Cisco Blogs

Cisco Blog > High Tech Policy

Time to reform ECPA

Recently, I wrote about the LEADS Act proposed by U.S. Senators Orrin Hatch (R-UT), Dean Heller (R-NV), and Christopher Coons (D-DE), which offers a thoughtful approach to a knotty problem—whether and how governments should be empowered to demand the production of data across sovereign national borders. Their bill suggests that with rare exceptions, governments should not have that authority. Instead, their legislation encourages the development and use of mechanisms for intergovernmental law enforcement cooperation. Their goal is to ensure that law enforcement can access information necessary to protect public safety without creating conflicts between national legal systems. Their bill also addresses another vitally important issue—reform of the Electronic Communications Privacy Act (ECPA).

Now that the midterm elections are behind us, Congress should quickly act to pass common sense ECPA reform legislation. Bills pending before the House and the Senate enjoy strong bipartisan support—and have also been widely endorsed across the entire community of technology providers, privacy scholars, and civil society. ECPA, which predates the advent of the public Internet, is now 25 years old. We should not let another year pass without upgrading the law to require a probable cause warrant whenever the government demands access to the contents of data and communications stored in the cloud.

When ECPA was passed by Congress and signed by President Reagan a quarter century ago, it represented a very forward-looking effort to ensure that electronic messages receive 4th Amendment protections. Some updates have been made over the years. However, the law is still built around core assumptions concerning online data storage that were more relevant in the era of the digital watch than of the smartphone. Changes are necessary to reaffirm the central principle upon which the original law was premised.  We should protect documents stored online against unwarranted intrusions by the government, just as we protect documents that exist in the physical world.

In 1986, cheap ubiquitous cloud-based storage for data and a world full of always on, always connected devices would have been in the realm of science fiction. Now it is our reality. The law should, therefore, also address the fact that data collected in the cloud creates a temptation for the government to demand access from a third party provider rather than directly from the owner.

The current text of the law assumes that data stored online for more than 6 months have essentially been abandoned and deserve fewer protections against governmental demands. Thankfully, most major cloud providers rely upon the reasoning from a U.S. Circuit Court of Appeals decision, which held that we do have a reasonable expectation of privacy in email we store online. It further held that the law as written is unconstitutional to the extent it enables searches without a probable cause warrant. We need to codify these rulings and make them the law of the land.

A legislative proposal to update ECPA penned by its original author, the Chairman of the Senate Judiciary Committee, Senator Pat Leahy (D-VT), would do just that. The bill, which is also co-sponsored by Senator Mike Lee (R-UT), would make three important changes to the current law. First, it would require warrants for content stored in the cloud. Second, it would require that the government notify account holders about warrants used to seize data stored in the cloud. Third, it would impose time limits on orders barring cloud service providers from notifying their customers that a warrant has been executed. A companion bill has won widespread bipartisan support in the House of Representatives under the leadership of Representatives Kevin Yoder (R-KS), Tom Graves (R-GA), and Jared Polis (D-CO). Their bill now has 270 co-sponsors, more than half the representation of the House of Representatives. 

Twenty-five years ago, Congress was forward-looking in passing legislation to protect electronic communications before public email even existed. Now, we need to make sure that legal protections keep up with the times so that we strike the right balance between privacy and security while also enabling innovative new technologies to grow.

Statement of Cisco General Counsel Mark Chandler on Nomination of Michelle K. Lee as Director of U.S. Patent and Trademark Office

On behalf of Cisco, let me congratulate President Obama on nominating Michelle Lee to be Director of the U.S. Patent and Trademark Office. Over the past year as Deputy Director, Michelle Lee has demonstrated that she has what it takes to oversee the Patent and Trademark Office. She’s already taken needed steps to cut the patent backlog, improve post-grant review and improve the examination process.  Once confirmed, she will ensure that the PTO continues to drive American innovation and is a place where all can turn for a fair hearing.  It is my hope that the Senate will confirm her nomination as quickly as possible.

A “Significant First Step” toward Legislative Reform of Cross-Border Governmental Demands for Data

Earlier this year, Cisco and Apple jointly filed an amicus brief supporting Microsoft in its appeal of a U.S. Federal Court decision requiring it to hand over customer data held in an Irish data center. In our filing, we made the case that the ruling should be overturned because it leaves companies in jeopardy of violating one country’s laws in order to comply with those of another.

As we wrote in the brief:

“The Magistrate’s analysis improperly ignores the interplay of foreign and domestic laws when determining whether the government can use a warrant to require a U.S. company to produce data about a non-U.S. citizen when the data is held by a foreign subsidiary and stored in a foreign location. Rather than ignoring foreign law, courts should examine possible conflicts of law, inquire into the weight of the U.S. government’s interest in each case, and determine whether those interests are sufficiently compelling to outweigh principles of international law, comity, sovereignty, and reciprocity, such that the government may circumvent U.S. treaty obligations.”

Today, Microsoft’s case continues to wind its way through the U.S. federal courts, and we won’t know the final disposition for some time. In the interim, global cloud providers are left with unanswered questions about how to reconcile potentially conflicting laws regarding data privacy and security.

Helpfully, several members of Congress are proactively seeking to address how the U.S. government should access customer data held overseas. This is a significant first step toward meaningfully addressing the underlying issue—whether and how governments should be capable of demanding access to data stored across national borders.

Legislation proposed by Senators Orrin Hatch (R-UT), Dean Heller (R-NV), and Chris Coons (D-DE) offers a new framework for striking the balance between the government’s need to investigate crime and the Constitution’s protections against unreasonable search and seizure in the context of a globally connected world.

Here’s how it would work.

The Law Enforcement Access to Data Stored Abroad (LEADS) Act would require a warrant when the government demands customer communications from third party service providers, and these warrants would only have the power to reach data stored in the U.S., unless it is owned by a U.S. corporation, citizen, or lawful permanent resident.

Data stored outside the United States not belonging to Americans or American companies, however, would not be subject to US government warrants and would instead require a mutual legal assistance treaty (MLAT) request to the country in which they are stored. At the same time, the legislation seeks improvements in these MLAT processes so that governments can get the information they need to protect their citizens against crime and terrorism in a timely fashion.

Finally, the bill attempts to identify particular, limited circumstances where the government should be able to directly compel production of documents from outside the United States.

In offering this legislation, Senators Hatch, Heller, and Coons have attempted to tackle an important international problem.  Their approach respects long held principles for obtaining information from third parties.  Just as in the physical world, the government should be expected to use mutual legal assistance treaties when it wants to compel production by a third party of documents stored in another country. This will help to avoid creating unnecessary conflicts of law. And just as in the physical world, the government should be required to get a search warrant from a neutral magistrate based upon a showing of probable cause when it seeks to seize documents in the hands of a third party storage provider located in the U.S.

Their approach builds upon commonsense, bipartisan legislation with widespread support from Senators Pat Leahy (D-VT) and Mike Lee (R-UT) and Representatives Kevin Yoder (R-KS), Tom Graves (R-GA), and Jared Polis (D-CO), as well as from the tech industry and privacy advocates.  Those bills would similarly require the US government to obtain a warrant when it seeks access to data stored in cloud facilities located within this country.

The security threats facing nations are real and significant, and governments need to be able to take steps to address these threats and protect their citizens against crime and terrorism. At the same time, we must update our laws so that they respect innovation and enable new technologies to grow.

Cisco and Junior Achievement Partner on STEM Mentoring Event in RTP

Today, Cisco and Junior Achievement teamed up to host a Job Shadow Day as part of Cisco’s series of STEM mentoring events being held throughout the week. Fifty students from the Josephine Dobbs Clement Early College High School – a group of first generation college attendees, English as second language (ESL), and under-represented minorities and low-income students –participated in the day’s activities.

The event featured Rene Daughtry, Cisco Project Manager and Chairman of NCCU Advisory Council, who offered a keynote highlighted the job opportunities that the Internet of Everything will create for STEM professionals.

Throughout the day, students had the opportunity to participate in speed mentoring sessions,  tour the Technical Assistance Center,  experience TelePresence technology and learn about personal finance management during a Junior Achievement session lead by Cisco Finance employees.

This is part of a series of STEM mentoring events taking place all week at three of Cisco’s campuses – Richardson, Research Triangle Park, North Carolina, and Silicon Valley.  Nearly 200 students and 200 mentors will participate in these events.

For almost two-decades, Cisco has made it a top priority to build a talent pipeline prepared to meet the challenges of a modern economy and a workforce that generates the next wave of innovation. And by 2018, there will be 1.2 million open jobs in the United States in the fields that make up STEM.

Cisco invests in programs from kindergarten to college and beyond that are preparing a diverse generation of talent for careers in STEM and is a founding partner of US2020, an initiative that connects STEM professionals with girls and students from underserved communities from kindergarten through college. By 2020, Cisco has committed that 20% of our US employees will provide at least 20 hours of STEM mentoring per year.

Every student should have the opportunity to prepare themselves for the rapidly growing job opportunities in science, technology, engineering and math – and Cisco is committed to building the lifelong skills that will enable North Carolina’s youth to have careers in the workforce of tomorrow.

All in all, today’s event was terrific.  We had a great interaction with the students in each session.  Hopefully, we’ll see more than a few of them choose careers in STEM down the road. 

Cisco Announces $20,000 Grant 
for Girl Scouts’ GIRLS GO TECH Program

On behalf of Cisco, I’m pleased to announce that our company has awarded the Girls Scouts – North Carolina Coastal Pines a $20,000 community impact grant to help girls from underserved communities attend its award-winning GIRLS GO TECH program.  Every year, the GIRLS GO TECH program helps 350 North Carolina girls participate in science camp and robotics programs from Research Triangle Park and the surrounding area.

The GIRLS GO TECH program does an incredible job of opening the door to opportunities girls in the central and eastern North Carolina area.  Cisco is proud to partner with the Girl Scouts to help ignite a passion for robotics and computer science in girls across the Triangle.  Cisco has awarded the Girls Scouts – North Carolina Coastal Pines nearly $150,000 worth of cash and technology grants over the past decade.

The funds will help girls throughout central and eastern North Carolina to participate in two programs:

1.    The GIRLS GO TECH Science Camp, which provides middle school girls access to the science and computer labs at Meredith College, where they have the opportunity to complete computer-based workshops with Computer Science and other faculty at Meredith. The girls also take a number of field trips to technology-based businesses including Cisco, as well as NC State University where the girls engage in hands-on activities that allow them to explore technology and its many uses.  Many of the science workshops held on the Meredith campus will involve the use of technology (computers, advanced microscopes, etc.).

2.     The Girls Go Tech LEGO Robotics Program, which teaches girls how to use LEGO Education We-Do Robotics kits and LEGO Mindstorms technology (robot kits and software).

A recent Girl Scout survey shows, that after attending Science Camp, girls are 79% more excited about learning science, 85% better understand science and technology, 82% are interested in taking more science classes, and 67% show interest in a STEM (Science, Technology, Engineering, and Math) career.

Cisco’s Commitment to STEM

By 2018, there will be 1.2 million job openings in the United States in the fields that make up STEM — Science, Technology, Engineering, and Math.  However, without a major influx of talent, there will be an acute shortage of qualified applicants to fill these jobs.

Cisco is a founding partner of US2020, an initiative that connects STEM professionals with girls, under-represented minorities and low-income students from kindergarten through college. By 2020, Cisco has committed that 20% of our US employees will provide at least 20 hours of STEM mentoring per year.

As part of this commitment, Cisco also sponsored the US2020 City Competition, which challenged cities to develop innovative models for dramatically increasing the number of STEM professionals mentoring and teaching students through hands-on projects.  RTP was one of 7 national finalists of the City Competition, and was nationally recognized for its mentorship program.

The 21st Century workforce needs to develop a new set of skills to meet the challenges before our nation.  Other nations have already embraced the challenge and are moving toward building a digital workforce. The World Economic Forum ranks the United States 52nd in the quality of mathematics and science education and 27th among developed nations in the proportion of college students receiving undergraduate degrees in science or engineering.

For nearly two-decades, Cisco has made it a top priority to build a talent pipeline prepared to meet these challenges Cisco invests in programs from Kindergarten to College and beyond that are preparing a diverse generation of talent for careers in STEM.

Bottom line:  Cisco is pleased to support the Girls Go Tech Program and help encourage girls to develop a life long love for science, technology, engineering and math.