On Feb. 25, 2016, the House Judiciary Committee headed by Chairman Bob Goodlatte (R-Va.) will hold a hearing on “International Conflicts of Law Concerning Cross Border Data Flow and Law Enforcement Requests.”
It is long overdue. The hearing is also necessary put Congress in the driver’s seat in the making of electronic privacy policy as the U.S. Constitution intended.
The American Revolution was sparked by colonial opposition to hated British Writs of Assistance that indiscriminately encroached on privacy without good cause.
Until recent decades, Congress marched to that privacy drummer.
Congress enacted the Privacy Act of 1974 to remedy executive branch abuses. Among other things, it prohibits the FBI from collecting information about the exercise of First Amendment rights in 5 U.S.C. 552(a)(e)(7).
Congress enacted the Right to Financial Privacy Act of 1978 to protect the confidentiality of personal financial records by creating statutory Fourth Amendment protection for bank records. The act reversed the U.S. Supreme Court’s 1976 ruling in United States v. Miller, where the court found that bank customers had no legal right to privacy in financial information held by financial institutions.
As regards electronic privacy, in contrast, Congress has slumbered for 30 years since the Electronic Communications Privacy Act of 1986 (ECPA). In the meantime, unforeseeable electronic privacy concerns have arisen which were unaddressed by a statute born when the Internet was in its horse-and-buggy stage. The federal judiciary and the executive have been fashioning rules for this electronic terra incognita while Congress has slept.
This is unacceptable.
The executive branch subordinates privacy to even speculative law enforcement or intelligence needs. That proclivity gave birth to the post-9/11 NSA warrantless terrorist surveillance program and the ongoing limitless collection of intelligence under Executive Order 12333 with no congressional oversight.
The judicial branch is ill-equipped to develop electronic privacy policy because judges are generally clueless about the technical operations of the global Internet and are backward-looking because of the doctrine of stare decisis. As Justice Oliver Wendell Holmes additionally observed in 1913: “When twenty years ago a vague terror went over the earth and the word socialism began to be heard, I thought and still think that fear was translated into doctrines that had no proper place in the Constitution or the common law. Judges are apt to be naif, simple-minded men, and they need something of Mephistopheles. We too need education in the obvious — to learn to transcend our own convictions …”
Two cases illustrate the current executive branch-judicial duopoly over electronic privacy policy. A few days ago, the FBI convinced a magistrate judge to order Apple to write new software to overcome a password lock on a cellphone of one of the San Bernardino terrorists. The order rested on a law passed by the first Congress and signed by President George Washington 227 years ago—the All Writs Act.
In December 2013, the Department of Justice issued an extraterritorial search warrant in a narcotics investigation demanding that Microsoft deliver the contents of a customer’s email account stored in Dublin, Ireland. The department acted pursuant to the Stored Communications Act, a part of the 1986 ECPA. Microsoft resisted, and the dispute over the legality of extraterritorial search warrants is now pending in the United States Court of Appeals for the Second Circuit sub nom. In the Matter of a Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corporation.
Congress needs to supersede the executive-judicial duopoly over electronic privacy in the Age of the Internet. Article I, section 8, clause 3 of the Constitution empowers Congress to make electronic privacy policy in regulating interstate or foreign commerce. It should employ this power to prohibit the executive from extraterritorial search warrants for at least three-fold reasons.
Privacy is the default position of the Fourth Amendment if the government is unable to demonstrate a compelling law enforcement or intelligence need. The executive has failed to prove that extraterritorial search warrants seeking stored electronic information would be more than a trivial addition to its already formidable law enforcement arsenal, i.e., it has not shown that even one non-trivial crime has escaped detection or prosecution because of the absence of extraterritorial search warrants.
Additionally, an extraterritorial search warrant precedent for electronic data could not be cabined. If the United States can compel companies located here to retrieve electronic information stored abroad, then China, Russia, or Iran can be expected to compel companies located within their respective boundaries to retrieve electronic information stored in the United States to persecute and prosecute dissidents. We would become complicit in human rights violations by our adversaries or enemies.
Finally, foreign customers would boycott cloud computing services offered by Microsoft or Google gmail accounts if they feared the United States government could gain access to their stored data or emails through extraterritorial search warrants. That would turn the congressional policies of the Buy America Acts on their heads, and precipitate a balkanization of electronic storage in a globalized electronic world.
Congress needs to follow the Feb. 25 hearing with long-headed electronic privacy legislation.
Please read our comment policy before commenting.