Cisco has long supported updating the Electronic Communications Privacy Act (ECPA) to better protect customer data and communications stored with third-party providers against unwarranted searches and seizures. We, therefore, applaud the unanimous voice vote in the U.S. House of Representatives to pass the Email Privacy Act (H.R. 387) introduced by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO).
This bipartisan legislation would require the government to obtain a probable cause warrant before demanding access to customer data in the cloud. We firmly believe that data stored in the cloud must receive equivalent legal protections against search and seizure to those accorded physical papers and electronic data stored on premises.
We firmly believe that data stored in the cloud must receive equivalent legal protections against search and seizure to those accorded physical papers and electronic data stored on premises.
In a groundbreaking decision dating back to 2010, a United States Court of Appeals held that the current statute is unconstitutional to the extent it allows the government to seize the contents of emails from a service provider without a warrant. Cisco and most other major cloud providers adhere to this position. We require warrants from law enforcement before acceding to demands for the contents of our customers’ communications. However, the text of the law requires updating to enshrine these greater protections into the U.S. code. The Email Privacy Act would accomplish this goal.
ECPA was forward thinking at the time of its original passage in 1986. It now requires an update because its development has been outpaced by technology. More than 30 years ago—long before the advent of the public Internet—it perhaps made sense to assume data left in third-party storage for more than 6 months might deserve some lower level of protection against government intrusions. Now, in a world where we treat ubiquitous cloud-based storage as a natural extension of our homes and offices, this distinction does not make sense.
U.S. Supreme Court Chief Justice Roberts wrote in the Riley v. California decision concerning police searches of cell phones incident to an arrest: “[c]ell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference. Moreover, the same type of data may be stored locally on the device for one user and in the cloud for another.”
It is, therefore, clear the Fourth Amendment’s requirement that “[t]he right of the people to be secure, in their persons, houses, papers, and effects, against unreasonable searches and seizures” must include not only physical papers but also their digital equivalents. It must protect not only communications stored on our persons and in our homes, but also the natural extensions of those places enabled by the connectivity that drives our economy and powers our modern world. The government should obtain a warrant when seeking access to communications regardless of whether they are stored in mobile devices we carry or in the cloud that powers them.
Cisco, therefore, welcomes the House passage of the Email Privacy Act. We are committed to working with the co-sponsors, like-minded private sector peers, and advocates from civil society to speed this legislation’s passage into law.