Computers, Privacy & the Constitution

View   r3  >  r2  ...
MayaWakamatsuFirstPaper 3 - 07 May 2022 - Main.MayaWakamatsu
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 9 to 9
 

1. Introduction

Changed:
<
<
It is said that the Electronic Communications Privacy Act (ECPA) has some issues because of the gap between the current circumstances of information technology and the provisions of ECPA (Orin S. Kerr, The Next Generation Communications Privacy Act, 162 U. PA. L. REV. 373, 384 (2014) https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1546&context=penn_law_review). The dichotomy adopted by ECPA since its enactment in 1986 may not be appropriate for the current situation.
>
>
It is said that the Electronic Communications Privacy Act (ECPA) has some issues because of the gap between the current circumstances of information technology and the provisions of ECPA (Orin S. Kerr, The Next Generation Communications Privacy Act, 162 U. PA. L. REV. 373, 384 (2014) https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1546&context=penn_law_review). The distinction between content information and non-content information and the distinction between real-time communications and stored communications under ECPA may not be appropriate for the current situation.
 

2. Issues on ECPA

Changed:
<
<
Under ECPA, content information and non-content information are separated and regulated separately. Non-content information is subject to lesser restrictions than actual content (https://epic.org/ecpa/). Under ECPA, non-content information -subscriber records or transactional details about communications- can generally be obtained without a warrant, pursuant to an administrative subpoena, whereas ECPA requires government agencies to obtain a warrant when they access to content information. Another dichotomy is the distinction between the acquisition of real-time communications and the acquisition of stored communications. Under the Stored Communications Act, the government is able to access to many kinds of stored communications without a warrant, whereas ECPA requires government agencies to obtain a warrant when they obtain real-time information. This was a meaningful distinction at the time of the enactment of the law, when there was little information stored, but today, with the spread of the Internet and low-cost or free storage services, a lot of data is stored on the provider's servers, and it is difficult to distinguish between them.
>
>
Under ECPA, (1) content information/non-content information and (2) real-time communications/stored communications are regulated separately.

2.1.Content Information in Remote Storage

Under ECPA, “a governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant.” (18 U.S.C. § 2703(a)) On the other hand, “a governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days” by a warrant (without required notice to a customer), a subpoena, or a court order (with prior notice to a customer) (18 U.S.C. § 2703(a)(b)).

2.2.Real-time Content Information

A wiretap order is required to obtain real-time content information (18 U.S.C. §2511), and a wiretap order is essentially a search warrant with special additional features unique to wiretaps.

2.3.Non-content Information in Remote Storage

Non-content information is subject to lesser restrictions than actual content (https://epic.org/ecpa/). Under ECPA, non-content information (subscriber records or transactional details about communications) can generally be obtained by “a court order” (18 U.S.C. § 2703(c)). Although the order is issued by a court, the court is not issuing a warrant based upon probable cause. Instead, § 2703(d) requires only that there be “specific and articulable facts showing that there are reasonable grounds to believe” that the records requested are “relevant and material to an ongoing criminal investigation.”

2.4.Real-time Non-content Information

An order is required to obtain real-time non-content information. The order is issued by courts based on a very low standard (18 U.S.C. § 3121). The requesting agent has to verify that information likely to be obtained will be “relevant to an ongoing criminal investigation” (18 U.S.C. § 3123(a)).

 

3. Possible Solutions

3.1. California Electronic Communications Privacy Act

Changed:
<
<
In contrast to ECPA, California Electronic Communications Privacy Act (CalECPA? ) provides stricter procedures. Except in emergencies when there is a threat to life or health, CalECPA? prohibits a government entity from compelling the production of, or access to, electronic communication information or electronic device information without a warrant. In addition, notice must be served upon or delivered to the identified targets of the warrant or emergency request (https://www.lawfareblog.com/so-whats-california-electronic-communications-privacy-act). For example, under CalECPA? , location-based information stored by cell phone companies is treated uniformly as a type of electronic facility information, regardless of whether it is stored in a third party's electronic facility or their personal electronic facility. State government departments must always request disclosure of location-based information stored by cellular phone companies with a warrant. In addition, the scope of the information sought and the nature of the research activities in which this information will be used must also be communicated to the identified targets of the warrant. CalECPA? applies only to California law enforcement officers, and it is clear that CalECPA? 's regulations are stricter than ECPA’s regulations concerning search on information. I believe that ECPA can fill the gap between the current circumstances of information technology and the provisions of the law by amending provisions to require government agencies to obtain a warrant when they access to non-content information or stored information.
>
>
In contrast to ECPA, California Electronic Communications Privacy Act (CalECPA? ) provides stricter procedures. Under CalECPA? , “a government entity may compel the production of or access to electronic communication information from a service provider, or compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device only under the following circumstances: (1) Pursuant to a warrant … (2) Pursuant to a wiretap order … (3) Pursuant to an order for electronic reader records pursuant to Section 1798.90 of the Civil Code. (4) Pursuant to a subpoena … provided that the information is not sought for the purpose of investigating or prosecuting a criminal offense… (5) Pursuant to an order for a pen register or trap and trace device, or both …” (California Code, Penal Code – PEN § 1546.1(b)). CalECPA? generally prohibits a government entity from compelling the production of, or access to, electronic communication information or electronic device information without a warrant or a wiretap order in criminal cases, with certain exceptions (e.g., emergency request). In addition, notice must be served upon or delivered to the identified targets of the warrant or emergency request (https://www.lawfareblog.com/so-whats-california-electronic-communications-privacy-act). For example, under CalECPA? , location-based information stored by cell phone companies is treated uniformly as a type of electronic facility information, regardless of whether it is stored in a third party's electronic facility or their personal electronic facility. State government departments must always request disclosure of location-based information stored by cellular phone companies with a warrant. CalECPA? 's regulations are stricter than ECPA’s regulations concerning search on information. I believe that ECPA can fill the gap between the current circumstances of information technology and the provisions of the law by amending provisions to require government agencies to obtain a warrant when they access non-content information or stored information.
 

3.2. Introducing Personal Servers at Home

Changed:
<
<
I believe that ECPA should be amended as above mentioned, but I would like to think about another way to protect our privacy. Nowadays, many people use services like email, calendar, and SNS which are provided for free by firms like Google, Apple, or Facebook. Their data is collected, stored, and surveilled by the firms. If the government searches on information stored in the firms without a search warrant, our privacy will be threatened. As above mentioned, with the spread of the Internet and low-cost or free storage services, a lot of data is stored on servers, it is difficult to distinguish between content information and non-content information, or between real-time communication and stored communication. If we introduce personal servers at home rather than giving our information to the firms, government agencies need a search warrant to access to our data on personal servers at home under the Fourth Amendment. In this way, we can protect our privacy from government agencies and private firms.
>
>
I believe that ECPA should be amended as above mentioned, but I would like to think about another way to protect our privacy. Nowadays, many people use services like email, calendar, and SNS which are provided for free by firms like Google, Apple, or Facebook. Their data is collected, stored, and surveilled by the firms. If the government searches on information stored in the firms without a search warrant, our privacy will be threatened. As above mentioned, with the spread of the Internet and low-cost or free storage services, a lot of data is stored on servers, it is difficult to distinguish between content information and non-content information, or between real-time communication and stored communication. If you introduce personal servers at home rather than giving our information to the firms, government agencies need a search warrant to access your data on a personal server at home under the Fourth Amendment, whereas a warrant may not be required under ECPA if your emails are stored in remote storage. You can have a private server (such as FreedomBox? (https://freedombox.org/) or a similar personal server) on your home computer, build a mail server on the personal server, and store your information in the personal and private storage, with the personal server located in your home rather than third party’s remote storage. The system will help to protect your computer network and information with the secure system. In this way, you can protect your privacy from government agencies and private firms.
 
Changed:
<
<

4. Conclusion

>
>

4. Conclusion

 In conclusion, I believe that we can protect our privacy by amending ECPA and introducing personal servers at home.
Deleted:
<
<
The explanation of the difficulties with mail left on IMAP servers is confusing, not to mention your discussion of metadata. In writing about a statute it's always a good idea to start from the text of the statute itself. You can then state concisely what's amiss and sh9w how the California Act models what might be done federally. (You don't explain why if it is both necessary and easy, it doesn't happen.)

You discuss the benefits of setting up a personal mail server, but you don't offer the reader show much as a reference about how to do it. Why don't you take the opportunity while you are here to learn how yourself, so that you can teach other people? If it's a good thing to do, why not do it?

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Revision 3r3 - 07 May 2022 - 01:03:32 - MayaWakamatsu
Revision 2r2 - 10 Apr 2022 - 17:38:33 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM