The Electronic Communications Privacy Act (ECPA) Amendments of 2011 (25-page /62KB PDF) proposes to supersede the existing ECPA law, which was passed in 1986. The Bill promises enhanced privacy protection and wants to restrict the ease with which the US Government can obtain personal information from telecoms companies.
"The disclosure of the content of email and other electronic communications by an electronic communications, remote computing, or geolocation information service provider to the Government is subject to one legal standard -- a search warrant issued based on a showing of probable cause," a summary of the Bill says.
"The provision also requires that the Government notify the individual whose account was disclosed, and provide that individual with a copy of the search warrant and other details about the information obtained, within three days," the summary says.
The Bill allows the Government to apply to court to delay the notice period up to 90 days and allows the Government to seek further extension to this delay. It also allows the Government to delay telling someone that they have accessed their personal details if it endangers national security.
Information already in the public domain, such as that posted on a blog or a website, can be accessed by the Government, the summary says. The Government can also obtain the information through a witness summons, the summary says.
"The Government may use an administrative or grand jury subpoena in order to obtain certain kinds of electronic communication records from an electronic communications service provider, including customer name, address, session time records, length of service information, subscriber number and temporarily assigned network address, and means and source of payment information," the Bill summary says.
Geolocation data stored on mobile devices and applications that can reveal where a person has been and when cannot be accessed without a warrant or court order, according to the Bill summary.
"The provision requires that the Government obtain either a search warrant or a court order under the Foreign Intelligence Surveillance Act, to access or use an individual’s smartphone or other electronic communications device to obtain geolocation information," the summary says.
Senior law enforcement officers can authorise access to the information "during an emergency involving either, imminent danger, organised crime, or an immediate threat to national security," although the Government must still obtain a search warrant sanctioning the access within 48 hours. A court may suppress evidence found in the information if no search warrant is obtained, the Bill summary says.
Digital rights lobby group the Electronic Frontier Foundation (EFF) said it "applauded" the Bill but said it was worried that the Government would not have to convince courts that it has reasonable belief someone has committed a crime in order to access historical geolocation data.
"Although it clearly would require a warrant for ongoing tracking of your cell phone, it would also and unfortunately preserve the current statutory rule allowing the Government to get historical records of your location without probable cause," a statement on the EFF website said.
A search warrant or court order is also required if the Government wants to obtain real-time information from service providers about the current location of a person, the Bill summary says.
The amendments would also "prohibit" telecoms companies from "voluntarily disclosing the contents of its customer's emails or other electronic communications to the Government". Under current law there are exceptions where companies are permitted to disclose the information, including if the customer consents and if it is to address criminal activity.
Companies can volunteer personal data about customers if it is "pertinent to addressing a cyberattack," on a network that connects to the Government or a third-party, the Bill summary says.
The FBI is allowed to obtain identifiable information about customers from telecoms companies for counterintelligence purposes, the Bill summary says.
"The following records are subject to the new provision: name; address; session time and duration; length of service and types of service; telephone or instrument number, or identity; and dialing, routing, addressing and signalling information," the Bill summary says.
The Bill was introduced by Senator Patrick Leahy who said amendments were "essential" to address technological developments.
"Updating this law to reflect the realities of our time is essential to ensuring that our Federal privacy laws keep pace with new technologies and the new threats to our security," Leahy said in an introduction to the ECPA amendments.
Leahy is the Chairman of the Senate Judiciary Committee, which held hearings in September 2010 and April 2011 to explore how best to reform ECPA.