Tech giants want new privacy law
Microsoft and Google are among the leading players in a new alliance wanting to make it more difficult for the US government to monitor cloud-based personal data.
A group of technology companies and advocacy groups has come together in the US to push for an update to the country's 25-year-old digital privacy laws.
The Digital Due Process alliance contains the likes of Microsoft, Google, eBay, Amazon and the ACLU, and says its aim is to modernise the Electronic Communications Privacy Act (ECPA), a 1986 piece of legislation that the coalition says cannot possibly provide citizens with adequate protection in today's world.
"Originally designed to protect us from unwarranted government intrusion while ensuring that law enforcement had the tools necessary to protect public safety, it was written long before most people had heard of email, cell phones or the 'cloud' - the term used for programs helping people store personal data like photos and documents online," Google senior counsel Richard Salgado wrote in a blog post.
The alliance said it is currently far too easy for the government to access private data over cloud-based services, and according to Google wants to modernise the ECPA in four ways to address the issue.
Firstly, it said data stored online needs to be better protected, with the government having to get a search warrant before it can obtain any private communications or documents stored online.
Secondly, it also wants location privacy to be protected, requiring the government to get a warrant before it can track the location of your mobile phone or other mobile communication device.
It called for better protection against monitoring when and with whom you communicate. Under the alliance's proposals, the government will have to convince a court that the data it seeks is relevant and material to a criminal investigation before it gets the green light to monitor when and with whom you communicate using email, instant messaging, text messaging and other digital communication methods.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Finally, the alliance is seeking stronger protection against bulk data requests, where the government must demonstrate to a court that the information it seeks is required for a criminal investigation before it is able to obtain data about an entire class of users.
At present, unless it is encrypted only a judge-approved subpoena is required for the government to search a suspect's online data, with the rules for obtaining a subpoena far looser than those for a full search warrant.
However, Digital Due Process argued that searching someone's digital property should be no different to their physical property, and should be subject to the same procedures, something the existing legislation doesn't ensure.
"Technology has advanced dramatically since 1986, and ECPA has been outpaced," the alliance's website said. "The statute has not undergone a significant revision since it was enacted in 1986 light years ago in internet time.
"As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today's digital communication services may no longer be adequately protected."
Although any debate on updating the ECPA is likely to be a long one, the Digital Due Process alliance's principles are already drawing support from some politicians. Senator Patrick Leahy of Vermont has issued a statement of support, agreeing that "our federal electronic privacy laws are woefully outdated".