Texas set to enact nation’s strongest e-mail privacy bill

from arstechnica.com: Assuming that Texas Governor Rick Perry does not veto it, the Lone Star State appears set to enact the nation’s strongest e-mail privacy bill.
The proposed legislation requires state law enforcement agencies to get
a warrant for all e-mails regardless of the age of the e-mail.

On Tuesday, the Texas bill (HB 2268)
was sent to Gov. Perry’s desk, and he has until June 16, 2013 to sign
it or veto it. If he does neither, it will pass automatically and take
effect on September 1, 2013. The bill would give Texans more privacy
over their inbox to shield against state-level snooping, but the bill
would not protect against federal investigations.
The bill passed both houses of the state legislature earlier this year without a single “nay” vote.

This new bill, if signed, will make Texas law more privacy-conscious than the much-maligned 1986-era Electronic Communications Privacy Act
(ECPA). With the ECPA, federal law enforcement agencies are only
required to get a warrant to access recent e-mails before they are
opened by the recipient.

As we’ve noted many times before, there are no such
provisions in federal law once the e-mail has been opened or if it has
sat in an inbox, unopened, for 180 days.
In March 2013, the Department
of Justice acknowledged in a Congressional hearing that this distinction no longer makes sense and the DOJ would support revisions to ECPA.

A spokesperson for the governor, Courtney Ford, did not
immediately respond to Ars’ request to find out whether Gov. Perry plans
on signing the bill. The bill reads in part:

An authorized peace officer may require a provider of an
electronic communications service or a provider of a remote computing
service to disclose electronic customer data that is in electronic
storage by obtaining a warrant under Section 5A.

. . .
[A] district judge may issue a search warrant under this
section for electronic customer data held in electronic storage,
including the contents of and records and other information related to a
wire communication or electronic communication held in electronic
storage, by a provider of an electronic communications service or a
provider of a remote computing service described by Subsection (h),
regardless of whether the customer data is held at a location in this
state or at a location in another state. An application made under this
subsection must demonstrate probable cause for the issuance of the
warrant and must be supported by the oath or affirmation of the
authorized peace officer.
Nudging Washington

As if the ECPA wasn’t complicated enough, one United States
circuit court of appeals decided that federal authorities do need a
warrant before accessing e-mail. The case, known as United States v. Warshak,
has created a split as other circuits, including the United States
Supreme Court, haven’t yet taken up the issue. (Google has since taken
the public stance that it will follow the Warshak standard.)

Previously, Texas state law had language mirroring ECPA’s
existing 180-day requirement. Of course, ECPA remains federal law of the
land in Texas and in all the other 49 states. But civil libertarians
and legal experts hope that this may spur Washington, DC into passing
much-needed ECPA reform, which has languished for some time now.

“Privacy is a special thing in Texas—it goes to the core
values of Texas,” said Chris Soghoian, a senior policy analyst at the
American Civil Liberties Union.

“It’s always good to see states passing pro-privacy
legislation because it sends a signal to Congress. It sends a signal to
conservative members who might not yet be on board that this is
something being supported in their own states and it helps the courts to
see that this is a safe space to venture into. When cities and states
start protecting e-mail, then judges may feel like there is a reasonable
expectation of privacy.”

Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation (EFF), agreed.

“It is the first state legislature I’m aware of to change
the law this way,” he told Ars. “Other states are currently considering
similar legislation, including California—where EFF sponsored SB 467 recently passed the Senate 33-1 and is now being considered in the Assembly.”

“It’s significant proof that privacy reform is not only
needed but also politically feasible with broad bipartisan support,”
Fakhoury said. “Hopefully that will impact federal ECPA reform efforts
by getting people on both of sides of the political aisle to work
together to make meaningful electronic privacy reform a reality. The
more states that pass similar legislation, the more pressure it will put
on Congress to keep up with the changing legal landscape.”

Leave a Reply