investigations. Those more concerned with theoretical prevention than functional privacy may find the above tenets to be onerous.
Rep. Lofgren views the four points as the application of the Fourth Amendment to digital realm. And, to make it palatable to those opposed to regulation, she went on to state that the ECPA 2.0 Act would “promote commercial growth in technology products and services” by cutting down on total compliance costs.
TNW needs to examine the text of the bill closely, but the general approach of this proposed law appears to be consistent with the protection of individual privacy, while preserving the reality that certain data needs to be accessed under limited circumstance.
Global Free Internet Act
If the ECPA 2.0 Act felt vaguely passable in the Congressional sense, the Global Free Internet Act is a touch more fantastic.
Leaning again on her own summary, Rep. Lofgren’s second bill would put together a ‘Task Force’ comprising heads of Federal agencies, several members that Congress nominates, and, I kid you not, “four U.S. persons who are not government employees nominated by the Internet itself.”
The point of the Task Force would be to play moderator on the Internet-policy discussion of the country. It would “hold public hearings, issue reports no less than annually, and coordinate the activity of the U.S. government to respond to threats to the Internet.” I have a more than sneaking suspicion that given that impotent mandate, it would accomplish little, and have an even smaller effect.
The ECPA 2.0 Act is something that I would very much like to see put to rigorous and exhausting debate on the floor of the House. It will not only sharpen the bill, but will also allow us watchers to run tally on who is on which side of the issue of updating outdated bills to fit modern realities.
The Global Free Internet Act I think is beyond repair. Unless it is rewritten in a way that allows for the proposed Task Force to have bite, it’s a waste of time.
That’s not why it matters, however. The Global Free Internet Act may be unfeasible, but it is unfeasible in the right direction. That’s progress. Instead of coming down as ridiculous on the wrong side of an issue [See: CISPA], this act will fail as it is too extreme the other way.
Put that under your lid and let it bubble.
Top Image Credit: Zoe Rudisill