Want CNET to notify you of price drops and the latest stories?

Leahy pledges no warrantless e-mail access for feds

Privacy groups cautiously applaud, but are concerned about a requirement that would force Internet companies to notify police before letting customers know they're under surveillance.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
4 min read
Sen. Leahy abandons his warrantless e-mail access proposal, saying he wants to "better protect privacy in the digital age."
Sen. Leahy abandons his warrantless e-mail access proposal, saying he wants to "better protect privacy in the digital age." U.S. Senate

Stripped of its controversial provision for warrantless e-mail acccess, Sen. Patrick Leahy's bill to rewrite electronic privacy and surveillance law will head for a vote on Thursday.

The Vermont Democrat said in a press release yesterday that his latest amendments to the bill will be privacy-protective. They no longer include language that would have allowed more than 22 agencies -- including the Securities and Exchange Commission and the Federal Communications Commission -- to access Americans' private e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant.

A CNET article last week disclosed the existence of Leahy's proposal for warrantless access. A public outcry followed, with the ACLU insisting upon a requirement for warrants and the conservative group FreedomWorks launching a petition to Congress, with nearly 8,000 messages sent so far, titled: "Tell Congress: Stay Out of My Email!"

Leahy, the chairman of the Senate Judiciary Committee, responded by abandoning his proposal and saying in a statement that he remained committed to protecting Americans' privacy rights. "I hope that all members of the Committee will join me in supporting the effort in Congress to update this law to protect Americans' privacy," he said.

With the warrantless access sections deleted in the reworked language (PDF) that Leahy posted yesterday, privacy groups and industry representatives are now more likely to support the revised proposal, due for a committee vote Thursday. The proposal, a substitute for H.R. 2471, which has already cleared the House of Representatives, generally requires law enforcement to obtain search warrants for the contents of e-mail, photos, documents, and other private files.

It "protects the central privacy provision that we put forward," says Christopher Calabrese, legislative counsel for the ACLU.

The ACLU is part of a liberal-conservative-libertarian coalition aligned with technology companies to push for updates to the 1986 Electronic Communications Privacy Act that would require search warrants for police searches of e-mail and other private data stored on remote servers. They also want a requirement for warrants before police can track the locations of Americans' cell phones.

At the moment, Internet users enjoy more privacy rights if they store data on their hard drives or under their mattresses than in the cloud. Many companies fear this legal loophole could undermine faith in cloud-based services. And that's one big reason Apple, Amazon.com, AT&T, eBay, Google, Facebook, IBM, Intel, Microsoft, and Twitter have joined what they call the Digital Due Process coalition.

Leahy has, however, retained (PDF) some other sections of his revised draft that, as CNET reported last week, moved in a more pro-law enforcement direction.

One section says providers "shall notify" law enforcement in advance of any plans to tell their customers that they've been the target of a warrant, order, or subpoena. Another allows police to delay that notification for two 180-day periods -- up from two 90-day periods in the original bill.

Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, said Leahy's revised version is certainly "an improvement over the language" that CNET posted last week.

But, Fakhoury added: "I'm less thrilled about extending the delayed notification provisions.... People have a right to know when the government has looked through their electronic communications, and the sooner they find out, the better."

The ACLU's Calabrese also expressed concerns. "We're a little worried that if companies essentially have to notify law enforcement before they tell customers, it may lead to fewer notifications to customers," he said.

One person participating in Capitol Hill meetings on this topic has told CNET that Justice Department officials were unhappy about Leahy's original bill unveiled in September. The department is on record as opposing warrant requirements -- James Baker, the associate deputy attorney general, has publicly warned that requiring a warrant to obtain stored e-mail could have an "adverse impact" on criminal investigations, a position that apparently conflicts with that of the National District Attorneys' Association.

Leahy, a former prosecutor, has a mixed record on privacy. He criticized the FBI's efforts to require Internet providers to build in backdoors for law enforcement access, and introduced a bill in the 1990s protecting Americans' right to use whatever encryption products they wanted.

But he also authored the 1994 Communications Assistance for Law Enforcement Act, which is now looming over Web companies, and the reviled Protect IP Act. A article in The New Republic concluded Leahy's work on the Patriot Act "appears to have made the bill less protective of civil liberties." Leahy had introduced significant portions of the Patriot Act under the name Enhancement of Privacy and Public Safety in Cyberspace Act (PDF) a year earlier.