The American Revolution was sparked by colonial opposition to hated British Writs of Assistance that indiscriminately encroached on privacy without good cause.
Until recent decades, Congress marched to that privacy drummer.
Congress enacted the Privacy Act of 1974 to remedy executive branch abuses. Among other things, it prohibits the FBI from collecting information about the exercise of First Amendment rights in 5 U.S.C. 552(a)(e)(7).
Congress enacted the Right to Financial Privacy Act of 1978 to protect the confidentiality of personal financial records by creating statutory Fourth Amendment protection for bank records. The act reversed the U.S. Supreme Court’s 1976 ruling in United States v. Miller, where the court found that bank customers had no legal right to privacy in financial information held by financial institutions.
As regards electronic privacy, in contrast, Congress has slumbered for 30 years since the Electronic Communications Privacy Act of 1986 (ECPA). In the meantime, unforeseeable electronic privacy concerns have arisen which were unaddressed by a statute born when the Internet was in its horse-and-buggy stage. The federal judiciary and the executive have been fashioning rules for this electronic terra incognita while Congress has slept.
This is unacceptable.
The executive branch subordinates privacy to even speculative law enforcement or intelligence needs. That proclivity gave birth to the post-9/11 NSA warrantless terrorist surveillance program and the ongoing limitless collection of intelligence under Executive Order 12333 with no congressional oversight.
In December 2013, the Department of Justice issued an extraterritorial search warrant in a narcotics investigation demanding that Microsoft deliver the contents of a customer’s email account stored in Dublin, Ireland. The department acted pursuant to the Stored Communications Act, a part of the 1986 ECPA. Microsoft resisted, and the dispute over the legality of extraterritorial search warrants is now pending in the United States Court of Appeals for the Second Circuit sub nom. In the Matter of a Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corporation.
Privacy is the default position of the Fourth Amendment if the government is unable to demonstrate a compelling law enforcement or intelligence need. The executive has failed to prove that extraterritorial search warrants seeking stored electronic information would be more than a trivial addition to its already formidable law enforcement arsenal, i.e., it has not shown that even one non-trivial crime has escaped detection or prosecution because of the absence of extraterritorial search warrants.
Additionally, an extraterritorial search warrant precedent for electronic data could not be cabined. If the United States can compel companies located here to retrieve electronic information stored abroad, then China, Russia, or Iran can be expected to compel companies located within their respective boundaries to retrieve electronic information stored in the United States to persecute and prosecute dissidents. We would become complicit in human rights violations by our adversaries or enemies.
Finally, foreign customers would boycott cloud computing services offered by Microsoft or Google gmail accounts if they feared the United States government could gain access to their stored data or emails through extraterritorial search warrants. That would turn the congressional policies of the Buy America Acts on their heads, and precipitate a balkanization of electronic storage in a globalized electronic world.
Congress needs to follow the Feb. 25 hearing with long-headed electronic privacy legislation.